Re: [PATCH] drm/panthor: Check VMA boundaries for PMD mappings
From: Boris Brezillon
Date: Wed Jun 24 2026 - 06:33:28 EST
On Wed, 24 Jun 2026 12:26:36 +0200
Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx> wrote:
> On Tue, 23 Jun 2026 20:19:42 +0200
> "Christian A. Ehrhardt" <lk@xxxxxxx> wrote:
>
> > When checking a different patch[1] sashiko AI pointed out that
> > panthor needs the same fix[2]:
> >
> > In the ->huge_fault handler do not install a PMD huge page
> > mapping if the huge page exceeds the boundaries of the VMA.
> >
> > [1] https://lore.kernel.org/lkml/20260622215718.1532689-1-lk@xxxxxxx/
> > [2] https://sashiko.dev/#/patchset/20260622215718.1532689-1-lk%40c--e.de
> >
> > Cc: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>
> > Cc: Steven Price <steven.price@xxxxxxx>
> > Cc: Liviu Dudau <liviu.dudau@xxxxxxx>
> > Fixes: 68cbf96b1e9b ("drm/panthor: Part ways with drm_gem_shmem_object")
> > Signed-off-by: Christian A. Ehrhardt <lk@xxxxxxx>
>
> I know the discussion is ongoing to decide what we should do about
> these huge_fault() handlers, but I think it's worth getting this fix in
> in the meantime.
>
> Reviewed-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx>
BTW, I saw shashiko complain about our page_offset calculation which
should look something like
page_offset = vmf->pgoff - drm_vma_node_start(&bo->base.vma_node);
to be immune to the vma->vm_{start,pgoff} adjustments done when the
VMA is split.
>
> > ---
> > drivers/gpu/drm/panthor/panthor_gem.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > NOTE:
> > The panthor version is only compile tested because I don't
> > have the hardware. However, the code is identical to that
> > fixed in [1] and I have a reproducer for that.
> >
> > No need for for stable backports. The code is new in 7.1.
> >
> > diff --git a/drivers/gpu/drm/panthor/panthor_gem.c b/drivers/gpu/drm/panthor/panthor_gem.c
> > index a1e2eb1ca7bb..54535bae2b0c 100644
> > --- a/drivers/gpu/drm/panthor/panthor_gem.c
> > +++ b/drivers/gpu/drm/panthor/panthor_gem.c
> > @@ -802,9 +802,13 @@ static vm_fault_t insert_page(struct vm_fault *vmf, unsigned int order, struct p
> > } else if (order == PMD_ORDER) {
> > unsigned long pfn = page_to_pfn(page);
> > unsigned long paddr = pfn << PAGE_SHIFT;
> > + struct vm_area_struct *vma = vmf->vma;
> > + unsigned long start = ALIGN_DOWN(vmf->address, PMD_SIZE);
> > + unsigned long end = start + PMD_SIZE;
> > + bool in_range = vma->vm_start <= start && end <= vma->vm_end;
> > bool aligned = (vmf->address & ~PMD_MASK) == (paddr & ~PMD_MASK);
> >
> > - if (aligned &&
> > + if (aligned && in_range &&
> > folio_test_pmd_mappable(page_folio(page))) {
> > pfn &= PMD_MASK >> PAGE_SHIFT;
> > return vmf_insert_pfn_pmd(vmf, pfn, vmf->flags & FAULT_FLAG_WRITE);
>