Commit Graph

169613 Commits

Author SHA1 Message Date
Jerome Glisse
c8c15ff1e9 drm/radeon: r6xx/r7xx possible security issue, system ram access
This patch workaround a possible security issue which can allow
user to abuse drm on r6xx/r7xx hw to access any system ram memory.
This patch doesn't break userspace, it detect "valid" old use of
CB_COLOR[0-7]_FRAG & CB_COLOR[0-7]_TILE registers and overwritte
the address these registers are pointing to with the one of the
last color buffer. This workaround will work for old mesa &
xf86-video-ati and any old user which did use similar register
programming pattern as those (we expect that there is no others
user of those ioctl except possibly a malicious one). This patch
add a warning if it detects such usage, warning encourage people
to update their mesa & xf86-video-ati. New userspace will submit
proper relocation.

Fix for xf86-video-ati / mesa (this kernel patch is enough to
prevent abuse, fix for userspace are to set proper cs stream and
avoid kernel warning) :
http://cgit.freedesktop.org/xorg/driver/xf86-video-ati/commit/?id=95d63e408cc88b6934bec84a0b1ef94dfe8bee7b
http://cgit.freedesktop.org/mesa/mesa/commit/?id=46dc6fd3ed5ef96cda53641a97bc68c3bc104a9f

Abusing this register to perform system ram memory is not easy,
here is outline on how it could be achieve. First attacker must
have access to the drm device and be able to submit command stream
throught cs ioctl. Then attacker must build a proper command stream
for r6xx/r7xx hw which will abuse the FRAG or TILE buffer to
overwrite the GPU GART which is in VRAM. To achieve so attacker
as to setup CB_COLOR[0-7]_FRAG or CB_COLOR[0-7]_TILE to point
to the GPU GART, then it has to find a way to write predictable
value into those buffer (with little cleverness i believe this
can be done but this is an hard task). Once attacker have such
program it can overwritte GPU GART to program GPU gart to point
anywhere in system memory. It then can reusse same method as he
used to reprogram GART to overwritte the system ram through the
GART mapping. In the process the attacker has to be carefull to
not overwritte any sensitive area of the GART table, like ring
or IB gart entry as it will more then likely lead to GPU lockup.
Bottom line is that i think it's very hard to use this flaw
to get system ram access but in theory one can achieve so.

Side note: I am not aware of anyone ever using the GPU as an
attack vector, nevertheless we take great care in the opensource
driver to try to detect and forbid malicious use of GPU. I don't
think the closed source driver are as cautious as we are.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:49:32 +10:00
Jerome Glisse
db96380ea2 drm/radeon/kms: r600/r700 don't test ib if ib initialization fails
If ib initialization failed don't try to test ib as it will result
in an oops (accessing NULL ib buffer ptr).

