tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

drm/syncobj: handle NULL fence in syncobj_eventfd_entry_func

During syncobj_eventfd_entry_func, dma_fence_chain_find_seqno may set
the fence to NULL if the given seqno is signaled and a later seqno has
already been submitted. In that case, the eventfd should be signaled
immediately which currently does not happen.

This is a similar issue to the one addressed by commit b19926d4f3a6
("drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.").

As a fix, if the return value of dma_fence_chain_find_seqno indicates
success but it sets the fence to NULL, we will assign a stub fence to
ensure the following code still signals the eventfd.

v1 -> v2: assign a stub fence instead of signaling the eventfd

Signed-off-by: Erik Kurzinger <ekurzinger@nvidia.com>
Fixes: c7a472297169 ("drm/syncobj: add IOCTL to register an eventfd")
Signed-off-by: Simon Ser <contact@emersion.fr>
Link: https://patchwork.freedesktop.org/patch/msgid/20240221184527.37667-1-ekurzinger@nvidia.com

authored by

Erik Kurzinger and committed by
Simon Ser 2aa6f5b0 3c43177f

+12 -1
+12 -1
drivers/gpu/drm/drm_syncobj.c
··· 1418 1418 1419 1419 /* This happens inside the syncobj lock */ 1420 1420 fence = dma_fence_get(rcu_dereference_protected(syncobj->fence, 1)); 1421 + if (!fence) 1422 + return; 1423 + 1421 1424 ret = dma_fence_chain_find_seqno(&fence, entry->point); 1422 - if (ret != 0 || !fence) { 1425 + if (ret != 0) { 1426 + /* The given seqno has not been submitted yet. */ 1423 1427 dma_fence_put(fence); 1424 1428 return; 1429 + } else if (!fence) { 1430 + /* If dma_fence_chain_find_seqno returns 0 but sets the fence 1431 + * to NULL, it implies that the given seqno is signaled and a 1432 + * later seqno has already been submitted. Assign a stub fence 1433 + * so that the eventfd still gets signaled below. 1434 + */ 1435 + fence = dma_fence_get_stub(); 1425 1436 } 1426 1437 1427 1438 list_del_init(&entry->node);