drm/vmwgfx: Remove the duplicate bo_free function

jira VULN-8161
cve CVE-2023-5633
commit-author Zack Rusin <zackr@vmware.com>
commit 6b2e8aa
upstream-diff Trivial resolution because our ttm_bo_init_reserved() still
              has the unused `size` argument.

Remove the explicit bo_free parameter which was switching between
vmw_bo_bo_free and vmw_gem_destroy which had exactly the same
implementation.

It makes no sense to keep parameter which is always the same, remove it
and all code referencing it. Instead use the vmw_bo_bo_free directly.

	Signed-off-by: Zack Rusin <zackr@vmware.com>
	Reviewed-by: Martin Krastev <krastevm@vmware.com>
	Reviewed-by: Maaz Mombasawala <mombasawalam@vmware.com>
	Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20230131033542.953249-3-zack@kde.org
(cherry picked from commit 6b2e8aa)
	Signed-off-by: Sultan Alsawaf <sultan@ciq.com>

Author: kerneltoast

drivers/gpu/drm/vmwgfx/vmwgfx_bo.c

@@ -46,6 +46,22 @@ vmw_buffer_object(struct ttm_buffer_object *bo)
 	return container_of(bo, struct vmw_buffer_object, base);
 }
 
+/**
+ * vmw_bo_bo_free - vmw buffer object destructor
+ *
+ * @bo: Pointer to the embedded struct ttm_buffer_object
+ */
+static void vmw_bo_bo_free(struct ttm_buffer_object *bo)
+{
+	struct vmw_buffer_object *vmw_bo = vmw_buffer_object(bo);
+
+	WARN_ON(vmw_bo->dirty);
+	WARN_ON(!RB_EMPTY_ROOT(&vmw_bo->res_tree));
+	vmw_bo_unmap(vmw_bo);
+	drm_gem_object_release(&bo->base);
+	kfree(vmw_bo);
+}
+
 /**
  * bo_is_vmw - check if the buffer object is a &vmw_buffer_object
  * @bo: ttm buffer object to be checked
@@ -58,8 +74,7 @@ vmw_buffer_object(struct ttm_buffer_object *bo)
  */
 static bool bo_is_vmw(struct ttm_buffer_object *bo)
 {
-	return bo->destroy == &vmw_bo_bo_free ||
-	       bo->destroy == &vmw_gem_destroy;
+	return bo->destroy == &vmw_bo_bo_free;
 }
 
 /**
@@ -376,23 +391,6 @@ void vmw_bo_unmap(struct vmw_buffer_object *vbo)
 	ttm_bo_kunmap(&vbo->map);
 }
 
-
-/**
- * vmw_bo_bo_free - vmw buffer object destructor
- *
- * @bo: Pointer to the embedded struct ttm_buffer_object
- */
-void vmw_bo_bo_free(struct ttm_buffer_object *bo)
-{
-	struct vmw_buffer_object *vmw_bo = vmw_buffer_object(bo);
-
-	WARN_ON(vmw_bo->dirty);
-	WARN_ON(!RB_EMPTY_ROOT(&vmw_bo->res_tree));
-	vmw_bo_unmap(vmw_bo);
-	drm_gem_object_release(&bo->base);
-	kfree(vmw_bo);
-}
-
 /* default destructor */
 static void vmw_bo_default_destroy(struct ttm_buffer_object *bo)
 {
@@ -449,22 +447,18 @@ int vmw_bo_create_kernel(struct vmw_private *dev_priv, unsigned long size,
 int vmw_bo_create(struct vmw_private *vmw,
 		  size_t size, struct ttm_placement *placement,
 		  bool interruptible, bool pin,
-		  void (*bo_free)(struct ttm_buffer_object *bo),
 		  struct vmw_buffer_object **p_bo)
 {
 	int ret;
 
