tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

gpu: nova-core: gsp: fix improper handling of empty slot in cmdq

The current code hands out buffers that go all the way up to and
including `rx - 1`, but we need to maintain an empty slot to prevent the
ring buffer from wrapping around into having 'tx == rx', which means
empty.

Also add more rigorous no-panic proofs.

Fixes: 75f6b1de8133 ("gpu: nova-core: gsp: Add GSP command queue bindings and handling")
Signed-off-by: Eliot Courtney <ecourtney@nvidia.com>
Reviewed-by: Gary Guo <gary@garyguo.net>
Link: https://patch.msgid.link/20260129-nova-core-cmdq1-v3-4-2ede85493a27@nvidia.com
Signed-off-by: Alexandre Courbot <acourbot@nvidia.com>

authored by

Eliot Courtney and committed by
Alexandre Courbot f64caf67 f6f072d8

+20 -14
+20 -14
drivers/gpu/nova-core/gsp/cmdq.rs
··· 227 227 // PANIC: per the invariant of `cpu_write_ptr`, `tx` is `< MSGQ_NUM_PAGES`. 228 228 let (before_tx, after_tx) = gsp_mem.cpuq.msgq.data.split_at_mut(tx); 229 229 230 - if rx <= tx { 231 - // The area from `tx` up to the end of the ring, and from the beginning of the ring up 232 - // to `rx`, minus one unit, belongs to the driver. 233 - if rx == 0 { 234 - let last = after_tx.len() - 1; 235 - (&mut after_tx[..last], &mut []) 236 - } else { 237 - (after_tx, &mut before_tx[..rx]) 238 - } 230 + // The area starting at `tx` and ending at `rx - 2` modulo MSGQ_NUM_PAGES, inclusive, 231 + // belongs to the driver for writing. 232 + 233 + if rx == 0 { 234 + // Since `rx` is zero, leave an empty slot at end of the buffer. 235 + let last = after_tx.len() - 1; 236 + (&mut after_tx[..last], &mut []) 237 + } else if rx <= tx { 238 + // The area is discontiguous and we leave an empty slot before `rx`. 239 + // PANIC: 240 + // - The index `rx - 1` is non-negative because `rx != 0` in this branch. 241 + // - The index does not exceed `before_tx.len()` (which equals `tx`) because 242 + // `rx <= tx` in this branch. 243 + (after_tx, &mut before_tx[..(rx - 1)]) 239 244 } else { 240 - // The area from `tx` to `rx`, minus one unit, belongs to the driver. 241 - // 242 - // PANIC: per the invariants of `cpu_write_ptr` and `gsp_read_ptr`, `rx` and `tx` are 243 - // `<= MSGQ_NUM_PAGES`, and the test above ensured that `rx > tx`. 244 - (after_tx.split_at_mut(rx - tx).0, &mut []) 245 + // The area is contiguous and we leave an empty slot before `rx`. 246 + // PANIC: 247 + // - The index `rx - tx - 1` is non-negative because `rx > tx` in this branch. 248 + // - The index does not exceed `after_tx.len()` (which is `MSGQ_NUM_PAGES - tx`) 249 + // because `rx < MSGQ_NUM_PAGES` by the `gsp_read_ptr` invariant. 250 + (&mut after_tx[..(rx - tx - 1)], &mut []) 245 251 } 246 252 } 247 253