Skip to content

Commit 7be19f9

Browse files
airliedairlied
committed
Merge tag 'drm-intel-fixes-2025-12-31' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes
drm/i915 fixes for v6.19-rc4: - Fix eb_lookup_vmas() failure path Signed-off-by: Dave Airlie <airlied@redhat.com> From: Jani Nikula <jani.nikula@intel.com> Link: https://patch.msgid.link/4e79f041395bb8bcc9b2a76bb98b5e3df1c1c3eb@intel.com
2 parents 9abfe0b + 4fe2bd1 commit 7be19f9

1 file changed

Lines changed: 17 additions & 20 deletions

File tree

drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c

Lines changed: 17 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -951,13 +951,13 @@ static int eb_lookup_vmas(struct i915_execbuffer *eb)
951951
vma = eb_lookup_vma(eb, eb->exec[i].handle);
952952
if (IS_ERR(vma)) {
953953
err = PTR_ERR(vma);
954-
goto err;
954+
return err;
955955
}
956956

957957
err = eb_validate_vma(eb, &eb->exec[i], vma);
958958
if (unlikely(err)) {
959959
i915_vma_put(vma);
960-
goto err;
960+
return err;
961961
}
962962

963963
err = eb_add_vma(eb, &current_batch, i, vma);
@@ -966,30 +966,15 @@ static int eb_lookup_vmas(struct i915_execbuffer *eb)
966966

967967
if (i915_gem_object_is_userptr(vma->obj)) {
968968
err = i915_gem_object_userptr_submit_init(vma->obj);
969-
if (err) {
970-
if (i + 1 < eb->buffer_count) {
971-
/*
972-
* Execbuffer code expects last vma entry to be NULL,
973-
* since we already initialized this entry,
974-
* set the next value to NULL or we mess up
975-
* cleanup handling.
976-
*/
977-
eb->vma[i + 1].vma = NULL;
978-
}
979-
969+
if (err)
980970
return err;
981-
}
982971

983972
eb->vma[i].flags |= __EXEC_OBJECT_USERPTR_INIT;
984973
eb->args->flags |= __EXEC_USERPTR_USED;
985974
}
986975
}
987976

988977
return 0;
989-
990-
err:
991-
eb->vma[i].vma = NULL;
992-
return err;
993978
}
994979

995980
static int eb_lock_vmas(struct i915_execbuffer *eb)
@@ -3375,7 +3360,8 @@ i915_gem_do_execbuffer(struct drm_device *dev,
33753360

33763361
eb.exec = exec;
33773362
eb.vma = (struct eb_vma *)(exec + args->buffer_count + 1);
3378-
eb.vma[0].vma = NULL;
3363+
memset(eb.vma, 0, (args->buffer_count + 1) * sizeof(struct eb_vma));
3364+
33793365
eb.batch_pool = NULL;
33803366

33813367
eb.invalid_flags = __EXEC_OBJECT_UNKNOWN_FLAGS;
@@ -3584,7 +3570,18 @@ i915_gem_execbuffer2_ioctl(struct drm_device *dev, void *data,
35843570
if (err)
35853571
return err;
35863572

3587-
/* Allocate extra slots for use by the command parser */
3573+
/*
3574+
* Allocate extra slots for use by the command parser.
3575+
*
3576+
* Note that this allocation handles two different arrays (the
3577+
* exec2_list array, and the eventual eb.vma array introduced in
3578+
* i915_gem_do_execbuffer()), that reside in virtually contiguous
3579+
* memory. Also note that the allocation intentionally doesn't fill the
3580+
* area with zeros, because the exec2_list part doesn't need to be, as
3581+
* it's immediately overwritten by user data a few lines below.
3582+
* However, the eb.vma part is explicitly zeroed later in
3583+
* i915_gem_do_execbuffer().
3584+
*/
35883585
exec2_list = kvmalloc_array(count + 2, eb_element_size(),
35893586
__GFP_NOWARN | GFP_KERNEL);
35903587
if (exec2_list == NULL) {

0 commit comments

Comments
 (0)