-	BUG_ON(!bo_free);
-
 	*p_bo = kmalloc(sizeof(**p_bo), GFP_KERNEL);
 	if (unlikely(!*p_bo)) {
 		DRM_ERROR("Failed to allocate a buffer.\n");
 		return -ENOMEM;
 	}
 
 	ret = vmw_bo_init(vmw, *p_bo, size,
-			  placement, interruptible, pin,
-			  bo_free);
+			  placement, interruptible, pin);
 	if (unlikely(ret != 0))
 		goto out_error;
 
@@ -484,16 +478,14 @@ int vmw_bo_create(struct vmw_private *vmw,
  * @placement: Initial placement.
  * @interruptible: Whether waits should be performed interruptible.
  * @pin: If the BO should be created pinned at a fixed location.
- * @bo_free: The buffer object destructor.
  * Returns: Zero on success, negative error code on error.
  *
  * Note that on error, the code will free the buffer object.
  */
 int vmw_bo_init(struct vmw_private *dev_priv,
 		struct vmw_buffer_object *vmw_bo,
 		size_t size, struct ttm_placement *placement,
-		bool interruptible, bool pin,
-		void (*bo_free)(struct ttm_buffer_object *bo))
+		bool interruptible, bool pin)
 {
 	struct ttm_operation_ctx ctx = {
 		.interruptible = interruptible,
@@ -503,7 +495,6 @@ int vmw_bo_init(struct vmw_private *dev_priv,
 	struct drm_device *vdev = &dev_priv->drm;
 	int ret;
 
-	WARN_ON_ONCE(!bo_free);
 	memset(vmw_bo, 0, sizeof(*vmw_bo));
 	BUILD_BUG_ON(TTM_MAX_BO_PRIORITY <= 3);
 	vmw_bo->base.priority = 3;
@@ -515,7 +506,7 @@ int vmw_bo_init(struct vmw_private *dev_priv,
 	ret = ttm_bo_init_reserved(bdev, &vmw_bo->base, size,
 				   ttm_bo_type_device,
 				   placement,
-				   0, &ctx, NULL, NULL, bo_free);
+				   0, &ctx, NULL, NULL, vmw_bo_bo_free);
 	if (unlikely(ret)) {
 		return ret;
 	}

drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c

@@ -424,7 +424,7 @@ static int vmw_cotable_resize(struct vmw_resource *res, size_t new_size)
 	 * we can use tryreserve without failure.
 	 */
 	ret = vmw_bo_create(dev_priv, new_size, &vmw_mob_placement,
-			    true, true, vmw_bo_bo_free, &buf);
+			    true, true, &buf);
 	if (ret) {
 		DRM_ERROR("Failed initializing new cotable MOB.\n");
 		goto out_done;

drivers/gpu/drm/vmwgfx/vmwgfx_drv.c

@@ -398,8 +398,7 @@ static int vmw_dummy_query_bo_create(struct vmw_private *dev_priv)
 	 * user of the bo currently.
 	 */
 	ret = vmw_bo_create(dev_priv, PAGE_SIZE,
-			    &vmw_sys_placement, false, true,
-			    &vmw_bo_bo_free, &vbo);
+			    &vmw_sys_placement, false, true, &vbo);
 	if (unlikely(ret != 0))
 		return ret;
 

