From bc03dabb96460505c155e585c2bc44eeb81571e5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 12 Oct 2023 19:53:10 +0200 Subject: [PATCH] 5.4-stable patches added patches: drm-etvnaviv-fix-bad-backport-leading-to-warning.patch --- ...-fix-bad-backport-leading-to-warning.patch | 86 +++++++++++++++++++ queue-5.4/series | 1 + 2 files changed, 87 insertions(+) create mode 100644 queue-5.4/drm-etvnaviv-fix-bad-backport-leading-to-warning.patch diff --git a/queue-5.4/drm-etvnaviv-fix-bad-backport-leading-to-warning.patch b/queue-5.4/drm-etvnaviv-fix-bad-backport-leading-to-warning.patch new file mode 100644 index 00000000000..a14378af7de --- /dev/null +++ b/queue-5.4/drm-etvnaviv-fix-bad-backport-leading-to-warning.patch @@ -0,0 +1,86 @@ +From martin.fuzzey@flowbird.group Thu Oct 12 19:51:38 2023 +From: Martin Fuzzey +Date: Tue, 10 Oct 2023 15:19:28 +0200 +Subject: drm: etvnaviv: fix bad backport leading to warning +To: stable@vger.kernel.org +Cc: Lucas Stach , Greg Kroah-Hartman , etnaviv@lists.freedesktop.org +Message-ID: <20231010132030.1392238-1-martin.fuzzey@flowbird.group> + +From: Martin Fuzzey + +When updating from 5.4.219 -> 5.4.256 I started getting a runtime warning: + +[ 58.229857] ------------[ cut here ]------------ +[ 58.234599] WARNING: CPU: 1 PID: 565 at drivers/gpu/drm/drm_gem.c:1020 drm_gem_object_put+0x90/0x98 +[ 58.249935] Modules linked in: qmi_wwan cdc_wdm option usb_wwan smsc95xx rsi_usb rsi_91x btrsi ci_hdrc_imx ci_hdrc +[ 58.260499] ueventd: modprobe usb:v2F8Fp7FFFd0200dc00dsc00dp00icFEisc01ip02in00 done +[ 58.288877] CPU: 1 PID: 565 Comm: android.display Not tainted 5.4.256pkn-5.4-bsp-snapshot-svn-7423 #2195 +[ 58.288883] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) +[ 58.288888] Backtrace: +[ 58.288912] [] (dump_backtrace) from [] (show_stack+0x20/0x24) +[ 58.288920] r7:00000000 r6:60010013 r5:00000000 r4:c14cd224 +[ 58.328337] [] (show_stack) from [] (dump_stack+0xe8/0x120) +[ 58.335661] [] (dump_stack) from [] (__warn+0xd4/0xe8) +[ 58.342542] r10:eda54000 r9:c06ca53c r8:000003fc r7:00000009 r6:c111ed54 r5:00000000 +[ 58.350374] r4:00000000 r3:76cf564a +[ 58.353957] [] (__warn) from [] (warn_slowpath_fmt+0xb0/0xc0) +[ 58.361445] r9:00000009 r8:c06ca53c r7:000003fc r6:c111ed54 r5:c1406048 r4:00000000 +[ 58.369198] [] (warn_slowpath_fmt) from [] (drm_gem_object_put+0x90/0x98) +[ 58.377728] r9:edda7e40 r8:edd39360 r7:ad16e000 r6:edda7eb0 r5:00000000 r4:edaa3200 +[ 58.385524] [] (drm_gem_object_put) from [] (etnaviv_gem_prime_mmap_obj+0x34/0x3c [etnaviv]) +[ 58.395704] r5:00000000 r4:edaa3200 +[ 58.399334] [] (etnaviv_gem_prime_mmap_obj [etnaviv]) from [] (etnaviv_gem_mmap+0x3c/0x60 [etnaviv]) +[ 58.410205] r5:edd39360 r4:00000000 +[ 58.413816] [] (etnaviv_gem_mmap [etnaviv]) from [] (mmap_region+0x37c/0x67c) +[ 58.422689] r5:ad16d000 r4:edda7eb8 +[ 58.426272] [] (mmap_region) from [] (do_mmap+0x420/0x544) +[ 58.433500] r10:000000fb r9:000fffff r8:ffffffff r7:00000001 r6:00000003 r5:00000001 +[ 58.441330] r4:00001000 +[ 58.443876] [] (do_mmap) from [] (vm_mmap_pgoff+0xd0/0x100) +[ 58.451190] r10:eda54040 r9:00001000 r8:00000000 r7:00000000 r6:00000003 r5:c1406048 +[ 58.459020] r4:edb8ff24 +[ 58.461561] [] (vm_mmap_pgoff) from [] (ksys_mmap_pgoff+0xdc/0x10c) +[ 58.469570] r10:000000c0 r9:edb8e000 r8:ed650b40 r7:00000003 r6:00001000 r5:00000000 +[ 58.477400] r4:00000001 +[ 58.479941] [] (ksys_mmap_pgoff) from [] (sys_mmap_pgoff+0x2c/0x34) +[ 58.487949] r8:c0101224 r7:000000c0 r6:951ece38 r5:00010001 r4:00000065 +[ 58.494658] [] (sys_mmap_pgoff) from [] (ret_fast_syscall+0x0/0x28) + +It looks like this was a backporting error for the upstream patch +963b2e8c428f "drm/etnaviv: fix reference leak when mmaping imported buffer" + +In the 5.4 kernel there are 2 variants of the object put function: + drm_gem_object_put() [which requires lock to be held] + drm_gem_object_put_unlocked() [which requires lock to be NOT held] + +In later kernels [5.14+] this has gone and there just drm_gem_object_put() +which requires lock to be NOT held. + +So the memory leak pach, which added a call to drm_gem_object_put() was correct +on newer kernels but wrong on 5.4 and earlier ones. + +So switch back to using the _unlocked variant for old kernels. +This should only be applied to the 5.4, 4.19 and 4.14 longterm branches; +mainline and more recent longterms already have the correct fix. + +Signed-off-by: Martin Fuzzey +Fixes: 0c6df5364798 "drm/etnaviv: fix reference leak when mmaping imported buffer" [5.4.y] +Fixes: 0838cb217a52 "drm/etnaviv: fix reference leak when mmaping imported buffer" [4.19.y] +Fixes: 1c9544fbc979 "drm/etnaviv: fix reference leak when mmaping imported buffer" [4.14.y] +Reviewed-by: Lucas Stach +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c ++++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c +@@ -98,7 +98,7 @@ static int etnaviv_gem_prime_mmap_obj(st + ret = dma_buf_mmap(etnaviv_obj->base.dma_buf, vma, 0); + if (!ret) { + /* Drop the reference acquired by drm_gem_mmap_obj(). */ +- drm_gem_object_put(&etnaviv_obj->base); ++ drm_gem_object_put_unlocked(&etnaviv_obj->base); + } + + return ret; diff --git a/queue-5.4/series b/queue-5.4/series index 60595514356..19ebec718dd 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -5,3 +5,4 @@ pwm-hibvt-explicitly-set-.polarity-in-.get_state.patch hid-logitech-hidpp-fix-kernel-crash-on-receiver-usb-disconnect.patch quota-fix-slow-quotaoff.patch net-prevent-address-rewrite-in-kernel_bind.patch +drm-etvnaviv-fix-bad-backport-leading-to-warning.patch -- 2.47.3