2025-03-28 00:26:29 +01:00
|
|
|
// SPDX-License-Identifier: MIT
|
2019-05-28 10:29:47 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright © 2014-2016 Intel Corporation
|
|
|
|
|
*/
|
|
|
|
|
|
2020-01-01 14:10:07 +00:00
|
|
|
#include <linux/anon_inodes.h>
|
2019-05-28 10:29:47 +01:00
|
|
|
#include <linux/mman.h>
|
|
|
|
|
#include <linux/sizes.h>
|
|
|
|
|
|
2022-02-10 17:45:48 +02:00
|
|
|
#include <drm/drm_cache.h>
|
|
|
|
|
|
2019-07-12 20:29:53 +01:00
|
|
|
#include "gt/intel_gt.h"
|
2019-10-04 14:40:06 +01:00
|
|
|
#include "gt/intel_gt_requests.h"
|
2019-07-12 20:29:53 +01:00
|
|
|
|
2019-05-28 10:29:47 +01:00
|
|
|
#include "i915_drv.h"
|
Merge tag 'drm-intel-gt-next-2022-02-17' of git://anongit.freedesktop.org/drm/drm-intel into drm-intel-next
UAPI Changes:
- Weak parallel submission support for execlists
Minimal implementation of the parallel submission support for
execlists backend that was previously only implemented for GuC.
Support one sibling non-virtual engine.
Core Changes:
- Two backmerges of drm/drm-next for header file renames/changes and
i915_regs reorganization
Driver Changes:
- Add new DG2 subplatform: DG2-G12 (Matt R)
- Add new DG2 workarounds (Matt R, Ram, Bruce)
- Handle pre-programmed WOPCM registers for DG2+ (Daniele)
- Update guc shim control programming on XeHP SDV+ (Daniele)
- Add RPL-S C0/D0 stepping information (Anusha)
- Improve GuC ADS initialization to work on ARM64 on dGFX (Lucas)
- Fix KMD and GuC race on accessing PMU busyness (Umesh)
- Use PM timestamp instead of RING TIMESTAMP for reference in PMU with GuC (Umesh)
- Report error on invalid reset notification from GuC (John)
- Avoid WARN splat by holding RPM wakelock during PXP unbind (Juston)
- Fixes to parallel submission implementation (Matt B.)
- Improve GuC loading status check/error reports (John)
- Tweak TTM LRU priority hint selection (Matt A.)
- Align the plane_vma to min_page_size of stolen mem (Ram)
- Introduce vma resources and implement async unbinding (Thomas)
- Use struct vma_resource instead of struct vma_snapshot (Thomas)
- Return some TTM accel move errors instead of trying memcpy move (Thomas)
- Fix a race between vma / object destruction and unbinding (Thomas)
- Remove short-term pins from execbuf (Maarten)
- Update to GuC version 69.0.3 (John, Michal Wa.)
- Improvements to GT reset paths in GuC backend (Matt B.)
- Use shrinker_release_pages instead of writeback in shmem object hooks (Matt A., Tvrtko)
- Use trylock instead of blocking lock when freeing GEM objects (Maarten)
- Allocate intel_engine_coredump_alloc with ALLOW_FAIL (Matt B.)
- Fixes to object unmapping and purging (Matt A)
- Check for wedged device in GuC backend (John)
- Avoid lockdep splat by locking dpt_obj around set_cache_level (Maarten)
- Allow dead vm to unbind vma's without lock (Maarten)
- s/engine->i915/i915/ for DG2 engine workarounds (Matt R)
- Use to_gt() helper for GGTT accesses (Michal Wi.)
