Displaying 20 results from an estimated 400 matches similar to: "PR: nv50 IB-mode DMA crash fixes"
2023 Aug 23
1
[PATCH drm-misc-next v2] drm/nouveau: uapi: don't pass NO_PREFETCH flag implicitly
Currently, NO_PREFETCH is passed implicitly through
drm_nouveau_gem_pushbuf_push::length and drm_nouveau_exec_push::va_len.
Since this is a direct representation of how the HW is programmed it
isn't really future proof for a uAPI. Hence, fix this up for the new
uAPI and split up the va_len field of struct drm_nouveau_exec_push,
such that we keep 32bit for va_len and 32bit for flags.
For
2023 Aug 23
1
[PATCH drm-misc-next] drm/nouveau: uapi: don't pass NO_PREFETCH flag implicitly
On Tue, Aug 22, 2023 at 6:41?PM Danilo Krummrich <dakr at redhat.com> wrote:
> Currently, NO_PREFETCH is passed implicitly through
> drm_nouveau_gem_pushbuf_push::length and drm_nouveau_exec_push::va_len.
>
> Since this is a direct representation of how the HW is programmed it
> isn't really future proof for a uAPI. Hence, fix this up for the new
> uAPI and split up
2023 Aug 22
2
[PATCH drm-misc-next] drm/nouveau: uapi: don't pass NO_PREFETCH flag implicitly
Currently, NO_PREFETCH is passed implicitly through
drm_nouveau_gem_pushbuf_push::length and drm_nouveau_exec_push::va_len.
Since this is a direct representation of how the HW is programmed it
isn't really future proof for a uAPI. Hence, fix this up for the new
uAPI and split up the va_len field of struct drm_nouveau_exec_push,
such that we keep 32bit for va_len and 32bit for flags.
For
2023 Dec 04
1
PR: nv50 IB-mode DMA crash fixes
On Sun, Dec 3, 2023 at 11:37?AM Monty Montgomery <xiphmont at gmail.com> wrote:
> 1) The nv50 DMA code clearly believed push buffers could not (or
> should not) exceed NV50_DMA_PUSH_MAX_LENGTH, when my analysis logging
> shows that they regularly exceed this maximum by an order of magnitude
> or more. Was the assumption originally true? If so, when/why did it
> change? Is
2023 Aug 29
1
[PATCH drm-misc-next] drm/nouveau: fence: fix undefined fence state after emit
nouveau_fence_emit() can fail before and after initializing the
dma-fence and hence before and after initializing the dma-fence' kref.
In order to avoid nouveau_fence_emit() potentially failing before
dma-fence initialization pass the channel to nouveau_fence_new() already
and perform the required check before even allocating the fence.
While at it, restore the original behavior of
2012 Aug 19
2
[PATCH 10/10] drm/nouveau: fix off-by-one bugs related to command submission in IB mode
Commit "drm/nouveau: port all engines to new engine module format" changed
IB size calculation to be less wasteful, but didn't take into account already
existing off-by-one bugs :).
So:
- ib_max is the last entry, so we need to +1 when calculating number of
free entries
- nv50_dma_wait already does +1 (for FIRE_RING), so we don't need another +1
on nouveau_gem_ioctl_pushbuf
2017 Apr 22
9
[Bug 100758] New: Kernel Oops when starting X nv50_dma_push
https://bugs.freedesktop.org/show_bug.cgi?id=100758
Bug ID: 100758
Summary: Kernel Oops when starting X nv50_dma_push
Product: xorg
Version: unspecified
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: Driver/nouveau
Assignee:
2023 Apr 05
0
[PATCH] drm/nouveau: Add a jump label in nouveau_gem_ioctl_pushbuf()
Date: Wed, 5 Apr 2023 18:38:54 +0200
The label ?out_prevalid? was used to jump to another pointer check
despite of the detail in the implementation of the function
?nouveau_gem_ioctl_pushbuf? that it was determined already in one case
that the corresponding variable contained an error pointer
because of a failed call of the function ?u_memcpya?.
Thus use an additional label.
This issue was
2010 Jan 06
0
[PATCH] Fix null deref in nouveau_fence_emit due to deleted fence
Currently Nouveau will unvalidate all buffers if it is forced to wait on one, and then start revalidating from the beginning.
While doing so, it destroys the operation fence, causing nouveau_fence_emit to crash.
This patch fixes this bug by taking the fence object out of validate_op and creating it just before emit.
The fence pointer is initialized to 0 and unref'ed unconditionally.
In
2019 Aug 20
0
[PATCH 2/3] drm/nouveau: slowpath for pushbuf ioctl
We can't copy_*_user while holding reservations, that will (soon even
for nouveau) lead to deadlocks. And it breaks the cross-driver
contract around dma_resv.
Fix this by adding a slowpath for when we need relocations, and by
pushing the writeback of the new presumed offsets to the very end.
