From: Chris Wilson Date: Wed, 20 Oct 2010 19:59:57 +0000 (+0100) Subject: drm/i915: Copy the updated reloc->presumed_offset back to the user X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=b5dc608c98d929abbf2fe932ed07b3c868d83342;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git drm/i915: Copy the updated reloc->presumed_offset back to the user If the userspace driver is using a constant relocation array with a static buffer, they will pass the same relocation array back to the kernel. So we *do* need to update the presumed offset value in those relocations to reflect the current object so that they remain correct with future batchbuffers and we avoid the necessity of having to suspend execution and perform redundant relocations. Fixes the regression introduced by 12f889c for applications using absolute addressing on trees of buffer (i.e. the current consumers of libdrm_intel.so). Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=30996 Reported-by: Wang, Jinjin Signed-off-by: Chris Wilson --- diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index 6e85496f9164..5041ebe3fdf9 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -3399,6 +3399,15 @@ i915_gem_execbuffer_relocate(struct drm_i915_gem_object *obj, iowrite32(reloc.delta, reloc_entry); io_mapping_unmap_atomic(reloc_page, KM_USER0); } + + /* and update the user's relocation entry */ + reloc.presumed_offset = target_offset; + if (__copy_to_user_inatomic(&user_relocs[i].presumed_offset, + &reloc.presumed_offset, + sizeof(reloc.presumed_offset))) { + ret = -EFAULT; + break; + } } drm_gem_object_unreference(target_obj); @@ -3560,6 +3569,10 @@ validate_exec_list(struct drm_i915_gem_exec_object2 *exec, if (!access_ok(VERIFY_READ, ptr, length)) return -EFAULT; + /* we may also need to update the presumed offsets */ + if (!access_ok(VERIFY_WRITE, ptr, length)) + return -EFAULT; + if (fault_in_pages_readable(ptr, length)) return -EFAULT; }