drivers/gpu/drm/vmwgfx/vmwgfx_drv.h

@@ -891,21 +891,18 @@ extern int vmw_bo_unpin(struct vmw_private *vmw_priv,
 extern void vmw_bo_get_guest_ptr(const struct ttm_buffer_object *buf,
 				 SVGAGuestPtr *ptr);
 extern void vmw_bo_pin_reserved(struct vmw_buffer_object *bo, bool pin);
-extern void vmw_bo_bo_free(struct ttm_buffer_object *bo);
 extern int vmw_bo_create_kernel(struct vmw_private *dev_priv,
 				unsigned long size,
 				struct ttm_placement *placement,
 				struct ttm_buffer_object **p_bo);
 extern int vmw_bo_create(struct vmw_private *dev_priv,
 			 size_t size, struct ttm_placement *placement,
 			 bool interruptible, bool pin,
-			 void (*bo_free)(struct ttm_buffer_object *bo),
 			 struct vmw_buffer_object **p_bo);
 extern int vmw_bo_init(struct vmw_private *dev_priv,
 		       struct vmw_buffer_object *vmw_bo,
 		       size_t size, struct ttm_placement *placement,
-		       bool interruptible, bool pin,
-		       void (*bo_free)(struct ttm_buffer_object *bo));
+		       bool interruptible, bool pin);
 extern int vmw_bo_unref_ioctl(struct drm_device *dev, void *data,
 			      struct drm_file *file_priv);
 extern int vmw_user_bo_synccpu_ioctl(struct drm_device *dev, void *data,
@@ -980,7 +977,6 @@ extern int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv,
 					     struct vmw_buffer_object **p_vbo);
 extern int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data,
 				       struct drm_file *filp);
-extern void vmw_gem_destroy(struct ttm_buffer_object *bo);
 extern void vmw_debugfs_gem_init(struct vmw_private *vdev);
 
 /**

drivers/gpu/drm/vmwgfx/vmwgfx_gem.c

@@ -125,22 +125,6 @@ static const struct drm_gem_object_funcs vmw_gem_object_funcs = {
 	.vm_ops = &vmw_vm_ops,
 };
 
-/**
- * vmw_gem_destroy - vmw buffer object destructor
- *
- * @bo: Pointer to the embedded struct ttm_buffer_object
- */
-void vmw_gem_destroy(struct ttm_buffer_object *bo)
-{
-	struct vmw_buffer_object *vbo = vmw_buffer_object(bo);
-
-	WARN_ON(vbo->dirty);
-	WARN_ON(!RB_EMPTY_ROOT(&vbo->res_tree));
-	vmw_bo_unmap(vbo);
-	drm_gem_object_release(&vbo->base.base);
-	kfree(vbo);
-}
-
 int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv,
 				      struct drm_file *filp,
 				      uint32_t size,
@@ -153,7 +137,7 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv,
 			    (dev_priv->has_mob) ?
 				    &vmw_sys_placement :
 				    &vmw_vram_sys_placement,
-			    true, false, &vmw_gem_destroy, p_vbo);
+			    true, false, p_vbo);
 
 	(*p_vbo)->base.base.funcs = &vmw_gem_object_funcs;
 	if (ret != 0)

drivers/gpu/drm/vmwgfx/vmwgfx_resource.c

@@ -332,8 +332,7 @@ static int vmw_resource_buf_alloc(struct vmw_resource *res,
 
 	ret = vmw_bo_create(res->dev_priv, res->backup_size,
 			    res->func->backup_placement,
-			    interruptible, false,
-			    &vmw_bo_bo_free, &backup);
+			    interruptible, false, &backup);
 	if (unlikely(ret != 0))
 		goto out_no_bo;
 

drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c

@@ -445,7 +445,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane,
 	vmw_overlay_pause_all(dev_priv);
 	ret = vmw_bo_create(dev_priv, size,
 			    &vmw_vram_placement,
-			    false, true, &vmw_bo_bo_free, &vps->bo);
+			    false, true, &vps->bo);
 	vmw_overlay_resume_all(dev_priv);
 	if (ret) {
 		vps->bo = NULL; /* vmw_bo_init frees on error */

drivers/gpu/drm/vmwgfx/vmwgfx_shader.c

@@ -893,7 +893,7 @@ int vmw_compat_shader_add(struct vmw_private *dev_priv,
 		return -EINVAL;
 
 	ret = vmw_bo_create(dev_priv, size, &vmw_sys_placement,
-			    true, true, vmw_bo_bo_free, &buf);
+			    true, true, &buf);
 	if (unlikely(ret != 0))
 		goto out;