LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Mark Yacoub" <markyacoub@google.com>,
	"Michel Dänzer" <mdaenzer@redhat.com>,
	"Mark Yacoub" <markyacoub@chromium.org>,
	"Sean Paul" <seanpaul@chromium.org>,
	"Sasha Levin" <sashal@kernel.org>,
	dri-devel@lists.freedesktop.org
Subject: [PATCH AUTOSEL 4.19 07/10] drm: Copy drm_wait_vblank to user before returning
Date: Mon, 23 Aug 2021 20:55:09 -0400	[thread overview]
Message-ID: <20210824005513.631557-7-sashal@kernel.org> (raw)
In-Reply-To: <20210824005513.631557-1-sashal@kernel.org>

From: Mark Yacoub <markyacoub@google.com>

[ Upstream commit fa0b1ef5f7a694f48e00804a391245f3471aa155 ]

[Why]
Userspace should get back a copy of drm_wait_vblank that's been modified
even when drm_wait_vblank_ioctl returns a failure.

Rationale:
drm_wait_vblank_ioctl modifies the request and expects the user to read
it back. When the type is RELATIVE, it modifies it to ABSOLUTE and updates
the sequence to become current_vblank_count + sequence (which was
RELATIVE), but now it became ABSOLUTE.
drmWaitVBlank (in libdrm) expects this to be the case as it modifies
the request to be Absolute so it expects the sequence to would have been
updated.

The change is in compat_drm_wait_vblank, which is called by
drm_compat_ioctl. This change of copying the data back regardless of the
return number makes it en par with drm_ioctl, which always copies the
data before returning.

[How]
Return from the function after everything has been copied to user.

Fixes IGT:kms_flip::modeset-vs-vblank-race-interruptible
Tested on ChromeOS Trogdor(msm)

Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Signed-off-by: Mark Yacoub <markyacoub@chromium.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20210812194917.1703356-1-markyacoub@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_ioc32.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
index ab8847c7dd96..87e13bcd7a67 100644
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
@@ -855,8 +855,6 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd,
 	req.request.sequence = req32.request.sequence;
 	req.request.signal = req32.request.signal;
 	err = drm_ioctl_kernel(file, drm_wait_vblank_ioctl, &req, DRM_UNLOCKED);
-	if (err)
-		return err;
 
 	req32.reply.type = req.reply.type;
 	req32.reply.sequence = req.reply.sequence;
@@ -865,7 +863,7 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd,
 	if (copy_to_user(argp, &req32, sizeof(req32)))
 		return -EFAULT;
 
-	return 0;
+	return err;
 }
 
 #if defined(CONFIG_X86)
-- 
2.30.2


  parent reply	other threads:[~2021-08-24  1:00 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-24  0:55 [PATCH AUTOSEL 4.19 01/10] opp: remove WARN when no valid OPPs remain Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 02/10] virtio: Improve vq->broken access to avoid any compiler optimization Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 03/10] virtio_pci: Support surprise removal of virtio pci device Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 04/10] vringh: Use wiov->used to check for read/write desc order Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 05/10] qed: qed ll2 race condition fixes Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 06/10] qed: Fix null-pointer dereference in qed_rdma_create_qp() Sasha Levin
2021-08-24  0:55 ` Sasha Levin [this message]
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 08/10] drm/nouveau/disp: power down unused DP links during init Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 09/10] drm/nouveau: block a bunch of classes from userspace Sasha Levin
2021-08-24  0:55 ` [PATCH AUTOSEL 4.19 10/10] net/rds: dma_map_sg is entitled to merge entries Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210824005513.631557-7-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=markyacoub@chromium.org \
    --cc=markyacoub@google.com \
    --cc=mdaenzer@redhat.com \
    --cc=seanpaul@chromium.org \
    --cc=stable@vger.kernel.org \
    --subject='Re: [PATCH AUTOSEL 4.19 07/10] drm: Copy drm_wait_vblank to user before returning' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).