Merge tag 'drm-fixes-2026-05-16' of https://gitlab.freedesktop.org/drm/kernel

static int qaic_gem_object_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)

{

	struct qaic_bo *bo = to_qaic_bo(obj);

	unsigned long remap_start;

	unsigned long offset = 0;

	unsigned long remap_end;

	struct scatterlist *sg;

	unsigned long length;

	int ret = 0;

	if (drm_gem_is_imported(obj))

	for (sg = bo->sgt->sgl; sg; sg = sg_next(sg)) {

		if (sg_page(sg)) {

			/* if sg is too large for the VMA, so truncate it to fit */

			if (check_add_overflow(vma->vm_start, offset, &remap_start))

				return -EINVAL;

			if (check_add_overflow(remap_start, sg->length, &remap_end))

				return -EINVAL;

			if (remap_end > vma->vm_end) {

				if (check_sub_overflow(vma->vm_end, remap_start, &length))

					return -EINVAL;

			} else {

				length = sg->length;

			}

			if (length == 0)

				goto out;

			ret = remap_pfn_range(vma, vma->vm_start + offset, page_to_pfn(sg_page(sg)),

					      sg->length, vma->vm_page_prot);

					      length, vma->vm_page_prot);

			if (ret)

				goto out;

			offset += sg->length;

			offset += length;

		}

	}

	ret = dma_resv_wait_timeout(gem_obj->resv, DMA_RESV_USAGE_WRITE, true, timeout);

	if (!ret)

		ret = timeout ? -ETIMEDOUT : -EBUSY;

	else if (ret > 0)

		ret = 0;

	shmem_obj = &to_rocket_bo(gem_obj)->base;

					size_t size, loff_t *pos)

{

	struct amdgpu_ring *ring = file_inode(f)->i_private;

	uint32_t value, result, early[3];

	u32 value, result, early[3] = { 0 };

	uint64_t p;

	u32 avail_dw, start_dw, read_dw;

	loff_t i;

	int r;

	result = 0;

	if (*pos < 12) {

	if (ring->funcs->type == AMDGPU_RING_TYPE_CPER)

		mutex_lock(&ring->adev->cper.ring_lock);

	if (*pos < 12) {

		early[0] = amdgpu_ring_get_rptr(ring) & ring->buf_mask;

		early[1] = amdgpu_ring_get_wptr(ring) & ring->buf_mask;

		early[2] = ring->wptr & ring->buf_mask;

			*pos += 4;

		}

	} else {

		early[0] = amdgpu_ring_get_rptr(ring) & ring->buf_mask;

		early[1] = amdgpu_ring_get_wptr(ring) & ring->buf_mask;

		p = early[0];

		if (early[0] <= early[1])

			size = (early[1] - early[0]);

			avail_dw = early[1] - early[0];

		else

			size = ring->ring_size - (early[0] - early[1]);

			avail_dw = ring->buf_mask + 1 - (early[0] - early[1]);

		while (size) {

		start_dw = (*pos > 12) ? ((*pos - 12) >> 2) : 0;

		if (start_dw >= avail_dw)

			goto out;

		p = (p + start_dw) & ring->ptr_mask;

		avail_dw -= start_dw;

		read_dw = min_t(u32, avail_dw, size >> 2);

		while (read_dw) {

			if (p == early[1])

				goto out;

			buf += 4;

			result += 4;

			size--;

			read_dw--;

			p++;

			p &= ring->ptr_mask;

			*pos += 4;

		}

	}

	int r = 0;

	int i;

	/* Warning if current process mutex is not held */

	WARN_ON(!mutex_is_locked(&uq_mgr->userq_mutex));

	if (unlikely(adev->debug_disable_gpu_ring_reset)) {

		dev_err(adev->dev, "userq reset disabled by debug mask\n");

		return 0;

	 */

	for (i = 0; i < num_queue_types; i++) {

		int ring_type = queue_types[i];

		const struct amdgpu_userq_funcs *funcs = adev->userq_funcs[ring_type];

		const struct amdgpu_userq_funcs *funcs =

			adev->userq_funcs[ring_type];

		if (!amdgpu_userq_is_reset_type_supported(adev, ring_type, AMDGPU_RESET_TYPE_PER_QUEUE))

		if (!amdgpu_userq_is_reset_type_supported(adev, ring_type,

							  AMDGPU_RESET_TYPE_PER_QUEUE))

				continue;

		if (atomic_read(&uq_mgr->userq_count[ring_type]) > 0 &&

static void amdgpu_userq_hang_detect_work(struct work_struct *work)

{

	struct amdgpu_usermode_queue *queue = container_of(work,

							  struct amdgpu_usermode_queue,

	struct amdgpu_usermode_queue *queue =

		container_of(work, struct amdgpu_usermode_queue,

			     hang_detect_work.work);

	struct dma_fence *fence;

	struct amdgpu_userq_mgr *uq_mgr;

	if (!queue->userq_mgr)

		return;

	uq_mgr = queue->userq_mgr;

	fence = READ_ONCE(queue->hang_detect_fence);

	/* Fence already signaled – no action needed */

	if (!fence || dma_fence_is_signaled(fence))

		return;

	mutex_lock(&uq_mgr->userq_mutex);

	amdgpu_userq_detect_and_reset_queues(uq_mgr);

	mutex_unlock(&uq_mgr->userq_mutex);

	amdgpu_userq_detect_and_reset_queues(queue->userq_mgr);

}

/*

 * Start hang detection for a user queue fence. A delayed work will be scheduled

 * to check if the fence is still pending after the timeout period.

