drivers/gpu/drm/panthor/panthor_mmu.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
This commit address a kernel panic issue that can happen if Userspace
tries to partially unmap a GPU virtual region (aka drm_gpuva).
The VM_BIND interface allows partial unmapping of a BO.
Panthor driver pre-allocates memory for the new drm_gpuva structures
that would be needed for the map/unmap operation, done using drm_gpuvm
layer. It expected that only one new drm_gpuva would be needed on umap
but a partial unmap can require 2 new drm_gpuva and that's why it
ended up doing a NULL pointer dereference causing a kernel panic.
Following dump was seen when partial unmap was exercised.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000078
Mem abort info:
ESR = 0x0000000096000046
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000
CM = 0, WnR = 1, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000088a863000
[000000000000078] pgd=080000088a842003, p4d=080000088a842003, pud=0800000884bf5003, pmd=0000000000000000
Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP
<snip>
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]
lr : panthor_gpuva_sm_step_remap+0x6c/0x330 [panthor]
sp : ffff800085d43970
x29: ffff800085d43970 x28: ffff00080363e440 x27: ffff0008090c6000
x26: 0000000000000030 x25: ffff800085d439f8 x24: ffff00080d402000
x23: ffff800085d43b60 x22: ffff800085d439e0 x21: ffff00080abdb180
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000010
x17: 6e656c202c303030 x16: 3666666666646466 x15: 393d61766f69202c
x14: 312d3d7361203a70 x13: 303030323d6e656c x12: ffff80008324bf58
x11: 0000000000000003 x10: 0000000000000002 x9 : ffff8000801a6a9c
x8 : ffff00080360b300 x7 : 0000000000000000 x6 : 000000088aa35fc7
x5 : fff1000080000000 x4 : ffff8000842ddd30 x3 : 0000000000000001
x2 : 0000000100000000 x1 : 0000000000000001 x0 : 0000000000000078
Call trace:
panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]
op_remap_cb.isra.22+0x50/0x80
__drm_gpuvm_sm_unmap+0x10c/0x1c8
drm_gpuvm_sm_unmap+0x40/0x60
panthor_vm_exec_op+0xb4/0x3d0 [panthor]
panthor_vm_bind_exec_sync_op+0x154/0x278 [panthor]
panthor_ioctl_vm_bind+0x160/0x4a0 [panthor]
drm_ioctl_kernel+0xbc/0x138
drm_ioctl+0x240/0x500
__arm64_sys_ioctl+0xb0/0xf8
invoke_syscall+0x4c/0x110
el0_svc_common.constprop.1+0x98/0xf8
do_el0_svc+0x24/0x38
el0_svc+0x40/0xf8
el0t_64_sync_handler+0xa0/0xc8
el0t_64_sync+0x174/0x178
Signed-off-by: Akash Goel <akash.goel@arm.com>
---
drivers/gpu/drm/panthor/panthor_mmu.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c
index 6dec4354e378..7870e7dbaa5d 100644
--- a/drivers/gpu/drm/panthor/panthor_mmu.c
+++ b/drivers/gpu/drm/panthor/panthor_mmu.c
@@ -1175,10 +1175,14 @@ panthor_vm_op_ctx_prealloc_vmas(struct panthor_vm_op_ctx *op_ctx)
break;
case DRM_PANTHOR_VM_BIND_OP_TYPE_UNMAP:
- /* Partial unmaps might trigger a remap with either a prev or a next VA,
- * but not both.
+ /* Two VMAs can be needed for an unmap, as an unmap can happen
+ * in the middle of a drm_gpuva, requiring a remap with both
+ * prev & next VA. Or an unmap can span more than one drm_gpuva
+ * where the first and last ones are covered partially, requring
+ * a remap for the first with a prev VA and remap for the last
+ * with a next VA.
*/
- vma_count = 1;
+ vma_count = 2;
break;
default:
--
2.25.1On 17/10/2025 11:29, Akash Goel wrote:
> This commit address a kernel panic issue that can happen if Userspace
> tries to partially unmap a GPU virtual region (aka drm_gpuva).
> The VM_BIND interface allows partial unmapping of a BO.
>
> Panthor driver pre-allocates memory for the new drm_gpuva structures
> that would be needed for the map/unmap operation, done using drm_gpuvm
> layer. It expected that only one new drm_gpuva would be needed on umap
> but a partial unmap can require 2 new drm_gpuva and that's why it
> ended up doing a NULL pointer dereference causing a kernel panic.
>
> Following dump was seen when partial unmap was exercised.
> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000078
> Mem abort info:
> ESR = 0x0000000096000046
> EC = 0x25: DABT (current EL), IL = 32 bits
> SET = 0, FnV = 0
> EA = 0, S1PTW = 0
> FSC = 0x06: level 2 translation fault
> Data abort info:
> ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000
> CM = 0, WnR = 1, TnD = 0, TagAccess = 0
> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> user pgtable: 4k pages, 48-bit VAs, pgdp=000000088a863000
> [000000000000078] pgd=080000088a842003, p4d=080000088a842003, pud=0800000884bf5003, pmd=0000000000000000
> Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP
> <snip>
> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]
> lr : panthor_gpuva_sm_step_remap+0x6c/0x330 [panthor]
> sp : ffff800085d43970
> x29: ffff800085d43970 x28: ffff00080363e440 x27: ffff0008090c6000
> x26: 0000000000000030 x25: ffff800085d439f8 x24: ffff00080d402000
> x23: ffff800085d43b60 x22: ffff800085d439e0 x21: ffff00080abdb180
> x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000010
> x17: 6e656c202c303030 x16: 3666666666646466 x15: 393d61766f69202c
> x14: 312d3d7361203a70 x13: 303030323d6e656c x12: ffff80008324bf58
> x11: 0000000000000003 x10: 0000000000000002 x9 : ffff8000801a6a9c
> x8 : ffff00080360b300 x7 : 0000000000000000 x6 : 000000088aa35fc7
> x5 : fff1000080000000 x4 : ffff8000842ddd30 x3 : 0000000000000001
> x2 : 0000000100000000 x1 : 0000000000000001 x0 : 0000000000000078
> Call trace:
> panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]
> op_remap_cb.isra.22+0x50/0x80
> __drm_gpuvm_sm_unmap+0x10c/0x1c8
> drm_gpuvm_sm_unmap+0x40/0x60
> panthor_vm_exec_op+0xb4/0x3d0 [panthor]
> panthor_vm_bind_exec_sync_op+0x154/0x278 [panthor]
> panthor_ioctl_vm_bind+0x160/0x4a0 [panthor]
> drm_ioctl_kernel+0xbc/0x138
> drm_ioctl+0x240/0x500
> __arm64_sys_ioctl+0xb0/0xf8
> invoke_syscall+0x4c/0x110
> el0_svc_common.constprop.1+0x98/0xf8
> do_el0_svc+0x24/0x38
> el0_svc+0x40/0xf8
> el0t_64_sync_handler+0xa0/0xc8
> el0t_64_sync+0x174/0x178
>
> Signed-off-by: Akash Goel <akash.goel@arm.com>
We also want a fixes line:
Fixes: 647810ec2476 ("drm/panthor: Add the MMU/VM logical block")
Reviewed-by: Steven Price <steven.price@arm.com>
I'll push this to drm-misc-fixes.
Thanks,
Steve
> ---
> drivers/gpu/drm/panthor/panthor_mmu.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c
> index 6dec4354e378..7870e7dbaa5d 100644
> --- a/drivers/gpu/drm/panthor/panthor_mmu.c
> +++ b/drivers/gpu/drm/panthor/panthor_mmu.c
> @@ -1175,10 +1175,14 @@ panthor_vm_op_ctx_prealloc_vmas(struct panthor_vm_op_ctx *op_ctx)
> break;
>
> case DRM_PANTHOR_VM_BIND_OP_TYPE_UNMAP:
> - /* Partial unmaps might trigger a remap with either a prev or a next VA,
> - * but not both.
> + /* Two VMAs can be needed for an unmap, as an unmap can happen
> + * in the middle of a drm_gpuva, requiring a remap with both
> + * prev & next VA. Or an unmap can span more than one drm_gpuva
> + * where the first and last ones are covered partially, requring
> + * a remap for the first with a prev VA and remap for the last
> + * with a next VA.
> */
> - vma_count = 1;
> + vma_count = 2;
> break;
>
> default:
On Fri, Oct 17, 2025 at 11:29:22AM +0100, Akash Goel wrote:
> This commit address a kernel panic issue that can happen if Userspace
> tries to partially unmap a GPU virtual region (aka drm_gpuva).
> The VM_BIND interface allows partial unmapping of a BO.
>
> Panthor driver pre-allocates memory for the new drm_gpuva structures
> that would be needed for the map/unmap operation, done using drm_gpuvm
> layer. It expected that only one new drm_gpuva would be needed on umap
> but a partial unmap can require 2 new drm_gpuva and that's why it
> ended up doing a NULL pointer dereference causing a kernel panic.
>
> Following dump was seen when partial unmap was exercised.
> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000078
> Mem abort info:
> ESR = 0x0000000096000046
> EC = 0x25: DABT (current EL), IL = 32 bits
> SET = 0, FnV = 0
> EA = 0, S1PTW = 0
> FSC = 0x06: level 2 translation fault
> Data abort info:
> ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000
> CM = 0, WnR = 1, TnD = 0, TagAccess = 0
> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> user pgtable: 4k pages, 48-bit VAs, pgdp=000000088a863000
> [000000000000078] pgd=080000088a842003, p4d=080000088a842003, pud=0800000884bf5003, pmd=0000000000000000
> Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP
> <snip>
> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]
> lr : panthor_gpuva_sm_step_remap+0x6c/0x330 [panthor]
> sp : ffff800085d43970
> x29: ffff800085d43970 x28: ffff00080363e440 x27: ffff0008090c6000
> x26: 0000000000000030 x25: ffff800085d439f8 x24: ffff00080d402000
> x23: ffff800085d43b60 x22: ffff800085d439e0 x21: ffff00080abdb180
> x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000010
> x17: 6e656c202c303030 x16: 3666666666646466 x15: 393d61766f69202c
> x14: 312d3d7361203a70 x13: 303030323d6e656c x12: ffff80008324bf58
> x11: 0000000000000003 x10: 0000000000000002 x9 : ffff8000801a6a9c
> x8 : ffff00080360b300 x7 : 0000000000000000 x6 : 000000088aa35fc7
> x5 : fff1000080000000 x4 : ffff8000842ddd30 x3 : 0000000000000001
> x2 : 0000000100000000 x1 : 0000000000000001 x0 : 0000000000000078
> Call trace:
> panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor]
> op_remap_cb.isra.22+0x50/0x80
> __drm_gpuvm_sm_unmap+0x10c/0x1c8
> drm_gpuvm_sm_unmap+0x40/0x60
> panthor_vm_exec_op+0xb4/0x3d0 [panthor]
> panthor_vm_bind_exec_sync_op+0x154/0x278 [panthor]
> panthor_ioctl_vm_bind+0x160/0x4a0 [panthor]
> drm_ioctl_kernel+0xbc/0x138
> drm_ioctl+0x240/0x500
> __arm64_sys_ioctl+0xb0/0xf8
> invoke_syscall+0x4c/0x110
> el0_svc_common.constprop.1+0x98/0xf8
> do_el0_svc+0x24/0x38
> el0_svc+0x40/0xf8
> el0t_64_sync_handler+0xa0/0xc8
> el0t_64_sync+0x174/0x178
>
> Signed-off-by: Akash Goel <akash.goel@arm.com>
Do we need a Fixes tag here?
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
Best regards,
Liviu
> ---
> drivers/gpu/drm/panthor/panthor_mmu.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c
> index 6dec4354e378..7870e7dbaa5d 100644
> --- a/drivers/gpu/drm/panthor/panthor_mmu.c
> +++ b/drivers/gpu/drm/panthor/panthor_mmu.c
> @@ -1175,10 +1175,14 @@ panthor_vm_op_ctx_prealloc_vmas(struct panthor_vm_op_ctx *op_ctx)
> break;
>
> case DRM_PANTHOR_VM_BIND_OP_TYPE_UNMAP:
> - /* Partial unmaps might trigger a remap with either a prev or a next VA,
> - * but not both.
> + /* Two VMAs can be needed for an unmap, as an unmap can happen
> + * in the middle of a drm_gpuva, requiring a remap with both
> + * prev & next VA. Or an unmap can span more than one drm_gpuva
> + * where the first and last ones are covered partially, requring
> + * a remap for the first with a prev VA and remap for the last
> + * with a next VA.
> */
> - vma_count = 1;
> + vma_count = 2;
> break;
>
> default:
> --
> 2.25.1
>
--
====================
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯
On Fri, 17 Oct 2025 13:30:53 +0100 Liviu Dudau <liviu.dudau@arm.com> wrote: > On Fri, Oct 17, 2025 at 11:29:22AM +0100, Akash Goel wrote: > > This commit address a kernel panic issue that can happen if Userspace > > tries to partially unmap a GPU virtual region (aka drm_gpuva). > > The VM_BIND interface allows partial unmapping of a BO. > > > > Panthor driver pre-allocates memory for the new drm_gpuva structures > > that would be needed for the map/unmap operation, done using drm_gpuvm > > layer. It expected that only one new drm_gpuva would be needed on umap > > but a partial unmap can require 2 new drm_gpuva and that's why it > > ended up doing a NULL pointer dereference causing a kernel panic. > > > > Following dump was seen when partial unmap was exercised. > > Unable to handle kernel NULL pointer dereference at virtual address 0000000000000078 > > Mem abort info: > > ESR = 0x0000000096000046 > > EC = 0x25: DABT (current EL), IL = 32 bits > > SET = 0, FnV = 0 > > EA = 0, S1PTW = 0 > > FSC = 0x06: level 2 translation fault > > Data abort info: > > ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000 > > CM = 0, WnR = 1, TnD = 0, TagAccess = 0 > > GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 > > user pgtable: 4k pages, 48-bit VAs, pgdp=000000088a863000 > > [000000000000078] pgd=080000088a842003, p4d=080000088a842003, pud=0800000884bf5003, pmd=0000000000000000 > > Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP > > <snip> > > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > > pc : panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor] > > lr : panthor_gpuva_sm_step_remap+0x6c/0x330 [panthor] > > sp : ffff800085d43970 > > x29: ffff800085d43970 x28: ffff00080363e440 x27: ffff0008090c6000 > > x26: 0000000000000030 x25: ffff800085d439f8 x24: ffff00080d402000 > > x23: ffff800085d43b60 x22: ffff800085d439e0 x21: ffff00080abdb180 > > x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000010 > > x17: 6e656c202c303030 x16: 3666666666646466 x15: 393d61766f69202c > > x14: 312d3d7361203a70 x13: 303030323d6e656c x12: ffff80008324bf58 > > x11: 0000000000000003 x10: 0000000000000002 x9 : ffff8000801a6a9c > > x8 : ffff00080360b300 x7 : 0000000000000000 x6 : 000000088aa35fc7 > > x5 : fff1000080000000 x4 : ffff8000842ddd30 x3 : 0000000000000001 > > x2 : 0000000100000000 x1 : 0000000000000001 x0 : 0000000000000078 > > Call trace: > > panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor] > > op_remap_cb.isra.22+0x50/0x80 > > __drm_gpuvm_sm_unmap+0x10c/0x1c8 > > drm_gpuvm_sm_unmap+0x40/0x60 > > panthor_vm_exec_op+0xb4/0x3d0 [panthor] > > panthor_vm_bind_exec_sync_op+0x154/0x278 [panthor] > > panthor_ioctl_vm_bind+0x160/0x4a0 [panthor] > > drm_ioctl_kernel+0xbc/0x138 > > drm_ioctl+0x240/0x500 > > __arm64_sys_ioctl+0xb0/0xf8 > > invoke_syscall+0x4c/0x110 > > el0_svc_common.constprop.1+0x98/0xf8 > > do_el0_svc+0x24/0x38 > > el0_svc+0x40/0xf8 > > el0t_64_sync_handler+0xa0/0xc8 > > el0t_64_sync+0x174/0x178 > > > > Signed-off-by: Akash Goel <akash.goel@arm.com> > > Do we need a Fixes tag here? We definitely want a Fixes tag, yep. Thanks for spotting that. > > Reviewed-by: Liviu Dudau <liviu.dudau@arm.com> > > Best regards, > Liviu > > > --- > > drivers/gpu/drm/panthor/panthor_mmu.c | 10 +++++++--- > > 1 file changed, 7 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c > > index 6dec4354e378..7870e7dbaa5d 100644 > > --- a/drivers/gpu/drm/panthor/panthor_mmu.c > > +++ b/drivers/gpu/drm/panthor/panthor_mmu.c > > @@ -1175,10 +1175,14 @@ panthor_vm_op_ctx_prealloc_vmas(struct panthor_vm_op_ctx *op_ctx) > > break; > > > > case DRM_PANTHOR_VM_BIND_OP_TYPE_UNMAP: > > - /* Partial unmaps might trigger a remap with either a prev or a next VA, > > - * but not both. > > + /* Two VMAs can be needed for an unmap, as an unmap can happen > > + * in the middle of a drm_gpuva, requiring a remap with both > > + * prev & next VA. Or an unmap can span more than one drm_gpuva > > + * where the first and last ones are covered partially, requring > > + * a remap for the first with a prev VA and remap for the last > > + * with a next VA. > > */ > > - vma_count = 1; > > + vma_count = 2; > > break; > > > > default: > > -- > > 2.25.1 > > >
