Bisected guest kernel changes crashing qemu. Landed at
"6c1cd97bda drm/virtio: fix resource id handling". Looked again, and
noticed we where not only leaking *some* ids, but *all* ids. The old
code never ever called virtio_gpu_resource_id_put().
So, commit 6c1cd97bda effectively makes the linux kernel starting
re-using IDs after releasing them, and apparently virglrenderer can't
deal with that. Oops.
This patch puts a temporary stopgap into place for the 5.0 release.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190208140409.15280-1-kraxel@redhat.com
(cherry picked from commit 16065fcdd1)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I606eecad29b877ad5da26dc9e4b5b71d99c8483d
The feature allows the guest request an EDID blob (describing monitor
capabilities) for a given scanout (aka virtual monitor connector).
It brings a new command message, which has just a scanout field (beside
the standard virtio-gpu header) and a response message which carries the
EDID data.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20181030063206.19528-2-kraxel@redhat.com
(cherry picked from commit 610c0c2b28)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I1d4c11844307845b5829f1220b35938823ac7924
Add a new field called fence_fd that will be used by userspace to send
in-fences to the kernel and receive out-fences created by the kernel.
This uapi enables virtio to take advantage of explicit synchronization of
dma-bufs.
There are two new flags:
* VIRTGPU_EXECBUF_FENCE_FD_IN to be used when passing an in-fence fd.
* VIRTGPU_EXECBUF_FENCE_FD_OUT to be used when requesting an out-fence fd
The execbuffer IOCTL is now read-write to allow the userspace to read the
out-fence.
On error -1 should be returned in the fence_fd field.
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.com>
Signed-off-by: Robert Foss <robert.foss@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20181112165157.32765-3-robert.foss@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a56f9c868c)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: Icdf083b865feb4e9b19998bc06ab18e2504608da
Move virtio_gpu_resource_id_{get,put} to virtgpu_object.c and make them
static. Allocate and free the id on creation and destroy, drop all
other calls. That way objects have a valid handle for the whole
lifetime of the object.
Also fixes ids leaking. Worst offender are dumb buffers, and I think
some error paths too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20181019061847.18958-7-kraxel@redhat.com
(cherry picked from commit 6c1cd97bda)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I4e1565804c923d18096edce63a5166015f4c9a4c
Track whenever the virtio_gpu_object is already created (i.e. host knows
about it) in a new variable. Add checks to virtio_gpu_object_attach()
to do nothing on objects not created yet.
Make virtio_gpu_ttm_bo_destroy() use the new variable too, instead of
expecting hw_res_handle indicating the object state.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20181019061847.18958-2-kraxel@redhat.com
(cherry picked from commit 23c897d72c)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: Ib0d2cf8e0d6cce9a16537c9cea7074532b0f8d5e
A while back we removed it, yet that lead to regressions. At some later
point, I've attempted to remove it again without fully grasping the
unique (pun intended) situation that virtio is in.
Add a bulky comment to document why the call should stay as-is, for the
next person who's around.
As a Tl;Dr: virtio sits on top of struct virtio_device, which confuses
dev_is_pci(), wrong info gets sent to userspace and X doesn't start.
Driver needs to explicitly call drm_dev_set_unique() to keep it working.
v2: Fix handful of typos (Laszlo)
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181024144252.16518-1-emil.l.velikov@gmail.com
(cherry picked from commit 4bdbd5f0ee)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I97320c3c715b87eb8ebb3ca14706ab1ba00ec45e
Implement vmap/vunmap so we can export dmabufs to
other drivers, such as video4linux.
Tested with a virtio-gpu / vivid (virtual capture driver)
pipeline, where the vivid driver imports the dmabufs exported
by virtio-gpu.
Note that dma_buf_vmap() does its own vmap counting, so
it's not needed to take care of it in the driver.