Aside from "it compiles" entirely untested unfortunately.
Signed-off-by: Daniel Vetter
2019 Sep 03
0
[PATCH 2/3] drm/nouveau: slowpath for pushbuf ioctl
On Wed, Aug 21, 2019 at 11:50:29PM +0200, Daniel Vetter wrote:
> We can't copy_*_user while holding reservations, that will (soon even
> for nouveau) lead to deadlocks. And it breaks the cross-driver
> contract around dma_resv.
>
> Fix this by adding a slowpath for when we need relocations, and by
> pushing the writeback of the new presumed offsets to the very end.
>
2019 Nov 05
0
[PATCH 2/3] drm/nouveau: slowpath for pushbuf ioctl
On Mon, Nov 04, 2019 at 06:38:00PM +0100, Daniel Vetter wrote:
> We can't copy_*_user while holding reservations, that will (soon even
> for nouveau) lead to deadlocks. And it breaks the cross-driver
> contract around dma_resv.
>
> Fix this by adding a slowpath for when we need relocations, and by
> pushing the writeback of the new presumed offsets to the very end.
>
2019 Oct 21
1
[PATCH 2/3] drm/nouveau: slowpath for pushbuf ioctl
We can't copy_*_user while holding reservations, that will (soon even
for nouveau) lead to deadlocks. And it breaks the cross-driver
contract around dma_resv.
Fix this by adding a slowpath for when we need relocations, and by
pushing the writeback of the new presumed offsets to the very end.
Aside from "it compiles" entirely untested unfortunately.
Signed-off-by: Daniel Vetter
2019 Nov 04
2
[PATCH 2/3] drm/nouveau: slowpath for pushbuf ioctl
We can't copy_*_user while holding reservations, that will (soon even
for nouveau) lead to deadlocks. And it breaks the cross-driver
contract around dma_resv.
Fix this by adding a slowpath for when we need relocations, and by
pushing the writeback of the new presumed offsets to the very end.
Aside from "it compiles" entirely untested unfortunately.
Signed-off-by: Daniel Vetter
2019 Aug 21
2
[PATCH 2/3] drm/nouveau: slowpath for pushbuf ioctl
We can't copy_*_user while holding reservations, that will (soon even
for nouveau) lead to deadlocks. And it breaks the cross-driver
contract around dma_resv.
Fix this by adding a slowpath for when we need relocations, and by
pushing the writeback of the new presumed offsets to the very end.
Aside from "it compiles" entirely untested unfortunately.
Signed-off-by: Daniel Vetter
2017 Mar 21
0
use-after-free bug with GT218 on arm64 machine
Hello all,
I am trying to debug an elusive memory corruption bug on my arm64
machine which appears to be in the nouveau driver.
I got the following splat from the refcount debugging code:
"""
refcount_t: underflow; use-after-free.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3366 at lib/refcount.c:128 refcount_sub_and_test+0xe8/0x108
Modules linked in: fuse nouveau
2019 May 27
2
[PATCH 08/13] drm/nouveau: drop DRM_AUTH from DRM_RENDER_ALLOW ioctls
From: Emil Velikov <emil.velikov at collabora.com>
The authentication can be circumvented, by design, by using the render
node.
>From the driver POV there is no distinction between primary and render
nodes, thus we can drop the token.
Note: the outstanding DRM_AUTH instance is:
- legacy DRI1 ioctl, which is already neutered
Cc: Ben Skeggs <bskeggs at redhat.com>
Cc: nouveau at
2019 Jun 06
0
[PATCH 08/13] drm/nouveau: drop DRM_AUTH from DRM_RENDER_ALLOW ioctls
On Mon, 27 May 2019 at 09:19, Emil Velikov <emil.l.velikov at gmail.com> wrote:
>
> From: Emil Velikov <emil.velikov at collabora.com>
>
> The authentication can be circumvented, by design, by using the render
> node.
>
> From the driver POV there is no distinction between primary and render
> nodes, thus we can drop the token.
>
> Note: the outstanding
2020 Sep 09
0
nouveau: BUG: Invalid wait context
Greetings,
Box is an aging generic i4790 + GTX-980 desktop.
[ 1143.133663] =============================
[ 1143.133666] [ BUG: Invalid wait context ]
[ 1143.133671] 5.9.0.g34d4ddd-preempt #2 Tainted: G S E
[ 1143.133675] -----------------------------
[ 1143.133678] X/2015 is trying to lock:
[ 1143.133682] ffff8d3e9efd63d8 (&zone->lock){..-.}-{3:3}, at:
2017 Mar 28
5
[Bug 100431] New: nv50: memory corruption due to use-after-free of dma_fence
https://bugs.freedesktop.org/show_bug.cgi?id=100431
Bug ID: 100431
Summary: nv50: memory corruption due to use-after-free of
dma_fence
Product: xorg
Version: unspecified
Hardware: ARM
OS: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: