From 86678dfddba55a7b9e2ea084d59be6500fec2256 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Wed, 5 Apr 2006 18:10:11 +1000 Subject: [PATCH 1/6] [PATCH] drm: Fix issue reported by Coverity in drivers/char/drm/via_irq.c This patch tries to fix an issue reported in drivers/char/drm/via_irq.c by Coverity, please review and apply if correct. Error reported: CID: 3444 Checker: REVERSE_INULL (help) File: /export2/p4-coverity/mc2/linux26/drivers/char/drm/via_irq.c Function: via_driver_irq_wait Description: Pointer "dev_priv" dereferenced before NULL check Patch Description: Move de-referencing dev_priv to after the NULL check. Signed-off-by: Jayachandran C. Signed-off-by: Dave Airlie --- drivers/char/drm/via_irq.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/char/drm/via_irq.c b/drivers/char/drm/via_irq.c index 6152415644e9..1228fa55355b 100644 --- a/drivers/char/drm/via_irq.c +++ b/drivers/char/drm/via_irq.c @@ -198,7 +198,7 @@ via_driver_irq_wait(drm_device_t * dev, unsigned int irq, int force_sequence, unsigned int cur_irq_sequence; drm_via_irq_t *cur_irq = dev_priv->via_irqs; int ret = 0; - maskarray_t *masks = dev_priv->irq_masks; + maskarray_t *masks; int real_irq; DRM_DEBUG("%s\n", __FUNCTION__); @@ -221,7 +221,8 @@ via_driver_irq_wait(drm_device_t * dev, unsigned int irq, int force_sequence, __FUNCTION__, irq); return DRM_ERR(EINVAL); } - + + masks = dev_priv->irq_masks; cur_irq += real_irq; if (masks[real_irq][2] && !force_sequence) { From 195b3a2d57b81d30e3129575ef6c8a95b2c936b7 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Wed, 5 Apr 2006 18:12:18 +1000 Subject: [PATCH 2/6] drm: drm_pci needs dma-mapping.h On alpha: WARNING: "dma_free_coherent" [drivers/char/drm/drm.ko] undefined! WARNING: "dma_alloc_coherent" [drivers/char/drm/drm.ko] undefined! Signed-off-by: Andrew Morton Signed-off-by: Dave Airlie --- drivers/char/drm/drm_pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/drm/drm_pci.c b/drivers/char/drm/drm_pci.c index b28ca9cea8a2..86a0f1c22091 100644 --- a/drivers/char/drm/drm_pci.c +++ b/drivers/char/drm/drm_pci.c @@ -37,6 +37,7 @@ */ #include +#include #include "drmP.h" /**********************************************************************/ From 11bab7d2c86fe486e3581ac3dcdb349478ffb899 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Wed, 5 Apr 2006 18:13:13 +1000 Subject: [PATCH 3/6] drm: remove master setting from add/remove context Clients can do this in the miniglx setups. Signed-off-by: Dave Airlie --- drivers/char/drm/drm_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/char/drm/drm_drv.c b/drivers/char/drm/drm_drv.c index dc6bbe8a18dc..3c0b882a8e72 100644 --- a/drivers/char/drm/drm_drv.c +++ b/drivers/char/drm/drm_drv.c @@ -75,8 +75,8 @@ static drm_ioctl_desc_t drm_ioctls[] = { [DRM_IOCTL_NR(DRM_IOCTL_SET_SAREA_CTX)] = {drm_setsareactx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY}, [DRM_IOCTL_NR(DRM_IOCTL_GET_SAREA_CTX)] = {drm_getsareactx, DRM_AUTH}, - [DRM_IOCTL_NR(DRM_IOCTL_ADD_CTX)] = {drm_addctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY}, - [DRM_IOCTL_NR(DRM_IOCTL_RM_CTX)] = {drm_rmctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY}, + [DRM_IOCTL_NR(DRM_IOCTL_ADD_CTX)] = {drm_addctx, DRM_AUTH|DRM_ROOT_ONLY}, + [DRM_IOCTL_NR(DRM_IOCTL_RM_CTX)] = {drm_rmctx, DRM_AUTH|DRM_ROOT_ONLY}, [DRM_IOCTL_NR(DRM_IOCTL_MOD_CTX)] = {drm_modctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY}, [DRM_IOCTL_NR(DRM_IOCTL_GET_CTX)] = {drm_getctx, DRM_AUTH}, [DRM_IOCTL_NR(DRM_IOCTL_SWITCH_CTX)] = {drm_switchctx, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY}, From 31f64bd101ea256f9fc4a7f1f1706d6417d5550a Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Fri, 7 Apr 2006 16:55:43 +1000 Subject: [PATCH 4/6] drm: deline a few large inlines in DRM code This patch moves a few large functions from drm_memory.h to drm_memory.c, with the following effect: text data bss dec hex filename 46305 1304 20 47629 ba0d new/drm.ko 46367 1304 20 47691 ba4b org/drm.ko 12969 1372 0 14341 3805 new/i810.ko 14712 1372 0 16084 3ed4 org/i810.ko 16447 1364 0 17811 4593 new/i830.ko 18198 1364 0 19562 4c6a org/i830.ko 11875 1324 0 13199 338f new/i915.ko 13025 1324 0 14349 380d org/i915.ko 23936 29288 0 53224 cfe8 new/mga.ko 27280 29288 0 56568 dcf8 org/mga.ko Please apply. Signed-off-by: Denis Vlasenko Signed-off-by: Dave Airlie --- drivers/char/drm/drm_memory.c | 117 ++++++++++++++++++++++++++++++++++ drivers/char/drm/drm_memory.h | 116 +++------------------------------ 2 files changed, 127 insertions(+), 106 deletions(-) diff --git a/drivers/char/drm/drm_memory.c b/drivers/char/drm/drm_memory.c index dddf8de66143..7ea00e3372fd 100644 --- a/drivers/char/drm/drm_memory.c +++ b/drivers/char/drm/drm_memory.c @@ -80,6 +80,71 @@ void *drm_realloc(void *oldpt, size_t oldsize, size_t size, int area) } #if __OS_HAS_AGP +/* + * Find the drm_map that covers the range [offset, offset+size). + */ +drm_map_t *drm_lookup_map(unsigned long offset, + unsigned long size, drm_device_t * dev) +{ + struct list_head *list; + drm_map_list_t *r_list; + drm_map_t *map; + + list_for_each(list, &dev->maplist->head) { + r_list = (drm_map_list_t *) list; + map = r_list->map; + if (!map) + continue; + if (map->offset <= offset + && (offset + size) <= (map->offset + map->size)) + return map; + } + return NULL; +} + +void *agp_remap(unsigned long offset, unsigned long size, + drm_device_t * dev) +{ + unsigned long *phys_addr_map, i, num_pages = + PAGE_ALIGN(size) / PAGE_SIZE; + struct drm_agp_mem *agpmem; + struct page **page_map; + void *addr; + + size = PAGE_ALIGN(size); + +#ifdef __alpha__ + offset -= dev->hose->mem_space->start; +#endif + + for (agpmem = dev->agp->memory; agpmem; agpmem = agpmem->next) + if (agpmem->bound <= offset + && (agpmem->bound + (agpmem->pages << PAGE_SHIFT)) >= + (offset + size)) + break; + if (!agpmem) + return NULL; + + /* + * OK, we're mapping AGP space on a chipset/platform on which memory accesses by + * the CPU do not get remapped by the GART. We fix this by using the kernel's + * page-table instead (that's probably faster anyhow...). + */ + /* note: use vmalloc() because num_pages could be large... */ + page_map = vmalloc(num_pages * sizeof(struct page *)); + if (!page_map) + return NULL; + + phys_addr_map = + agpmem->memory->memory + (offset - agpmem->bound) / PAGE_SIZE; + for (i = 0; i < num_pages; ++i) + page_map[i] = pfn_to_page(phys_addr_map[i] >> PAGE_SHIFT); + addr = vmap(page_map, num_pages, VM_IOREMAP, PAGE_AGP); + vfree(page_map); + + return addr; +} + /** Wrapper around agp_allocate_memory() */ DRM_AGP_MEM *drm_alloc_agp(drm_device_t * dev, int pages, u32 type) { @@ -104,4 +169,56 @@ int drm_unbind_agp(DRM_AGP_MEM * handle) return drm_agp_unbind_memory(handle); } #endif /* agp */ + +void *drm_ioremap(unsigned long offset, unsigned long size, + drm_device_t * dev) +{ + if (drm_core_has_AGP(dev) && dev->agp && dev->agp->cant_use_aperture) { + drm_map_t *map = drm_lookup_map(offset, size, dev); + + if (map && map->type == _DRM_AGP) + return agp_remap(offset, size, dev); + } + return ioremap(offset, size); +} +EXPORT_SYMBOL(drm_ioremap); + +void *drm_ioremap_nocache(unsigned long offset, + unsigned long size, drm_device_t * dev) +{ + if (drm_core_has_AGP(dev) && dev->agp && dev->agp->cant_use_aperture) { + drm_map_t *map = drm_lookup_map(offset, size, dev); + + if (map && map->type == _DRM_AGP) + return agp_remap(offset, size, dev); + } + return ioremap_nocache(offset, size); +} + +void drm_ioremapfree(void *pt, unsigned long size, + drm_device_t * dev) +{ + /* + * This is a bit ugly. It would be much cleaner if the DRM API would use separate + * routines for handling mappings in the AGP space. Hopefully this can be done in + * a future revision of the interface... + */ + if (drm_core_has_AGP(dev) && dev->agp && dev->agp->cant_use_aperture + && ((unsigned long)pt >= VMALLOC_START + && (unsigned long)pt < VMALLOC_END)) { + unsigned long offset; + drm_map_t *map; + + offset = drm_follow_page(pt) | ((unsigned long)pt & ~PAGE_MASK); + map = drm_lookup_map(offset, size, dev); + if (map && map->type == _DRM_AGP) { + vunmap(pt); + return; + } + } + + iounmap(pt); +} +EXPORT_SYMBOL(drm_ioremapfree); + #endif /* debug_memory */ diff --git a/drivers/char/drm/drm_memory.h b/drivers/char/drm/drm_memory.h index 3732a61c3762..645a08878e55 100644 --- a/drivers/char/drm/drm_memory.h +++ b/drivers/char/drm/drm_memory.h @@ -60,67 +60,11 @@ /* * Find the drm_map that covers the range [offset, offset+size). */ -static inline drm_map_t *drm_lookup_map(unsigned long offset, - unsigned long size, drm_device_t * dev) -{ - struct list_head *list; - drm_map_list_t *r_list; - drm_map_t *map; +drm_map_t *drm_lookup_map(unsigned long offset, + unsigned long size, drm_device_t * dev); - list_for_each(list, &dev->maplist->head) { - r_list = (drm_map_list_t *) list; - map = r_list->map; - if (!map) - continue; - if (map->offset <= offset - && (offset + size) <= (map->offset + map->size)) - return map; - } - return NULL; -} - -static inline void *agp_remap(unsigned long offset, unsigned long size, - drm_device_t * dev) -{ - unsigned long *phys_addr_map, i, num_pages = - PAGE_ALIGN(size) / PAGE_SIZE; - struct drm_agp_mem *agpmem; - struct page **page_map; - void *addr; - - size = PAGE_ALIGN(size); - -#ifdef __alpha__ - offset -= dev->hose->mem_space->start; -#endif - - for (agpmem = dev->agp->memory; agpmem; agpmem = agpmem->next) - if (agpmem->bound <= offset - && (agpmem->bound + (agpmem->pages << PAGE_SHIFT)) >= - (offset + size)) - break; - if (!agpmem) - return NULL; - - /* - * OK, we're mapping AGP space on a chipset/platform on which memory accesses by - * the CPU do not get remapped by the GART. We fix this by using the kernel's - * page-table instead (that's probably faster anyhow...). - */ - /* note: use vmalloc() because num_pages could be large... */ - page_map = vmalloc(num_pages * sizeof(struct page *)); - if (!page_map) - return NULL; - - phys_addr_map = - agpmem->memory->memory + (offset - agpmem->bound) / PAGE_SIZE; - for (i = 0; i < num_pages; ++i) - page_map[i] = pfn_to_page(phys_addr_map[i] >> PAGE_SHIFT); - addr = vmap(page_map, num_pages, VM_IOREMAP, PAGE_AGP); - vfree(page_map); - - return addr; -} +void *agp_remap(unsigned long offset, unsigned long size, + drm_device_t * dev); static inline unsigned long drm_follow_page(void *vaddr) { @@ -152,51 +96,11 @@ static inline unsigned long drm_follow_page(void *vaddr) #endif -static inline void *drm_ioremap(unsigned long offset, unsigned long size, - drm_device_t * dev) -{ - if (drm_core_has_AGP(dev) && dev->agp && dev->agp->cant_use_aperture) { - drm_map_t *map = drm_lookup_map(offset, size, dev); +void *drm_ioremap(unsigned long offset, unsigned long size, + drm_device_t * dev); - if (map && map->type == _DRM_AGP) - return agp_remap(offset, size, dev); - } - return ioremap(offset, size); -} +void *drm_ioremap_nocache(unsigned long offset, + unsigned long size, drm_device_t * dev); -static inline void *drm_ioremap_nocache(unsigned long offset, - unsigned long size, drm_device_t * dev) -{ - if (drm_core_has_AGP(dev) && dev->agp && dev->agp->cant_use_aperture) { - drm_map_t *map = drm_lookup_map(offset, size, dev); - - if (map && map->type == _DRM_AGP) - return agp_remap(offset, size, dev); - } - return ioremap_nocache(offset, size); -} - -static inline void drm_ioremapfree(void *pt, unsigned long size, - drm_device_t * dev) -{ - /* - * This is a bit ugly. It would be much cleaner if the DRM API would use separate - * routines for handling mappings in the AGP space. Hopefully this can be done in - * a future revision of the interface... - */ - if (drm_core_has_AGP(dev) && dev->agp && dev->agp->cant_use_aperture - && ((unsigned long)pt >= VMALLOC_START - && (unsigned long)pt < VMALLOC_END)) { - unsigned long offset; - drm_map_t *map; - - offset = drm_follow_page(pt) | ((unsigned long)pt & ~PAGE_MASK); - map = drm_lookup_map(offset, size, dev); - if (map && map->type == _DRM_AGP) { - vunmap(pt); - return; - } - } - - iounmap(pt); -} +void drm_ioremapfree(void *pt, unsigned long size, + drm_device_t * dev); From 031de96af0e7ed6ad4a7ec2b74a77bf9782f966e Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Mon, 10 Apr 2006 23:18:27 -0700 Subject: [PATCH 5/6] drivers/char/drm/drm_memory.c: possible cleanups - #if 0 the following unused global function: - drm_ioremap_nocache() - make the following needlessly global functions static: - agp_remap() - drm_lookup_map() Signed-off-by: Adrian Bunk Cc: Dave Airlie Signed-off-by: Andrew Morton --- drivers/char/drm/drmP.h | 4 ++-- drivers/char/drm/drm_memory.c | 25 +++++++++++++++++++++---- drivers/char/drm/drm_memory.h | 24 ------------------------ drivers/char/drm/drm_memory_debug.h | 2 ++ 4 files changed, 25 insertions(+), 30 deletions(-) diff --git a/drivers/char/drm/drmP.h b/drivers/char/drm/drmP.h index edc72a6348a7..e1aadae00623 100644 --- a/drivers/char/drm/drmP.h +++ b/drivers/char/drm/drmP.h @@ -815,8 +815,6 @@ extern int drm_mem_info(char *buf, char **start, off_t offset, extern void *drm_realloc(void *oldpt, size_t oldsize, size_t size, int area); extern void *drm_ioremap(unsigned long offset, unsigned long size, drm_device_t * dev); -extern void *drm_ioremap_nocache(unsigned long offset, unsigned long size, - drm_device_t * dev); extern void drm_ioremapfree(void *pt, unsigned long size, drm_device_t * dev); extern DRM_AGP_MEM *drm_alloc_agp(drm_device_t * dev, int pages, u32 type); @@ -1022,11 +1020,13 @@ static __inline__ void drm_core_ioremap(struct drm_map *map, map->handle = drm_ioremap(map->offset, map->size, dev); } +#if 0 static __inline__ void drm_core_ioremap_nocache(struct drm_map *map, struct drm_device *dev) { map->handle = drm_ioremap_nocache(map->offset, map->size, dev); } +#endif /* 0 */ static __inline__ void drm_core_ioremapfree(struct drm_map *map, struct drm_device *dev) diff --git a/drivers/char/drm/drm_memory.c b/drivers/char/drm/drm_memory.c index 7ea00e3372fd..7e3318e1d1c6 100644 --- a/drivers/char/drm/drm_memory.c +++ b/drivers/char/drm/drm_memory.c @@ -83,8 +83,8 @@ void *drm_realloc(void *oldpt, size_t oldsize, size_t size, int area) /* * Find the drm_map that covers the range [offset, offset+size). */ -drm_map_t *drm_lookup_map(unsigned long offset, - unsigned long size, drm_device_t * dev) +static drm_map_t *drm_lookup_map(unsigned long offset, + unsigned long size, drm_device_t * dev) { struct list_head *list; drm_map_list_t *r_list; @@ -102,8 +102,8 @@ drm_map_t *drm_lookup_map(unsigned long offset, return NULL; } -void *agp_remap(unsigned long offset, unsigned long size, - drm_device_t * dev) +static void *agp_remap(unsigned long offset, unsigned long size, + drm_device_t * dev) { unsigned long *phys_addr_map, i, num_pages = PAGE_ALIGN(size) / PAGE_SIZE; @@ -168,6 +168,21 @@ int drm_unbind_agp(DRM_AGP_MEM * handle) { return drm_agp_unbind_memory(handle); } + +#else /* __OS_HAS_AGP */ + +static inline drm_map_t *drm_lookup_map(unsigned long offset, + unsigned long size, drm_device_t * dev) +{ + return NULL; +} + +static inline void *agp_remap(unsigned long offset, unsigned long size, + drm_device_t * dev) +{ + return NULL; +} + #endif /* agp */ void *drm_ioremap(unsigned long offset, unsigned long size, @@ -183,6 +198,7 @@ void *drm_ioremap(unsigned long offset, unsigned long size, } EXPORT_SYMBOL(drm_ioremap); +#if 0 void *drm_ioremap_nocache(unsigned long offset, unsigned long size, drm_device_t * dev) { @@ -194,6 +210,7 @@ void *drm_ioremap_nocache(unsigned long offset, } return ioremap_nocache(offset, size); } +#endif /* 0 */ void drm_ioremapfree(void *pt, unsigned long size, drm_device_t * dev) diff --git a/drivers/char/drm/drm_memory.h b/drivers/char/drm/drm_memory.h index 645a08878e55..714d9aedcff5 100644 --- a/drivers/char/drm/drm_memory.h +++ b/drivers/char/drm/drm_memory.h @@ -57,15 +57,6 @@ # endif #endif -/* - * Find the drm_map that covers the range [offset, offset+size). - */ -drm_map_t *drm_lookup_map(unsigned long offset, - unsigned long size, drm_device_t * dev); - -void *agp_remap(unsigned long offset, unsigned long size, - drm_device_t * dev); - static inline unsigned long drm_follow_page(void *vaddr) { pgd_t *pgd = pgd_offset_k((unsigned long)vaddr); @@ -77,18 +68,6 @@ static inline unsigned long drm_follow_page(void *vaddr) #else /* __OS_HAS_AGP */ -static inline drm_map_t *drm_lookup_map(unsigned long offset, - unsigned long size, drm_device_t * dev) -{ - return NULL; -} - -static inline void *agp_remap(unsigned long offset, unsigned long size, - drm_device_t * dev) -{ - return NULL; -} - static inline unsigned long drm_follow_page(void *vaddr) { return 0; @@ -99,8 +78,5 @@ static inline unsigned long drm_follow_page(void *vaddr) void *drm_ioremap(unsigned long offset, unsigned long size, drm_device_t * dev); -void *drm_ioremap_nocache(unsigned long offset, - unsigned long size, drm_device_t * dev); - void drm_ioremapfree(void *pt, unsigned long size, drm_device_t * dev); diff --git a/drivers/char/drm/drm_memory_debug.h b/drivers/char/drm/drm_memory_debug.h index 7868341817da..6543b9a14c42 100644 --- a/drivers/char/drm/drm_memory_debug.h +++ b/drivers/char/drm/drm_memory_debug.h @@ -229,6 +229,7 @@ void *drm_ioremap (unsigned long offset, unsigned long size, return pt; } +#if 0 void *drm_ioremap_nocache (unsigned long offset, unsigned long size, drm_device_t * dev) { void *pt; @@ -251,6 +252,7 @@ void *drm_ioremap_nocache (unsigned long offset, unsigned long size, spin_unlock(&drm_mem_lock); return pt; } +#endif /* 0 */ void drm_ioremapfree (void *pt, unsigned long size, drm_device_t * dev) { int alloc_count; From d253258c80117c2afaa644554e613201992e4ee9 Mon Sep 17 00:00:00 2001 From: Jayachandran C Date: Mon, 10 Apr 2006 23:18:28 -0700 Subject: [PATCH 6/6] drm: Fix further issues in drivers/char/drm/via_irq.c Fix de-reference of 'dev_priv' before NULL check. Signed-off-by: Jayachandran C. Cc: Dave Airlie Signed-off-by: Andrew Morton --- drivers/char/drm/via_irq.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/char/drm/via_irq.c b/drivers/char/drm/via_irq.c index 1228fa55355b..c33d068cde19 100644 --- a/drivers/char/drm/via_irq.c +++ b/drivers/char/drm/via_irq.c @@ -196,7 +196,7 @@ via_driver_irq_wait(drm_device_t * dev, unsigned int irq, int force_sequence, { drm_via_private_t *dev_priv = (drm_via_private_t *) dev->dev_private; unsigned int cur_irq_sequence; - drm_via_irq_t *cur_irq = dev_priv->via_irqs; + drm_via_irq_t *cur_irq; int ret = 0; maskarray_t *masks; int real_irq; @@ -223,7 +223,7 @@ via_driver_irq_wait(drm_device_t * dev, unsigned int irq, int force_sequence, } masks = dev_priv->irq_masks; - cur_irq += real_irq; + cur_irq = dev_priv->via_irqs + real_irq; if (masks[real_irq][2] && !force_sequence) { DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * DRM_HZ, @@ -248,11 +248,12 @@ void via_driver_irq_preinstall(drm_device_t * dev) { drm_via_private_t *dev_priv = (drm_via_private_t *) dev->dev_private; u32 status; - drm_via_irq_t *cur_irq = dev_priv->via_irqs; + drm_via_irq_t *cur_irq; int i; DRM_DEBUG("driver_irq_preinstall: dev_priv: %p\n", dev_priv); if (dev_priv) { + cur_irq = dev_priv->via_irqs; dev_priv->irq_enable_mask = VIA_IRQ_VBLANK_ENABLE; dev_priv->irq_pending_mask = VIA_IRQ_VBLANK_PENDING;