drm/etnaviv: reap idle mapping if it doesn't match the softpin address

When a idle BO, which is held open by another process, gets freed by
userspace and subsequently referenced again by e.g. importing it again,
userspace may assign a different softpin VA than the last time around.
As the kernel GEM object still exists, we likely have a idle mapping
with the old VA still cached, if it hasn't been reaped in the meantime.

As the context matches, we then simply try to resurrect this mapping by
increasing the refcount. As the VA in this mapping does not match the
new softpin address, we consequently fail the otherwise valid submit.
Instead of failing, reap the idle mapping.

Cc: stable@vger.kernel.org # 5.19
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Reviewed-by: Guido Günther <agx@sigxcpu.org>

diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem.c b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
index ecb828e4e1565c4f497f578c382ecd13ba4c4a36..d45bf03683394bbe533142b724446c6c55a903df 100644 (file)
--- a/drivers/gpu/drm/etnaviv/etnaviv_gem.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem.c
@@ -258,7 +258,12 @@ struct etnaviv_vram_mapping *etnaviv_gem_mapping_get(
                if (mapping->use == 0) {
                        mutex_lock(&mmu_context->lock);
                        if (mapping->context == mmu_context)
-                               mapping->use += 1;
+                               if (va && mapping->iova != va) {
+                                       etnaviv_iommu_reap_mapping(mapping);
+                                       mapping = NULL;
+                               } else {
+                                       mapping->use += 1;
+                               }
                        else
                                mapping = NULL;
                        mutex_unlock(&mmu_context->lock);