+Adrian On Fri, 17 Oct 2025 11:29:22 +0100 Akash Goel <akash.goel@arm.com> wrote: > This commit address a kernel panic issue that can happen if Userspace > tries to partially unmap a GPU virtual region (aka drm_gpuva). > The VM_BIND interface allows partial unmapping of a BO. > > Panthor driver pre-allocates memory for the new drm_gpuva structures > that would be needed for the map/unmap operation, done using drm_gpuvm > layer. It expected that only one new drm_gpuva would be needed on umap > but a partial unmap can require 2 new drm_gpuva and that's why it > ended up doing a NULL pointer dereference causing a kernel panic. > > Following dump was seen when partial unmap was exercised. > Unable to handle kernel NULL pointer dereference at virtual address 0000000000000078 > Mem abort info: > ESR = 0x0000000096000046 > EC = 0x25: DABT (current EL), IL = 32 bits > SET = 0, FnV = 0 > EA = 0, S1PTW = 0 > FSC = 0x06: level 2 translation fault > Data abort info: > ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000 > CM = 0, WnR = 1, TnD = 0, TagAccess = 0 > GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 > user pgtable: 4k pages, 48-bit VAs, pgdp=000000088a863000 > [000000000000078] pgd=080000088a842003, p4d=080000088a842003, pud=0800000884bf5003, pmd=0000000000000000 > Internal error: Oops: 0000000096000046 [#1] PREEMPT SMP > <snip> > pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor] > lr : panthor_gpuva_sm_step_remap+0x6c/0x330 [panthor] > sp : ffff800085d43970 > x29: ffff800085d43970 x28: ffff00080363e440 x27: ffff0008090c6000 > x26: 0000000000000030 x25: ffff800085d439f8 x24: ffff00080d402000 > x23: ffff800085d43b60 x22: ffff800085d439e0 x21: ffff00080abdb180 > x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000010 > x17: 6e656c202c303030 x16: 3666666666646466 x15: 393d61766f69202c > x14: 312d3d7361203a70 x13: 303030323d6e656c x12: ffff80008324bf58 > x11: 0000000000000003 x10: 0000000000000002 x9 : ffff8000801a6a9c > x8 : ffff00080360b300 x7 : 0000000000000000 x6 : 000000088aa35fc7 > x5 : fff1000080000000 x4 : ffff8000842ddd30 x3 : 0000000000000001 > x2 : 0000000100000000 x1 : 0000000000000001 x0 : 0000000000000078 > Call trace: > panthor_gpuva_sm_step_remap+0xe4/0x330 [panthor] > op_remap_cb.isra.22+0x50/0x80 > __drm_gpuvm_sm_unmap+0x10c/0x1c8 > drm_gpuvm_sm_unmap+0x40/0x60 > panthor_vm_exec_op+0xb4/0x3d0 [panthor] > panthor_vm_bind_exec_sync_op+0x154/0x278 [panthor] > panthor_ioctl_vm_bind+0x160/0x4a0 [panthor] > drm_ioctl_kernel+0xbc/0x138 > drm_ioctl+0x240/0x500 > __arm64_sys_ioctl+0xb0/0xf8 > invoke_syscall+0x4c/0x110 > el0_svc_common.constprop.1+0x98/0xf8 > do_el0_svc+0x24/0x38 > el0_svc+0x40/0xf8 > el0t_64_sync_handler+0xa0/0xc8 > el0t_64_sync+0x174/0x178 > > Signed-off-by: Akash Goel <akash.goel@arm.com> Adrian had the exact same fix, and I suggested he delays the submission so we can fix partial unmap is used in the same patchset (when THP is used, we might have to insert an intermediate PT level when a huge page mapping is split, and the io-pagtable code doesn't cover that anymore). Oh well, sorry about that Adrian. Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com> > --- > drivers/gpu/drm/panthor/panthor_mmu.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c > index 6dec4354e378..7870e7dbaa5d 100644 > --- a/drivers/gpu/drm/panthor/panthor_mmu.c > +++ b/drivers/gpu/drm/panthor/panthor_mmu.c > @@ -1175,10 +1175,14 @@ panthor_vm_op_ctx_prealloc_vmas(struct panthor_vm_op_ctx *op_ctx) > break; > > case DRM_PANTHOR_VM_BIND_OP_TYPE_UNMAP: > - /* Partial unmaps might trigger a remap with either a prev or a next VA, > - * but not both. > + /* Two VMAs can be needed for an unmap, as an unmap can happen > + * in the middle of a drm_gpuva, requiring a remap with both > + * prev & next VA. Or an unmap can span more than one drm_gpuva > + * where the first and last ones are covered partially, requring > + * a remap for the first with a prev VA and remap for the last > + * with a next VA. > */ > - vma_count = 1; > + vma_count = 2; > break; > > default:
© 2016 - 2026 Red Hat, Inc.