 * to reset the queues when the fence doesn't signal in time.

 */

void amdgpu_userq_start_hang_detect_work(struct amdgpu_usermode_queue *queue)

{

	struct amdgpu_device *adev;

	unsigned long timeout_ms;

	if (!queue || !queue->userq_mgr || !queue->userq_mgr->adev)

		return;

	adev = queue->userq_mgr->adev;

	/* Determine timeout based on queue type */

	switch (queue->queue_type) {

		break;

	}

	/* Store the fence to monitor and schedule hang detection */

	WRITE_ONCE(queue->hang_detect_fence, queue->last_fence);

	schedule_delayed_work(&queue->hang_detect_work,

		     msecs_to_jiffies(timeout_ms));

}

	struct xarray *xa = &adev->userq_doorbell_xa;

	struct amdgpu_usermode_queue *queue;

	unsigned long flags;

	int r;

	xa_lock_irqsave(xa, flags);

	queue = xa_load(xa, doorbell);

	if (queue)

		amdgpu_userq_fence_driver_process(queue->fence_drv);

	xa_unlock_irqrestore(xa, flags);

}

	if (queue) {

		r = amdgpu_userq_fence_driver_process(queue->fence_drv);

		/*

		 * We are in interrupt context here, this *can't* wait for

		 * reset work to finish.

		 */

		if (r >= 0)

			cancel_delayed_work(&queue->hang_detect_work);

static void amdgpu_userq_init_hang_detect_work(struct amdgpu_usermode_queue *queue)

{

	INIT_DELAYED_WORK(&queue->hang_detect_work, amdgpu_userq_hang_detect_work);

	queue->hang_detect_fence = NULL;

		/* Restart the timer when there are still fences pending */

		if (r == 1)

			amdgpu_userq_start_hang_detect_work(queue);

	}

	xa_unlock_irqrestore(xa, flags);

}

static int amdgpu_userq_buffer_va_list_add(struct amdgpu_usermode_queue *queue,

	struct amdgpu_device *adev = uq_mgr->adev;

	const struct amdgpu_userq_funcs *userq_funcs =

		adev->userq_funcs[queue->queue_type];

	bool found_hung_queue = false;

	int r = 0;

	int r;

	if (queue->state == AMDGPU_USERQ_STATE_MAPPED) {

		r = userq_funcs->preempt(queue);

		if (r) {

			queue->state = AMDGPU_USERQ_STATE_HUNG;

			found_hung_queue = true;

			return r;

		} else {

			queue->state = AMDGPU_USERQ_STATE_PREEMPTED;

		}

	}

	if (found_hung_queue)

		amdgpu_userq_detect_and_reset_queues(uq_mgr);

	return r;

	return 0;

}

static int amdgpu_userq_restore_helper(struct amdgpu_usermode_queue *queue)

	struct amdgpu_device *adev = uq_mgr->adev;

	const struct amdgpu_userq_funcs *userq_funcs =

		adev->userq_funcs[queue->queue_type];

	bool found_hung_queue = false;

	int r = 0;

	int r;

	if ((queue->state == AMDGPU_USERQ_STATE_MAPPED) ||

	    (queue->state == AMDGPU_USERQ_STATE_PREEMPTED)) {

		r = userq_funcs->unmap(queue);

		if (r) {

			queue->state = AMDGPU_USERQ_STATE_HUNG;

			found_hung_queue = true;

			return r;

		} else {

			queue->state = AMDGPU_USERQ_STATE_UNMAPPED;

		}

	}

	if (found_hung_queue)

		amdgpu_userq_detect_and_reset_queues(uq_mgr);

	return r;

	return 0;

}

static int amdgpu_userq_map_helper(struct amdgpu_usermode_queue *queue)

	struct amdgpu_device *adev = uq_mgr->adev;

	const struct amdgpu_userq_funcs *userq_funcs =

		adev->userq_funcs[queue->queue_type];

	int r = 0;

	int r;

	if (queue->state == AMDGPU_USERQ_STATE_UNMAPPED) {

		r = userq_funcs->map(queue);

		if (r) {

			queue->state = AMDGPU_USERQ_STATE_HUNG;

			amdgpu_userq_detect_and_reset_queues(uq_mgr);

			return r;

		} else {

			queue->state = AMDGPU_USERQ_STATE_MAPPED;