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180925161606.17980-4-ezequiel@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a03fb71716)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: Icab4912be0e3da5a6fd453eb42894e6a16344ad3
Currently, virtio_gpu_object_kmap() is only called by
virtio_gpufb_create(), when a DRM framebuffer is created.
Thus, instead of returning the vmap'ed address, emit a warning
if virtio_gpu_object_kmap is called on an already mapped
object. With this change, kmap/kunmap calls are now balanced.
Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180925161606.17980-3-ezequiel@collabora.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a20c4173c4)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I970b24d86c43017aa9d58b6cdc6e4909c3870c31
This doesn't affect runtime because in the current code "idx" is always
valid.
First, we read from "vgdev->capsets[idx].max_size" before checking
whether "idx" is within bounds. And secondly the bounds check is off by
one so we could end up reading one element beyond the end of the
vgdev->capsets[] array.
Fixes: 62fb7a5e10 ("virtio-gpu: add 3d/virgl support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20180704094250.m7sgvvzg3dhcvv3h@kili.mountain
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 09c4b49457)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I73320cd2012a6e712cb910c5ebedb665d99e1205
The function ttm_bo_put releases a reference to a TTM buffer object. The
function's name is more aligned to the Linux kernel convention of naming
ref-counting function _get and _put.
A call to ttm_bo_unref takes the address of the TTM BO object's pointer and
clears the pointer's value to NULL. This is not necessary in most cases and
sometimes even worked around by the calling code. A call to ttm_bo_put only
releases the reference without clearing the pointer.
The current behaviour of cleaning the pointer is kept in the calling code,
but should be removed if not required in a later patch.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: http://patchwork.freedesktop.org/patch/msgid/20180731062127.10131-3-tzimmermann@suse.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 0e7a3d4b66)
Signed-off-by: Greg Hartman <ghartman@google.com>
BUG: 139386237
Change-Id: I014fa5f259fafd3b8ea691adc993eaffc46dd5dc
Cuttlefish will use gki_defconfig on this branch.
Change-Id: I20d37d538ca8f4de80282c4a3a98dbcfb7c33170
Signed-off-by: Alistair Delva <adelva@google.com>
boosted_cpu_util() sums the CFS and RT util signals before they are used
for frequency selection. While the util_avg signals are in sync,
util_est prevents cpu_util_cfs() from decreasing when a CFS task is
preempted by RT.
This util_est behaviour is beneficial in many scenarios, but it can
cause the sum of rt_util and cfs_util to go above SCHED_CAPACITY_SCALE.
Although benign, this transient value appears in the stune tracepoints,
and can cause confusion.
Work around the problem by capping the util sum to SCHED_CAPACITY_SCALE.
Bug: 120440300
Change-Id: I2be6eb157af86024e52ae11715f5637c77b201a3
Signed-off-by: Quentin Perret <quentin.perret@arm.com>
Changes in 4.19.67
iio: cros_ec_accel_legacy: Fix incorrect channel setting
iio: adc: max9611: Fix misuse of GENMASK macro
staging: gasket: apex: fix copy-paste typo
staging: android: ion: Bail out upon SIGKILL when allocating memory.
crypto: ccp - Fix oops by properly managing allocated structures
crypto: ccp - Add support for valid authsize values less than 16
crypto: ccp - Ignore tag length when decrypting GCM ciphertext
usb: usbfs: fix double-free of usb memory upon submiturb error
usb: iowarrior: fix deadlock on disconnect
sound: fix a memory leak bug
mmc: cavium: Set the correct dma max segment size for mmc_host
mmc: cavium: Add the missing dma unmap when the dma has finished.
