drawobj_destroy_sync() tries to cancel all pending sync events
by taking local copy of pending list. In case of sync point timestamp
event, it goes ahead and accesses context's events list assuming that
event's context would be alive.
But at the same time, if the other context, which is of interest for
these sync point events, can be destroyed by cancelling all
events in its group.
This leads to use-after-free in drawobj_destroy_sync() path.
Fix is to give the responsibility of putting the context's ref count
to the thread which clears the pending mask.
Change-Id: I8d08ef6ddb38ca917f75088071c04727bced11d2
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
event->handle pointer can be used after free due to
the race condition between kgsl_sync_callback and
kgsl_sync_fence_async_cancel.
Protect the event->handle with a spinlock to
avoid concurrent access issues.
Change-Id: I3719e401af9ece82ac68b72f2aef784c7fdc1104
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
We should have a corresponding syncpoint_fence trace
for every syncpoint_fence_expire trace. In case the
fence is already signaled then make sure to have
syncpoint_fence trace before syncpoint_fence_expire
trace.
Also take an extra refcount for fence which will make
sure that the fence pointer is valid in the trace even
if the fence is signaled.
Change-Id: I2fd8f91c800f89a4a64813a6908eaa0445cf548b
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
kgsl_ioctl_gpu_sparse_command() is added to for user to
specify list of binds/unbinds for a memory entry
and syncpoints they depend on. If user specifies both
create a sync object for syncpoints and bind object for
binds/unbinds and add them to dispatcher draw queue. Sync
object should be inserted before the bind object in the
draw queue. Once the bind object reaches the head of
draw queue the corresponding binds/unbinds are performed.
kgsl_ioctl_gpu_sparse_command() only accepts commands from
context created with flag KGSL_CONTEXT_SPARSE, commands
from all other context types will return an error.
Change-Id: Ib0a2361f854ae01d0d8090cdd48cfa96308daf93
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
Currently dispatcher accepts kgsl_cmdbatch object. This object
is a superset of all the types of objects dispatcher accepts.
Split kgsl_cmdbatch object to SYNC and IB/MARKER objects and
structure the code to make it easier for new type of objects
to be added to the dispatcher queue.
CRs-Fixed: 1054354
Change-Id: I2d482d1081ce6fdb7925243c88ce00ea6b864efe
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
Rename all cmdbatch to drawobj. This forms a platform
for future changes where cmdbatch is split into different
types of drawobjs.
CRs-Fixed: 1054353
Change-Id: Ib84bee679e859db34e0d1f8a0ac70319eabddf53
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
2016-10-05 16:57:21 -07:00
Renamed from drivers/gpu/msm/kgsl_cmdbatch.c (Browse further)
