From 667a50db0477d47fdff01c666f5ee1ce26b5264c Mon Sep 17 00:00:00 2001 From: Thomas Hellstrom Date: Fri, 3 Jan 2014 11:17:18 +0100 Subject: [PATCH] drm/ttm: Refuse to fault (prime-) imported pages This is illegal for at least two reasons: 1) While it may work on some platforms / iommus, obtaining page pointers from mapped sg-lists is illegal, since the DMA API allows page pointer information to be destroyed in the sg mapping process. 2) TTM has no way of determining the linear kernel map caching state of the underlying pages. PTEs with conflicting caching state pointing to the same pfn is not allowed. TTM operations touching pages of imported sg-tables should be redirected through the proper dma-buf operations. Signed-off-by: Thomas Hellstrom Acked-by: Daniel Vetter --- drivers/gpu/drm/ttm/ttm_bo_vm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c index cdda784..12d7f53 100644 --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c @@ -132,6 +132,15 @@ static int ttm_bo_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) return VM_FAULT_NOPAGE; } + /* + * Refuse to fault imported pages. This should be handled + * (if at all) by redirecting mmap to the exporter. + */ + if (bo->ttm && (bo->ttm->page_flags & TTM_PAGE_FLAG_SG)) { + retval = VM_FAULT_SIGBUS; + goto out_unlock; + } + if (bdev->driver->fault_reserve_notify) { ret = bdev->driver->fault_reserve_notify(bo); switch (ret) { -- 2.7.4