drm/qxl: handle NULL bo->resource in move callback

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The ttm bo now initially has NULL bo->resource, and leaves the driver
the handle that. However it looks like we forgot to handle that for qxl.
It looks like this will just null-ptr-deref in qxl_bo_move(), if
bo->resource is NULL.

Fix this by calling move_null() if the new resource is TTM_PL_SYSTEM,
otherwise do the multi-hop sequence to ensure can safely call into
ttm_bo_move_memcpy(), since it might also need to clear the memory.
This should give the same behaviour as before.

Fixes: 180253782038 ("drm/ttm: stop allocating dummy resources during BO creation")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230208145319.397235-2-matthew.auld@intel.com
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>

authored by

Matthew Auld and committed by

Christian König 3 years ago b129ff30 c604d319

+11

1 changed file

expand all

drivers

gpu

drm

qxl

qxl_ttm.c

+11

drivers/gpu/drm/qxl/qxl_ttm.c

··· 143 143 struct ttm_resource *old_mem = bo->resource; 144 144 int ret; 145 145 146 + if (!old_mem) { 147 + if (new_mem->mem_type != TTM_PL_SYSTEM) { 148 + hop->mem_type = TTM_PL_SYSTEM; 149 + hop->flags = TTM_PL_FLAG_TEMPORARY; 150 + return -EMULTIHOP; 151 + } 152 + 153 + ttm_bo_move_null(bo, new_mem); 154 + return 0; 155 + } 156 + 146 157 qxl_bo_move_notify(bo, new_mem); 147 158 148 159 ret = ttm_bo_wait_ctx(bo, ctx);