1 From 34b4470575bd300507847093497516f1adbc5020 Mon Sep 17 00:00:00 2001
2 From: Daniel Vetter <daniel.vetter@ffwll.ch>
3 Date: Fri, 23 Oct 2020 14:39:23 +0200
4 Subject: [PATCH] drm/atomic-helpers: remove legacy_cursor_update hacks
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 The stuff never really worked, and leads to lots of fun because it
10 out-of-order frees atomic states. Which upsets KASAN, among other
13 For async updates we now have a more solid solution with the
14 ->atomic_async_check and ->atomic_async_commit hooks. Support for that
15 for msm and vc4 landed. nouveau and i915 have their own commit
16 routines, doing something similar.
18 For everyone else it's probably better to remove the use-after-free
19 bug, and encourage folks to use the async support instead. The
20 affected drivers which register a legacy cursor plane and don't either
21 use the new async stuff or their own commit routine are: amdgpu,
22 atmel, mediatek, qxl, rockchip, sti, sun4i, tegra, virtio, and vmwgfx.
24 Inspired by an amdgpu bug report.
26 v2: Drop RFC, I think with amdgpu converted over to use
27 atomic_async_check/commit done in
29 commit 674e78acae0dfb4beb56132e41cbae5b60f7d662
30 Author: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
31 Date: Wed Dec 5 14:59:07 2018 -0500
33 drm/amd/display: Add fast path for cursor plane updates
35 we don't have any driver anymore where we have userspace expecting
36 solid legacy cursor support _and_ they are using the atomic helpers in
37 their fully glory. So we can retire this.
39 v3: Paper over msm and i915 regression. The complete_all is the only
42 v4: Rebased on recent kernel, added extra link for vc4 bug.
44 Link: https://bugzilla.kernel.org/show_bug.cgi?id=199425
45 Link: https://lore.kernel.org/all/20220221134155.125447-9-maxime@cerno.tech/
46 Cc: mikita.lipski@amd.com
47 Cc: Michel Dänzer <michel@daenzer.net>
48 Cc: harry.wentland@amd.com
49 Cc: Rob Clark <robdclark@gmail.com>
50 Cc: "Kazlauskas, Nicholas" <nicholas.kazlauskas@amd.com>
51 Tested-by: Maxime Ripard <maxime@cerno.tech>
52 Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
53 Signed-off-by: Maxime Ripard <maxime@cerno.tech>
55 drivers/gpu/drm/drm_atomic_helper.c | 13 -------------
56 drivers/gpu/drm/i915/display/intel_display.c | 13 +++++++++++++
57 drivers/gpu/drm/msm/msm_atomic.c | 2 ++
58 3 files changed, 15 insertions(+), 13 deletions(-)
60 --- a/drivers/gpu/drm/drm_atomic_helper.c
61 +++ b/drivers/gpu/drm/drm_atomic_helper.c
62 @@ -1608,13 +1608,6 @@ drm_atomic_helper_wait_for_vblanks(struc
64 unsigned int crtc_mask = 0;
67 - * Legacy cursor ioctls are completely unsynced, and userspace
68 - * relies on that (by doing tons of cursor updates).
70 - if (old_state->legacy_cursor_update)
73 for_each_oldnew_crtc_in_state(old_state, crtc, old_crtc_state, new_crtc_state, i) {
74 if (!new_crtc_state->active)
76 @@ -2264,12 +2257,6 @@ int drm_atomic_helper_setup_commit(struc
77 complete_all(&commit->flip_done);
81 - /* Legacy cursor updates are fully unsynced. */
82 - if (state->legacy_cursor_update) {
83 - complete_all(&commit->flip_done);
87 if (!new_crtc_state->event) {
88 commit->event = kzalloc(sizeof(*commit->event),
89 --- a/drivers/gpu/drm/i915/display/intel_display.c
90 +++ b/drivers/gpu/drm/i915/display/intel_display.c
91 @@ -7766,6 +7766,19 @@ static int intel_atomic_commit(struct dr
92 state->base.legacy_cursor_update = false;
96 + * FIXME: Cut over to (async) commit helpers instead of hand-rolling
99 + if (state->base.legacy_cursor_update) {
100 + struct intel_crtc_state *new_crtc_state;
101 + struct intel_crtc *crtc;
104 + for_each_new_intel_crtc_in_state(state, crtc, new_crtc_state, i)
105 + complete_all(&new_crtc_state->uapi.commit->flip_done);
108 ret = intel_atomic_prepare_commit(state);
110 drm_dbg_atomic(&dev_priv->drm,
111 --- a/drivers/gpu/drm/msm/msm_atomic.c
112 +++ b/drivers/gpu/drm/msm/msm_atomic.c
113 @@ -222,6 +222,8 @@ void msm_atomic_commit_tail(struct drm_a
114 /* async updates are limited to single-crtc updates: */
115 WARN_ON(crtc_mask != drm_crtc_mask(async_crtc));
117 + complete_all(&async_crtc->state->commit->flip_done);
120 * Start timer if we don't already have an update pending