drm/gem: Fix mmap fake offset handling for drm_gem_object_funcs.mmap

Commit c40069cb7bd6 ("drm: add mmap() to drm_gem_object_funcs")
introduced a GEM object mmap() hook which is expected to subtract the
fake offset from vm_pgoff. However, for mmap() on dmabufs, there is not
a fake offset.

To fix this, let's always call mmap() object callback with an offset of 0,
and leave it up to drm_gem_mmap_obj() to remove the fake offset.

TTM still needs the fake offset, so we have to add it back until that's
fixed.

Fixes: c40069cb7bd6 ("drm: add mmap() to drm_gem_object_funcs")
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Rob Herring <robh@kernel.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20191024191859.31700-1-robh@kernel.org

diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
index 56f42e0f25847e9ef5bdf3b539af24e69ab61630..2f2b889096b07699cdaa8d8179239bb4c9ea9189 100644 (file)
--- a/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -1106,6 +1106,9 @@ int drm_gem_mmap_obj(struct drm_gem_object *obj, unsigned long obj_size,
                return -EINVAL;
 
        if (obj->funcs && obj->funcs->mmap) {
+               /* Remove the fake offset */
+               vma->vm_pgoff -= drm_vma_node_start(&obj->vma_node);
+
                ret = obj->funcs->mmap(obj, vma);
                if (ret)
                        return ret;

diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
index 3bc69b1ffa7dc5554197b99e4b84c99844cb1673..0810d3ef6961ccb59f111bc74f692cab0d7bc87b 100644 (file)
--- a/drivers/gpu/drm/drm_gem_shmem_helper.c
+++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
@@ -541,9 +541,6 @@ int drm_gem_shmem_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
        vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot);
        vma->vm_ops = &drm_gem_shmem_vm_ops;
 
-       /* Remove the fake offset */
-       vma->vm_pgoff -= drm_vma_node_start(&shmem->base.vma_node);
-
        return 0;
 }
 EXPORT_SYMBOL_GPL(drm_gem_shmem_mmap);

diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index f4dd09b71a3fbda236f8913155f095c4c3b50a8b..4b34a278d65b8477fd0287d29d03a88ed8834bf6 100644 (file)
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -480,6 +480,13 @@ EXPORT_SYMBOL(ttm_bo_mmap);
 int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
 {
        ttm_bo_get(bo);
+
+       /*
+        * FIXME: &drm_gem_object_funcs.mmap is called with the fake offset
+        * removed. Add it back here until the rest of TTM works without it.
+        */
+       vma->vm_pgoff += drm_vma_node_start(&bo->base.vma_node);
+
        ttm_bo_mmap_vma_setup(bo, vma);
        return 0;
 }

diff --git a/include/drm/drm_gem.h b/include/drm/drm_gem.h
index e71f75a2ab57feb6dd382ad0792a2bd8200cdb38..97a48165642c1e5191902a32e84ba5e93d90f8f5 100644 (file)
--- a/include/drm/drm_gem.h
+++ b/include/drm/drm_gem.h
@@ -159,8 +159,9 @@ struct drm_gem_object_funcs {
         *
         * The callback is used by by both drm_gem_mmap_obj() and
         * drm_gem_prime_mmap().  When @mmap is present @vm_ops is not
-        * used, the @mmap callback must set vma->vm_ops instead.
-        *
+        * used, the @mmap callback must set vma->vm_ops instead. The @mmap
+        * callback is always called with a 0 offset. The caller will remove
+        * the fake offset as necessary.
         */
        int (*mmap)(struct drm_gem_object *obj, struct vm_area_struct *vma);