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:47:01 +10:00
Jerome Glisse
7e71c9e2e7 drm/radeon/kms: Forbid creation of framebuffer with no valid GEM object
This will avoid oops if at later point the fb is use. Trying to create
a framebuffer with no valid GEM object is bogus and should be forbidden
as this patch does.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:46:27 +10:00
Jerome Glisse
7924e5eb8f drm/radeon/kms: r600 handle irq vector ring overflow
In some rare case i faced an irq overflow quickly followed by
a GPU lockup (hard hang) this patch try to deal with irq vector
ring overflow, so far haven't been able to reproduce it with
the patch.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:45:01 +10:00
Jerome Glisse
79c2bbc505 drm/radeon/kms: r600/r700 don't process IRQ if not initialized
In some rare case the wptr returned from the hw wasn't 0 and leaded
to trick r600_process_irq that their were irq to process. Add a
check to bail out if irq hasn't been initialized this will avoid
oops provoqued by the rare wptr != 0 on initialization.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:43:56 +10:00
Jerome Glisse
0c45249f41 drm/radeon/kms: r600/r700 disable irq at suspend
To avoid hw doing anythings after we disabled PCIE GART, fully
disable IRQ at suspend. Also cleanup a bit the ih structure
and process function.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Reviewed-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:42:59 +10:00
Alex Deucher
615e0cb679 drm/radeon/kms/r4xx: cleanup atom path
most of radeon_legacy_atom_set_surface() is taken care
of in atombios_set_base(), so remove the duplicate
setup and move the remaining bits (DISP_MERGE setup and
FP2 sync) to atombios_crtc.c where they are used.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:40:08 +10:00
Alex Deucher
54f088a960 drm/radeon/kms: fix atombios_crtc_set_base
Make it call the proper backend depending on the
GPU family.  Right now r4xx cards with atombios modesetting
enabled were using the avivo crtc base code.  This also
allows us to add support for new asics more easily.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:39:02 +10:00
Alex Deucher
e2f8e87089 drm/radeon/kms/atom: upstream parser updates
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:20:28 +10:00
Alex Deucher
9f53e79316 drm/radeon/kms/atom: fix some parser bugs
- add support for inline src params
- fix shift_left/shift_right and shl/shr ops
  shift_* ops use inline src params, shl/r use full params
- fix mask op (uses inline params)

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:19:55 +10:00
Alex Deucher
07bec2df01 drm/radeon/kms: fix hardcoded mmio size in register functions
newer asics have large mmio apertures

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:19:42 +10:00
Alex Deucher
cf57fc7aa2 drm/radeon/kms/r100: fix bug in CS parser
The first dword of PACKET3_3D_DRAW_IMMD maps to
SE_VTX_FMT so the vertex size is part of the draw
packet.

This patch fixes a possible case where you have a
command buffer that does not contain SE_VTX_FMT
register write, but does contain PACKET3_3D_DRAW_IMMD.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:18:18 +10:00
Andrew Randrianasulu
828153e292 drm/radeon/kms/r200: fix bug in CS parser
Add missing vertex shader regs for r200.

fixed fdo bug 26061

agd5f: use official reg names

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:17:27 +10:00
Andrew Randrianasulu
f3d1ccc14f drm/radeon/kms/r200: fix bug in CS parser
The checks for CUBE and 3D textures were inverted.

fixes fdo bug 24159

agd5f: added comments for clarity.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2010-01-21 08:17:13 +10:00
Ben Skeggs
58d65b84de drm/nv50: prevent accidently turning off encoders we're actually using
On most cards the DisplayPort connector is created with 2 encoders sharing
a single SOR (for native DP, and for DVI-over-DP).  The previous logic
for turning off unused encoders didn't take into account that we could
have multiple drm_encoders on a single hw encoder and ended up turning off
encoders that were actually being used still.

This patch fixes that issue.  We probably want to look at something a bit
better later on, and only expose one drm_encoder per hw encoder block.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-18 09:56:27 +10:00
Ben Skeggs
134f248bea drm/nv50: fix alignment of per-channel fifo cache
GPU pointer to the structure is shifted right by 10 bits, so we need to
align to 1024 bytes, not 256.

Reported-by: Maarten Maathuis <madman2003@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-18 09:56:19 +10:00
Luca Barbieri
7166647501 drm/nouveau: Evict buffers in VRAM before freeing sgdma
Currently, we take down the sgdma engine without evicting all buffers
from VRAM.

The TTM device release will try to evict anything in VRAM to GART
memory, but this will fail since sgdma has already been taken down.

This causes an infinite loop in kernel mode on module unload.
It usually doesn't happen because there aren't any buffer on close.
However, if the GPU is locked up, this condition is easily triggered.

This patch fixes it in the simplest way possible by cleaning VRAM
right before cleaning SGDMA memory.

Signed-off-by: Luca Barbieri <luca@luca-barbieri.com>
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-18 09:56:13 +10:00
Luca Barbieri
d051bbb22e drm/nouveau: Acknowledge DMA_VTX_PROTECTION PGRAPH interrupts
Currently Nouveau is unable to dismiss DMA_VTX_PROTECTION errors,
which results in an infinite loop in the interrupt handler.

These errors are caused both by bugs in the Gallium driver and by
user-specified index buffers with out of bounds indices.

By mmio-tracing the nVidia drivers, I found out how this is done.
On DMA_VTX_PROTECTION, The nVidia driver reads the register 0x402000,
always getting the value 4, and then writes 4 back to 0x402000.

This patch adds that logic by reading 0x402000 and writing the same
value back.
It's unclear what should happen if the value read is not 4, and
the current approach might not be the correct one.

To test this, modify mesa/progs/trivial/vbo-drawrange.c, defining
ELTOBJ to 1 and replacing indices with huge out of bounds integers.

Without this patch, the GPU and/or kernel should lock up.
With this patch, it should misrender as expected but not lock up.

The errors are still logged since they are useful for development.

This has been tested on NV49 and may not work on other cards.

To find out how things work on other cards, run the aforementioned
test using the blob with mmiotrace and grep for a read of the PGRAPH
source register.

Signed-off-by: Luca Barbieri <luca@luca-barbieri.com>
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-18 09:56:03 +10:00
Ben Skeggs
0d92971dd6 drm/nouveau: fix thinko in nv04_instmem.c
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-18 09:55:54 +10:00
Ben Skeggs
ba59953d28 drm/nouveau: fix a race condition in nouveau_dma_wait()
Can be triggered easily on certain cards (NV46 and NV50 of mine) by
running "dmesg", the DRM's channel will lockup.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-18 09:55:48 +10:00
Dave Airlie
8471a26b9c Merge remote branch 'korg/drm-radeon-testing' into drm-linus
* korg/drm-radeon-testing:
  drm/radeon/kms: Use radeon_agp_disable when disabling AGP
  drm/radeon/kms: Disable AGP is aperture size < 32M
  drm/radeon/kms: Fix r600 blit cleanup path
  drm/radeon/kms: Do not unpin buffer in fb destruction
  drm/radeon/kms: fix displayport->dvi connector DDC.
2010-01-15 15:40:39 +10:00
Jerome Glisse
79b7dcb2af drm: EDID accept separate sync video mode
X is accepting such video mode, do the same. Pointed out by Joshua Roys
on IRC. Fix https://bugzilla.redhat.com/show_bug.cgi?id=540024

[fix printf to use composite not integrated :- airlied]

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-15 13:29:52 +10:00
Dave Airlie
1c974dc218 Merge remote branch 'nouveau/for-airlied' of ../drm-nouveau-next into drm-linus
* 'nouveau/for-airlied' of ../drm-nouveau-next: (44 commits)
  drm/nouveau: check pushbuffer bounds in ioctl
  drm/nouveau: reserve VGA area for the moment
  drm/nouveau: Unset the EDID connector property when the EDID block goes away.
  drm/nouveau: Fallback to analog load detection when the EDID block is invalid.
  drm/nouveau: fix edid memleak in nouveau_connector
  drm/nouveau: Break some long lines.
  drm/nouveau: add NV18 device id to call_lvds_manufacturer_script
  drm/nv50: Fix typo in PGRAPH initialisation.
  drm/nouveau: less magic DCB 1.5 parsing
  drm/nouveau: assume no nv04 board has a DCB table
  drm/nouveau: remove PRIV0 check in nouveau_mem_close()
  drm/nouveau: wait on fence after bo move if validating for another channel
  drm/nouveau: trust init table registers are safe
  drm/nv50: wait for pgraph to idle before unloading the context
2010-01-15 13:25:38 +10:00
Luca Barbieri
12f735b79f drm/nouveau: check pushbuffer bounds in ioctl
Currently there is no check that the pushbuffer request bounds are inside
the TTM BO.

This allows to instruct the kernel to do relocations on user-selected
addresses, since the relocation bounds checking relies on the request
bounds.

This can oops the kernel accidentally and is easily exploitable.

This patch adds bound checking and alignment checking for ->offset and
->nr_dwords.

It also makes some variables unsigned, which should have no effect,
but prevents possible bounds checking problems.

Signed-off-by: Luca Barbieri <luca@luca-barbieri.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:56:50 +10:00
Ben Skeggs
ac8fb975e8 drm/nouveau: reserve VGA area for the moment
This is to prevent things such as GART tables and other important GPU
structures being allocated there before we take over fbcon ourselves.

This is more of a workaround for the moment, a better solution will
require some more invasive changes, but it'll be done at some point.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:29:38 +10:00
Francisco Jerez
b8780e2ad2 drm/nouveau: Unset the EDID connector property when the EDID block goes away.
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:29:35 +10:00
Francisco Jerez
0ed3165e55 drm/nouveau: Fallback to analog load detection when the EDID block is invalid.
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:28:59 +10:00
Xavier Chantry
c8ebe27579 drm/nouveau: fix edid memleak in nouveau_connector
This was spotted by kmemleak.

Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:28:48 +10:00
Francisco Jerez
3d9aefb8bd drm/nouveau: Break some long lines.
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:28:10 +10:00
Andrea Tacconi
b79d8a65d5 drm/nouveau: add NV18 device id to call_lvds_manufacturer_script
This fixes imac black screen (NV18 card)

Signed-off-by: Andrea Tacconi <tacconet@libero.it>
Signed-off-by: Francisco Jerez <currojerez@riseup.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-15 09:28:02 +10:00
Marcin Kościelnicki
716abaa8e5 drm/nv50: Fix typo in PGRAPH initialisation.
This enables streamout functionality.

Signed-off-by: Marcin Kościelnicki <koriakin@0x04.net>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:49:05 +10:00
Ben Skeggs
b0d2de860b drm/nouveau: less magic DCB 1.5 parsing
This in the very least matches the parsing of all the previously known
entries, and hopefully (at least closer to) correct for any we haven't
seen yet.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:48:59 +10:00
Ben Skeggs
ed42f8240c drm/nouveau: assume no nv04 board has a DCB table
There's a report of a TNT2 where the DCB table pointer is *not* NULL
(it contains a part of a VBIOS data string), and we assume this means
a DCB table is present, causing all kinds of hilarity.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:48:52 +10:00
Ben Skeggs
77cb5c75e8 drm/nouveau: remove PRIV0 check in nouveau_mem_close()
We don't setup PRIV0 anymore, so this is unnecessary.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:48:46 +10:00
Ben Skeggs
e147eae80a drm/nouveau: wait on fence after bo move if validating for another channel
Not an ideal solution, but it'll do for the moment for correctness.  We
need to come up with a nicer way to manage inter-channel sync, the hw
is unfortunately a little lacking in this area.

Should fix some resume corruption, as well as corruption that may be seen
while under memory pressure.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:48:38 +10:00
Ben Skeggs
9855e584d2 drm/nouveau: trust init table registers are safe
Apparently the original reason for checking this was there were known
register accesses that caused hangs on some chipsets.  This was more
than likely because of incorrect parsing of previous opcodes, and I
hardly think aborting a script half way through is going to be any
better (in fact, we have had bug reports where this has been the cause
of s/r failures among other things).

This patch (which has been in Fedora 12 for a long time now) removes
all checking for known register ranges, and just leaves the check to
ensure the access is within the mapped aperture to avoid an oops.

Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:48:31 +10:00
Maarten Maathuis
0a90dc51aa drm/nv50: wait for pgraph to idle before unloading the context
This should fix the problem with gpu hangs people have had when closing
channels.

Signed-off-by: Maarten Maathuis <madman2003@gmail.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2010-01-14 18:48:21 +10:00
Thomas Hellstrom
354fb52cb6 drm/ttm: Make sure system buffer objects has offset == 0.
This is a convention that the vmwgfx driver has come to rely on.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:20:04 +10:00
Thomas Hellstrom
d9f36a0051 drm/vmwgfx: Implement basic pm operations.
Currently we really only support S3, since the device doesn't support
saving of the 3D state.

