* 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6: (41 commits)
of: remove undefined request_OF_resource & release_OF_resource
of/sparc: Remove sparc-local declaration of allnodes and devtree_lock
of: move definition of of_chosen into common code.
of: remove unused extern reference to devtree_lock
of: put default string compare and #a/s-cell values into common header
of/flattree: Don't assume HAVE_LMB
of: protect linux/of.h with CONFIG_OF
proc_devtree: fix THIS_MODULE without module.h
of: Remove old and misplaced function declarations
of/flattree: Make the kernel accept ePAPR style phandle information
of/flattree: endian-convert members of boot_param_header
of: assume big-endian properties, adding conversions where necessary
of: use __be32 for cell value accessors
of/flattree: use OF_ROOT_NODE_{SIZE,ADDR}_CELLS DEFAULT for fdt parsing
of/flattree: use callback to setup initrd from /chosen
proc_devtree: include linux/of.h
of: make set_node_proc_entry private to proc_devtree.c
of: include linux/proc_fs.h
of/flattree: merge early_init_dt_scan_memory() common code
of: add 'of_' prefix to machine_is_compatible()
...
This lets UMS userspace know the rv740 fix is in. For KMS we can
consider the kernel release to be the v2.0.0 release so we don't need the
bump there.
Signed-off-by: Dave Airlie <airlied@redhat.com>
If at IB free time fence wasn't emited that means the IB wasn't
scheduled because an error occured somewhere, thus we can free
then fence and mark the IB as free.
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This patch fixes occlusion queries and rendering errors
on rv740 boards. Hardcoding the backend map is not an optimal
solution, but a better fix is being worked on.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Just compare the i2c id since the i2c structs
may be slighly different.
Fixes fdo bug 26616.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
rs600 board lists DVI port as HDMI.
Fixes fdo bug 26605
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Previous code did associate fence to bo before the fence was emited
and it also didn't lock protected access to ttm sync_obj member.
Both of this flaw leads to possible race between different code
path. This patch fix this by associating fence only once the fence
is emitted and properly lock protect access to sync_obj member of
ttm.
Fix:
https://bugs.freedesktop.org/show_bug.cgi?id=26438
and likely similar others bugs
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
There is 3 different distinct states for an indirect buffer (IB) :
1- free with no fence
2- free with a fence
3- non free (fence doesn't matter)
Previous code mixed case 2 & 3 in a single one leading to possible
catastrophique failure. This patch rework the handling and properly
separate each case. So when you get ib we set the ib as non free and
fence status doesn't matter. Fence become active (ie has a meaning
for the ib code) once the ib is scheduled or free. This patch also
get rid of the alloc bitmap as it was overkill, we know go through
IB pool list like in a ring buffer as the oldest IB is the first
one the will be free.
Fix :
https://bugs.freedesktop.org/show_bug.cgi?id=26438
and likely other bugs.
V2 remove the scheduled list, it's useless now, fix free ib scanning
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
For usec delays use udelay instead of scheduling, this should
allow reclocking to happen faster. This also was the cause
of reported 33s delays at bootup on certain systems.
fixes: freedesktop.org bug 25506
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
In testing I've never seen it go past 1 retry anyways but better
safe than sorry.
Reported by Droste on irc.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Noticed on a DEC Alpha.
Start up into console mode caused 15 unaligned accesses, and starting X
caused another 48.
Signed-off-by: Matt Turner <mattst88@gmail.com>
CC: Jerome Glisse <jglisse@redhat.com>
CC: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
* 'drm-radeon-linus' of ../drm-next:
drm/radeon/kms: retry auxch on 0x20 timeout value.
drm/radeon: Skip dma copy test in benchmark if card doesn't have dma engine.
drm/radeon/kms: fix screen clearing before fbcon.
drm/radeon/kms: add quirk for VGA without DDC on rv730 XFX card.
drm/radeon/kms: don't crash if no DDC bus on VGA/DVI connector.
drm/radeon/kms: change Kconfig text to reflect the new option.
drm/radeon/kms: suspend and resume audio stuff
ATOM appears to return 0x20 which seems to mean some sort of timeout.
retry the transaction up to 10 times before failing, this
makes DP->VGA convertor we bought work at least a bit more predictably.
Signed-off-by: Dave Airlie <airlied@redhat.com>
radeon_copy_dma is only available for r200 or newer cards.
Call to radeon_copy_dma would result to NULL pointer
dereference if benchmarking asic without dma engine.
Signed-off-by: Pauli Nieminen <suokkos@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This memset_io was added to debug something way back and got
left behind, memset the fb to black so the borders don't be all white.
Signed-off-by: Dave Airlie <airlied@redhat.com>
machine is compatible is an OF-specific call. It should have
the of_ prefix to protect the global namespace.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Acked-by: Michal Simek <monstr@monstr.eu>
This is strange - like really really strange, twilight zone of strange.
VGA ports have DDC buses, but sometimes for some reasons the BIOS
says we don't and we oops - AMD mentioned bios bugs so we'll have
to add quirks.
reported on irc by nirbheek and
https://bugzilla.redhat.com/show_bug.cgi?id=554323
Signed-off-by: Dave Airlie <airlied@redhat.com>
Ingo pointed out that we really don't give the user enough warning to make
a decision here. So revise the Kconfig text with a better warning.
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Dave Airlie <airlied@redhat.com>
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/radeon/kms: fix r300 vram width calculations
drm/radeon/kms: rs400/480 MC setup is different than r300.
drm/radeon/kms: make initial state of load detect property correct.
drm/radeon/kms: disable HDMI audio for now on rv710/rv730
drm/radeon/kms: don't call suspend path before cleaning up GPU
drivers/gpu/drm/radeon/radeon_combios.c: fix warning
ati_pcigart: fix printk format warning
drm/r100/kms: Emit cache flush to the end of command buffer. (v2)
drm/radeon/kms: fix regression rendering issue on R6XX/R7XX
drm/radeon/kms: move blit initialization after we disabled VGA
Boot testing on my rs480 laptop found the MC idle never happened
on startup, a quick check with AMD found the idle bit is in a different
place on the rs4xx than r300.
Implement a new rs400 mc idle function to fix this.
Signed-off-by: Dave Airlie <airlied@redhat.com>
In suspend path we unmap the GART table while in cleaning up
path we will unbind buffer and thus try to write to unmapped
GART leading to oops. In order to avoid this we don't call the
suspend path in cleanup path. Cleanup path is clever enough
to desactive GPU like the suspend path is doing, thus this was
redondant.
Tested on: RV370, R420, RV515, RV570, RV610, RV770 (all PCIE)
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
drivers/gpu/drm/radeon/radeon_combios.c: In function 'radeon_combios_get_lvds_info':
drivers/gpu/drm/radeon/radeon_combios.c:893: warning: comparison is always false due to limited range of data type
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Cache flush is required in case CPU is accessing rendered data.
This fixes glean/readPixSanity test case and random rendering
errors in sauerbraten and warzone2100.
v2 Fix comment ordering in r100_fence_ring_emit and remove extra
defines added in first version.
Signed-off-by: Pauli Nieminen <suokkos@gmail.com>
Reviewed-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
It seems that some R6XX/R7XX silently ignore HDP flush when
programmed through ring, this patch addback an ioctl callback
to allow R6XX/R7XX hw to perform such flush through MMIO in
order to fix a regression. For more details see:
http://bugzilla.kernel.org/show_bug.cgi?id=15186
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
VGA might be overwritting VRAM and corrupt our blit shader leading
to corruption, it likely won't happen if you load fbcon right after
radeon. Thanks to Shawn Starr and Andre Maasikas for tracking down
this issue.
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/radeon/kms: Fix oops after radeon_cs_parser_init() failure.
drm/radeon/kms: move radeon KMS on/off switch out of staging.
drm/radeon/kms: Bailout of blit if error happen & protect with mutex V3
drm/vmwgfx: Don't send bad flags to the host
drm/vmwgfx: Request SVGA version 2 and bail if not found
drm/vmwgfx: Correctly detect 3D
drm/ttm: remove unnecessary save_flags and ttm_flag_masked in ttm_bo_util.c
drm/kms: Remove incorrect comment in struct drm_mode_modeinfo
drm/ttm: remove padding from ttm_ref_object on 64bit builds
drm/radeon/kms: release agp on error.
drm/kms/radeon/agp: Move the check of the aper_size after drm_acp_acquire and drm_agp_info
drm/kms/radeon/agp: Fix warning, format ‘%d’ expects type ‘int’, but argument 4 has type ‘size_t’
drm/ttm: Avoid conflicting reserve_memtype during ttm_tt_set_page_caching.
drm/kms/radeon: pick digitial encoders smarter. (v3)
drm/radeon/kms: use active device to pick connector for encoder
drm/radeon/kms: fix incorrect logic in DP vs eDP connector checking.
If radeon_cs_parser_init() fails, radeon_cs_ioctl() calls
radeon_cs_parser_fini() with the non-zero error value. The latter dereferenced
parser->ib which hasn't been initialized yet -> boom. Add a test for parser->ib
being non-NULL before dereferencing it.
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
If an error happen in r600_blit_prepare_copy report it rather
than WARNING and keeping execution. For instance if ib allocation
failed we did just warn about but then latter tried to access
NULL ib ptr causing oops. This patch also protect r600_copy_blit
with a mutex as otherwise one process might overwrite blit temporary
data with new one possibly leading to GPU lockup.
Should partialy or totaly fix:
https://bugzilla.redhat.com/show_bug.cgi?id=553279
V2 failing blit initialization is not fatal, fallback to memcpy when
this happen
V3 init blit before startup as we pin in startup, remove duplicate
code (this one was actualy tested unlike V2)
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
First call drm_agp_acquire to check if agp has been acquired.
Second call drm_agp_info to fill in the info data struct, including aper_size.
Finally do the check to see if the aper_size makes sense.
Signed-off-by: John Kacur <jkacur@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
- Fix warning by using %zu instead of %d for size_t
- Fix spelling mistake, "to" should be "too".
Signed-off-by: John Kacur <jkacur@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
booting a Lenovo W500 with LVDS + DP outputs showed up a TODO we had
on our list, to pick a correct digital encoder block. The LVTMA
encoder requires the second digital encoder, all others can use any
encoder at all.
This fixes the digital encoder selection logic to enable LVDS/DP combos
to work okay.
V2: fix silly addition of connector dig_block and cleanup the other
places in the code that pick the encoder.
V3: rename to dig_encoder and clean up further - also fix
the picking algorithm.
tested on Lenovo W500 + desktop 3650 cards.
Signed-off-by: Dave Airlie <airlied@redhat.com>
On the W500 we have UNIPHY routed to both DVI and DP, this seems
to always pick the DVI connector which means link training fails.
Switch to using active device to pick the connector, this seems
like it should be safe from a code review, and it fixes things
a bit more here.
Signed-off-by: Dave Airlie <airlied@redhat.com>
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: (95 commits)
drm/radeon/kms: preface warning printk with driver name
drm/radeon/kms: drop unnecessary printks.
drm: fix regression in fb blank handling
drm/radeon/kms: make hibernate work on IGPs
drm/vmwgfx: Optimize memory footprint for DMA buffers.
drm/ttm: Allow system memory as a busy placement.
drm/ttm: Fix race condition in ttm_bo_delayed_delete (v3, final)
drm/nv50: prevent switching off SOR when in use for DVI-over-DP
drm/nv50: fail auxch transaction if reply count not what we expect
drm/nouveau: fix failure path if userspace specifies no valid memtypes
drm/nouveau: report LVDS as disconnected if lid closed
drm/radeon/kms: fix legacy get_engine/memory clock
drm/radeon/kms/atom: atom parser fixes
drm/radeon/kms: clean up atombios pll code
drm/radeon/kms: clean up pll struct
drm/radeon/kms/atom: fix crtc lock ordering
drm/radeon: r6xx/r7xx possible security issue, system ram access
drm/radeon/kms: r600/r700 don't test ib if ib initialization fails
drm/radeon/kms: Forbid creation of framebuffer with no valid GEM object
drm/radeon/kms: r600 handle irq vector ring overflow
...
This is the least invasive fix without migrating the radeon driver
to pm_ops from what I can see. We just always migrate VRAM objects
on IGPs for now and we can fix it up later to migrate depending
on STR vs STD.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Fix a bad shift in the post div.
Should fix fdo bug 26145
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Only reset the reg block on the initial execute
table call; nested calls require the reg block not be
reset on each call. Also reset the fb window and
io mode. This matches the upstream parser behavior.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
- split pll adjust into a separate function
- use a union for SetPixelClock params
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
- add a new flag for fixed post div
- pull the pll flags into the struct
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This patch workaround a possible security issue which can allow
user to abuse drm on r6xx/r7xx hw to access any system ram memory.
This patch doesn't break userspace, it detect "valid" old use of
CB_COLOR[0-7]_FRAG & CB_COLOR[0-7]_TILE registers and overwritte
the address these registers are pointing to with the one of the
last color buffer. This workaround will work for old mesa &
xf86-video-ati and any old user which did use similar register
programming pattern as those (we expect that there is no others
user of those ioctl except possibly a malicious one). This patch
add a warning if it detects such usage, warning encourage people
to update their mesa & xf86-video-ati. New userspace will submit
proper relocation.
Fix for xf86-video-ati / mesa (this kernel patch is enough to
prevent abuse, fix for userspace are to set proper cs stream and
avoid kernel warning) :
http://cgit.freedesktop.org/xorg/driver/xf86-video-ati/commit/?id=95d63e408cc88b6934bec84a0b1ef94dfe8bee7bhttp://cgit.freedesktop.org/mesa/mesa/commit/?id=46dc6fd3ed5ef96cda53641a97bc68c3bc104a9f
Abusing this register to perform system ram memory is not easy,
here is outline on how it could be achieve. First attacker must
have access to the drm device and be able to submit command stream
throught cs ioctl. Then attacker must build a proper command stream
for r6xx/r7xx hw which will abuse the FRAG or TILE buffer to
overwrite the GPU GART which is in VRAM. To achieve so attacker
as to setup CB_COLOR[0-7]_FRAG or CB_COLOR[0-7]_TILE to point
to the GPU GART, then it has to find a way to write predictable
value into those buffer (with little cleverness i believe this
can be done but this is an hard task). Once attacker have such
program it can overwritte GPU GART to program GPU gart to point
anywhere in system memory. It then can reusse same method as he
used to reprogram GART to overwritte the system ram through the
GART mapping. In the process the attacker has to be carefull to
not overwritte any sensitive area of the GART table, like ring
or IB gart entry as it will more then likely lead to GPU lockup.
Bottom line is that i think it's very hard to use this flaw
to get system ram access but in theory one can achieve so.
Side note: I am not aware of anyone ever using the GPU as an
attack vector, nevertheless we take great care in the opensource
driver to try to detect and forbid malicious use of GPU. I don't
think the closed source driver are as cautious as we are.
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
If ib initialization failed don't try to test ib as it will result
in an oops (accessing NULL ib buffer ptr).
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>