loop: set PF_MEMALLOC_NOIO for the worker thread
Input: usbtouchscreen - initialize PM mutex before using it
Input: elantech - enable SMBus on new (2018+) systems
Input: synaptics - enable RMI mode for HP Spectre X360
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
x86/mm: Sync also unmappings in vmalloc_sync_all()
mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
perf annotate: Fix s390 gap between kernel end and module start
perf db-export: Fix thread__exec_comm()
perf record: Fix module size on s390
x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
gfs2: gfs2_walk_metadata fix
usb: host: xhci-rcar: Fix timeout in xhci_suspend()
usb: yurex: Fix use-after-free in yurex_delete
usb: typec: tcpm: free log buf memory when remove debug file
usb: typec: tcpm: remove tcpm dir if no children
usb: typec: tcpm: Add NULL check before dereferencing config
usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests
can: rcar_canfd: fix possible IRQ storm on high load
can: peak_usb: fix potential double kfree_skb()
netfilter: nfnetlink: avoid deadlock due to synchronous request_module
vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
netfilter: Fix rpfilter dropping vrf packets by mistake
netfilter: conntrack: always store window size un-scaled
netfilter: nft_hash: fix symhash with modulus one
scripts/sphinx-pre-install: fix script for RHEL/CentOS
drm/amd/display: Wait for backlight programming completion in set backlight level
drm/amd/display: use encoder's engine id to find matched free audio device
drm/amd/display: Fix dc_create failure handling and 666 color depths
drm/amd/display: Only enable audio if speaker allocation exists
drm/amd/display: Increase size of audios array
iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
nl80211: fix NL80211_HE_MAX_CAPABILITY_LEN
mac80211: don't warn about CW params when not using them
allocate_flower_entry: should check for null deref
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
drm: silence variable 'conn' set but not used
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
s390/qdio: add sanity checks to the fast-requeue path
ALSA: compress: Fix regression on compressed capture streams
ALSA: compress: Prevent bypasses of set_params
ALSA: compress: Don't allow paritial drain operations on capture streams
ALSA: compress: Be more restrictive about when a drain is allowed
perf tools: Fix proper buffer size for feature processing
perf probe: Avoid calling freeing routine multiple times for same pointer
drbd: dynamically allocate shash descriptor
ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
nvme: fix multipath crash when ANA is deactivated
ARM: davinci: fix sleep.S build error on ARMv4
ARM: dts: bcm: bcm47094: add missing #cells for mdio-bus-mux
scsi: megaraid_sas: fix panic on loading firmware crashdump
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
test_firmware: fix a memory leak bug
tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
perf/core: Fix creating kernel counters for PMUs that override event->cpu
s390/dma: provide proper ARCH_ZONE_DMA_BITS value
HID: sony: Fix race condition between rumble and device remove.
x86/purgatory: Do not use __builtin_memcpy and __builtin_memset
ALSA: usb-audio: fix a memory leak bug
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
hwmon: (nct7802) Fix wrong detection of in4 presence
drm/i915: Fix wrong escape clock divisor init for GLK
ALSA: firewire: fix a memory leak bug
ALSA: hiface: fix multiple memory leak bugs
ALSA: hda - Don't override global PCM hw info flag
ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
mac80211: don't WARN on short WMM parameters from AP
dax: dax_layout_busy_page() should not unmap cow pages
SMB3: Fix deadlock in validate negotiate hits reconnect
smb3: send CAP_DFS capability during session setup
NFSv4: Fix an Oops in nfs4_do_setattr
KVM: Fix leak vCPU's VMCS value into other pCPU
mwifiex: fix 802.11n/WPA detection
iwlwifi: don't unmap as page memory that was mapped as single
iwlwifi: mvm: fix an out-of-bound access
iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
Linux 4.19.67
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5ea813ed5ba6d1eeda51eb4031395ee3e8ba54c3
commit f5a47fae6a upstream.
We erroneously added a check for FW API version 41 before sending
GEO_TX_POWER_LIMIT, but this was already implemented in version 38.
Additionally, it was cherry-picked to older versions, namely 17, 26
and 29, so check for those as well.
Cc: stable@vger.kernel.org
Fixes: eca1e56cee ("iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