On S3/S4, move all buffer objects to swappable memory and take down
GMR bindings. We need to do that from a PM notifier since we can't
do persistant memory allocations from the standard PM callbacks.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:19:57 +10:00
Thomas Hellstrom
e99e1e7893 drm/ttm: Export symbols needed for vmwgfx suspend / resume operations.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:19:50 +10:00
Thomas Hellstrom
476d51dbdb drm/vmwgfx: Implement a swap_notify callback.
Unbind GMR bindings on the buffer about to be swapped out.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:19:01 +10:00
Thomas Hellstrom
3f09ea4ecd drm/ttm: Add a swap_notify callback.
This is needed for a bugfix in the vmwgfx driver.
Drivers may have GPU bindings on buffers that core TTM is not aware of,
and TTM may view those buffers as ordinary system memory buffers.
Add a notifier to such drivers when TTM is about to move the buffer
contents out to swappable memory. The driver must then release any
private GPU bindings on those buffers.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:18:54 +10:00
Thomas Hellstrom
effe1105be drm/vmwgfx: Use bo_driver::move_notify to unbind GMRs.
This was previously done explicitly for overlay- and fb buffers.
Now it's done for any buffer leaving the SYSTEM memory region.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:18:43 +10:00
Thomas Hellstrom
7704befbd5 drm/vmwgfx: Make fence sequences continous across a VT switch.
A vt switch in stealth mode would take down the FIFO, and re-
initialize fence sequence numbers. This patch
saves the current state of the fence sequence when the FIFO is
disabled.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:18:02 +10:00
Thomas Hellstrom
50ec3b7c35 drm/vmwgfx: Fix an error path causing an oops.
An error happening before the snooper.image member had been set up
would cause a kfree of an arbitrary pointer. Set up the snooper.image
member early.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:17:56 +10:00
Thomas Hellstrom
df1c93bae2 drm/vmwgfx: Don't promote updates from GMR-backed scanouts to fullscreen.
That's unnecessary since partial screen updates from GMRs are fast.
Also fix cliprect pointer dereferencing

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 12:17:44 +10:00
Jerome Glisse
700a0cc088 drm/radeon/kms: Use radeon_agp_disable when disabling AGP
Use same common function to disable agp so we replace the GART
callback by the proper one when we do so. This fix oops if
radeon_agp_init report failure.

This patch also move radeon_agp_init out of *_mc_init for r600
& rv770 so that we can have a similar behavior than for previous
hw, ie if agp_init fails it will fallback to GPU GART and disable
AGP.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 11:53:55 +10:00
Jerome Glisse
0a3f316370 drm/radeon/kms: Disable AGP is aperture size < 32M
radeon KMS need a GART of at least 32M to properly work. This patch
check the AGP aperture size and disable if it's less than 32M. Note
than unlike non KMS path we don't staticaly allocate AGP memory so
we are not wasting memory not used by graphic processing.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 11:53:45 +10:00
Jerome Glisse
30d2d9a54d drm/radeon/kms: Fix r600 blit cleanup path
r600 blit cleanup path need to check if a bo was allocated before
trying to free or unpin it. This patch add this check and avoid
oops when the initialization on r6xx or r7xx hw fails.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 11:53:36 +10:00
Jerome Glisse
6398d42454 drm/radeon/kms: Do not unpin buffer in fb destruction
It's not necessary to unpin buffer in fb destruction. pin/unpin
need to be balanced and we don't pin in fb creation. We pin when
an fb is associated to a crtc and unpin when the fb is disassociated
from the crtc.

Note:
Maybe we should take reference on fb in set_base callback so fb
doesn't disappear until it's unbind from ctrc.

Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2010-01-14 11:53:21 +10:00