		}

	}

	return r;

	return 0;

}

static void amdgpu_userq_wait_for_last_fence(struct amdgpu_usermode_queue *queue)

	amdgpu_bo_unreserve(vm->root.bo);

	mutex_lock(&uq_mgr->userq_mutex);

	queue->hang_detect_fence = NULL;

	amdgpu_userq_wait_for_last_fence(queue);

#if defined(CONFIG_DEBUG_FS)

	debugfs_remove_recursive(queue->debugfs_queue);

#endif

	amdgpu_userq_detect_and_reset_queues(uq_mgr);

	r = amdgpu_userq_unmap_helper(queue);

	atomic_dec(&uq_mgr->userq_count[queue->queue_type]);

	amdgpu_userq_cleanup(queue);

	}

	queue->doorbell_index = index;

	mutex_init(&queue->fence_drv_lock);

	xa_init_flags(&queue->fence_drv_xa, XA_FLAGS_ALLOC);

	r = amdgpu_userq_fence_driver_alloc(adev, &queue->fence_drv);

	if (r) {

	up_read(&adev->reset_domain->sem);

	amdgpu_debugfs_userq_init(filp, queue, qid);

	amdgpu_userq_init_hang_detect_work(queue);

	INIT_DELAYED_WORK(&queue->hang_detect_work,

			  amdgpu_userq_hang_detect_work);

	args->out.queue_id = qid;

	atomic_inc(&uq_mgr->userq_count[queue->queue_type]);

	amdgpu_bo_reserve(fpriv->vm.root.bo, true);

	amdgpu_userq_buffer_vas_list_cleanup(adev, queue);

	amdgpu_bo_unreserve(fpriv->vm.root.bo);

	mutex_destroy(&queue->fence_drv_lock);

free_queue:

	kfree(queue);

err_pm_runtime:

	unsigned long queue_id;

	int ret = 0, r;

	amdgpu_userq_detect_and_reset_queues(uq_mgr);

	/* Try to unmap all the queues in this process ctx */

	xa_for_each(&uq_mgr->userq_xa, queue_id, queue) {

		r = amdgpu_userq_preempt_helper(queue);

			ret = r;

	}

	if (ret)

	if (ret) {

		drm_file_err(uq_mgr->file,

			     "Couldn't unmap all the queues, eviction failed ret=%d\n", ret);

		amdgpu_userq_detect_and_reset_queues(uq_mgr);

	}

	return ret;

}

		uqm = queue->userq_mgr;

		cancel_delayed_work_sync(&uqm->resume_work);

		guard(mutex)(&uqm->userq_mutex);

		amdgpu_userq_detect_and_reset_queues(uqm);

		if (adev->in_s0ix)

			r = amdgpu_userq_preempt_helper(queue);

		else

		if (((queue->queue_type == AMDGPU_HW_IP_GFX) ||

		     (queue->queue_type == AMDGPU_HW_IP_COMPUTE)) &&

		    (queue->xcp_id == idx)) {

			amdgpu_userq_detect_and_reset_queues(uqm);

			r = amdgpu_userq_preempt_helper(queue);

			if (r)

				ret = r;

{

	const struct amdgpu_userq_funcs *userq_funcs;

	struct amdgpu_usermode_queue *queue;

	struct amdgpu_userq_mgr *uqm;

	unsigned long queue_id;

	/* TODO: We probably need a new lock for the queue state */

	xa_for_each(&adev->userq_doorbell_xa, queue_id, queue) {

		uqm = queue->userq_mgr;

		cancel_delayed_work_sync(&uqm->resume_work);

		if (queue->state == AMDGPU_USERQ_STATE_MAPPED) {

			amdgpu_userq_wait_for_last_fence(queue);

		if (queue->state != AMDGPU_USERQ_STATE_MAPPED)

			continue;

		userq_funcs = adev->userq_funcs[queue->queue_type];

		userq_funcs->unmap(queue);

		/* just mark all queues as hung at this point.

		amdgpu_userq_fence_driver_force_completion(queue);

	}

}

}

int amdgpu_userq_post_reset(struct amdgpu_device *adev, bool vram_lost)

{

	struct amdgpu_userq_obj	db_obj;

	struct amdgpu_userq_obj fw_obj;

	struct amdgpu_userq_obj wptr_obj;

	/**

	 * @fence_drv_lock: Protecting @fence_drv_xa.

	 */

	struct mutex		fence_drv_lock;

	/**

	 * @fence_drv_xa:

	 *

	 * References to the external fence drivers returned by wait_ioctl.

	 * Dropped on the next signaled dma_fence or queue destruction.

	 */

	struct xarray		fence_drv_xa;

	struct amdgpu_userq_fence_driver *fence_drv;

	struct dma_fence	*last_fence;

	int			priority;

	struct dentry		*debugfs_queue;

	struct delayed_work hang_detect_work;

	struct dma_fence *hang_detect_fence;

	struct kref		refcount;

	struct list_head	userq_va_list;