drm/tegra: Protect IOMMU operations by mutex

IOMMU support is currently not thread-safe, which can cause crashes,
amongst other things, under certain workloads.

Signed-off-by: Thierry Reding <treding@nvidia.com>

diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
index ef215fe..90041d5 100644 (file)
--- a/drivers/gpu/drm/tegra/drm.c
+++ b/drivers/gpu/drm/tegra/drm.c
@@ -142,6 +142,7 @@ static int tegra_drm_load(struct drm_device *drm, unsigned long flags)
                DRM_DEBUG_DRIVER("IOMMU aperture initialized (%#llx-%#llx)\n",
                                 start, end);
                drm_mm_init(&tegra->mm, start, end - start + 1);
+               mutex_init(&tegra->mm_lock);
        }
 
        mutex_init(&tegra->clients_lock);
@@ -208,6 +209,7 @@ config:
        if (tegra->domain) {
                iommu_domain_free(tegra->domain);
                drm_mm_takedown(&tegra->mm);
+               mutex_destroy(&tegra->mm_lock);
        }
 free:
        kfree(tegra);
@@ -232,6 +234,7 @@ static void tegra_drm_unload(struct drm_device *drm)
        if (tegra->domain) {
                iommu_domain_free(tegra->domain);
                drm_mm_takedown(&tegra->mm);
+               mutex_destroy(&tegra->mm_lock);
        }
 
        kfree(tegra);
@@ -878,7 +881,9 @@ static int tegra_debugfs_iova(struct seq_file *s, void *data)
        struct tegra_drm *tegra = drm->dev_private;
        struct drm_printer p = drm_seq_file_printer(s);
 
+       mutex_lock(&tegra->mm_lock);
        drm_mm_print(&tegra->mm, &p);
+       mutex_unlock(&tegra->mm_lock);
 
        return 0;
 }

diff --git a/drivers/gpu/drm/tegra/drm.h b/drivers/gpu/drm/tegra/drm.h
index 5205790..d168bea 100644 (file)
--- a/drivers/gpu/drm/tegra/drm.h
+++ b/drivers/gpu/drm/tegra/drm.h
@@ -42,6 +42,7 @@ struct tegra_drm {
        struct drm_device *drm;
 
        struct iommu_domain *domain;
+       struct mutex mm_lock;
        struct drm_mm mm;
 
        struct mutex clients_lock;

diff --git a/drivers/gpu/drm/tegra/gem.c b/drivers/gpu/drm/tegra/gem.c
index 17e62ec..050ba78 100644 (file)
--- a/drivers/gpu/drm/tegra/gem.c
+++ b/drivers/gpu/drm/tegra/gem.c
@@ -128,12 +128,14 @@ static int tegra_bo_iommu_map(struct tegra_drm *tegra, struct tegra_bo *bo)
        if (!bo->mm)
                return -ENOMEM;
 
+       mutex_lock(&tegra->mm_lock);
+
        err = drm_mm_insert_node_generic(&tegra->mm,
                                         bo->mm, bo->gem.size, PAGE_SIZE, 0, 0);
        if (err < 0) {
                dev_err(tegra->drm->dev, "out of I/O virtual memory: %zd\n",
                        err);
-               goto free;
+               goto unlock;
        }
 
        bo->paddr = bo->mm->start;
@@ -147,11 +149,14 @@ static int tegra_bo_iommu_map(struct tegra_drm *tegra, struct tegra_bo *bo)
 
        bo->size = err;
 
+       mutex_unlock(&tegra->mm_lock);
+
        return 0;
 
 remove:
        drm_mm_remove_node(bo->mm);
-free:
+unlock:
+       mutex_unlock(&tegra->mm_lock);
        kfree(bo->mm);
        return err;
 }
@@ -161,8 +166,11 @@ static int tegra_bo_iommu_unmap(struct tegra_drm *tegra, struct tegra_bo *bo)
        if (!bo->mm)
                return 0;
 
+       mutex_lock(&tegra->mm_lock);
        iommu_unmap(tegra->domain, bo->paddr, bo->size);
        drm_mm_remove_node(bo->mm);
+       mutex_unlock(&tegra->mm_lock);
+
        kfree(bo->mm);
 
        return 0;