From: Thomas Hellstrom Date: Fri, 3 Jan 2014 10:17:18 +0000 (+0100) Subject: drm/ttm: Refuse to fault (prime-) imported pages X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=667a50db0477d47fdff01c666f5ee1ce26b5264c;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git drm/ttm: Refuse to fault (prime-) imported pages This is illegal for at least two reasons: 1) While it may work on some platforms / iommus, obtaining page pointers from mapped sg-lists is illegal, since the DMA API allows page pointer information to be destroyed in the sg mapping process. 2) TTM has no way of determining the linear kernel map caching state of the underlying pages. PTEs with conflicting caching state pointing to the same pfn is not allowed. TTM operations touching pages of imported sg-tables should be redirected through the proper dma-buf operations. Signed-off-by: Thomas Hellstrom Acked-by: Daniel Vetter --- diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c index cdda78458885..12d7f53b7c13 100644 --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c @@ -132,6 +132,15 @@ static int ttm_bo_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) return VM_FAULT_NOPAGE; } + /* + * Refuse to fault imported pages. This should be handled + * (if at all) by redirecting mmap to the exporter. + */ + if (bo->ttm && (bo->ttm->page_flags & TTM_PAGE_FLAG_SG)) { + retval = VM_FAULT_SIGBUS; + goto out_unlock; + } + if (bdev->driver->fault_reserve_notify) { ret = bdev->driver->fault_reserve_notify(bo); switch (ret) {