- Selftest improvements (Matt B., Thomas, Ram)
- Coding style and compiler warning fixes (Matt B., Jasmine, Andi, Colin, Gustavo, Dan)
From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/Yg4i2aCZvvee5Eai@jlahtine-mobl.ger.corp.intel.com
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
[Fixed conflicts while applying, using the fixups/drm-intel-gt-next.patch
from drm-rerere's 1f2b1742abdd ("2022y-02m-23d-16h-07m-57s UTC: drm-tip
rerere cache update")]
2022-02-23 14:19:43 -05:00
|
|
|
#include "i915_gem_evict.h"
|
2019-05-28 10:29:47 +01:00
|
|
|
#include "i915_gem_gtt.h"
|
|
|
|
|
#include "i915_gem_ioctls.h"
|
|
|
|
|
#include "i915_gem_object.h"
|
2019-12-04 12:00:32 +00:00
|
|
|
#include "i915_gem_mman.h"
|
2021-12-08 09:42:15 +05:30
|
|
|
#include "i915_mm.h"
|
2019-08-06 13:07:28 +03:00
|
|
|
#include "i915_trace.h"
|
2019-12-04 18:06:28 +00:00
|
|
|
#include "i915_user_extensions.h"
|
2021-06-10 09:01:52 +02:00
|
|
|
#include "i915_gem_ttm.h"
|
2019-05-28 10:29:47 +01:00
|
|
|
#include "i915_vma.h"
|
|
|
|
|
|
|
|
|
|
static inline bool
|
|
|
|
|
__vma_matches(struct vm_area_struct *vma, struct file *filp,
|
|
|
|
|
unsigned long addr, unsigned long size)
|
|
|
|
|
{
|
|
|
|
|
if (vma->vm_file != filp)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
return vma->vm_start == addr &&
|
|
|
|
|
(vma->vm_end - vma->vm_start) == PAGE_ALIGN(size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* i915_gem_mmap_ioctl - Maps the contents of an object, returning the address
|
|
|
|
|
* it is mapped to.
|
|
|
|
|
* @dev: drm device
|
|
|
|
|
* @data: ioctl data blob
|
|
|
|
|
* @file: drm file
|
|
|
|
|
*
|
|
|
|
|
* While the mapping holds a reference on the contents of the object, it doesn't
|
|
|
|
|
* imply a ref on the object itself.
|
|
|
|
|
*
|
|
|
|
|
* IMPORTANT:
|
|
|
|
|
*
|
|
|
|
|
* DRM driver writers who look a this function as an example for how to do GEM
|
|
|
|
|
* mmap support, please don't implement mmap support like here. The modern way
|
|
|
|
|
* to implement DRM mmap support is with an mmap offset ioctl (like
|
|
|
|
|
* i915_gem_mmap_gtt) and then using the mmap syscall on the DRM fd directly.
|
|
|
|
|
* That way debug tooling like valgrind will understand what's going on, hiding
|
|
|
|
|
* the mmap call in a driver private ioctl will break that. The i915 driver only
|
|
|
|
|
* does cpu mmaps this way because we didn't know better.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
|
|
|
|
|
struct drm_file *file)
|
|
|
|
|
{
|
2021-06-01 09:46:52 +02:00
|
|
|
struct drm_i915_private *i915 = to_i915(dev);
|
2019-05-28 10:29:47 +01:00
|
|
|
struct drm_i915_gem_mmap *args = data;
|
|
|
|
|
struct drm_i915_gem_object *obj;
|
|
|
|
|
unsigned long addr;
|
|
|
|
|
|
2021-06-24 13:29:14 +02:00
|
|
|
/*
|
|
|
|
|
* mmap ioctl is disallowed for all discrete platforms,
|
|
|
|
|
* and for all platforms with GRAPHICS_VER > 12.
|
2021-06-01 09:46:52 +02:00
|
|
|
*/
|
2022-04-07 09:18:39 -07:00
|
|
|
if (IS_DGFX(i915) || GRAPHICS_VER_FULL(i915) > IP_VER(12, 0))
|
2021-06-01 09:46:52 +02:00
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
2019-05-28 10:29:47 +01:00
|
|
|
if (args->flags & ~(I915_MMAP_WC))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2021-12-01 16:30:48 -08:00
|
|
|
if (args->flags & I915_MMAP_WC && !pat_enabled())
|
2019-05-28 10:29:47 +01:00
|
|
|
return -ENODEV;
|
|
|
|
|
|
|
|
|
|
obj = i915_gem_object_lookup(file, args->handle);
|
|
|
|
|
if (!obj)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
|
|
/* prime objects have no backing filp to GEM mmap
|
|
|
|
|
* pages from.
|
|
|
|
|
*/
|
|
|
|
|
if (!obj->base.filp) {
|
|
|
|
|
addr = -ENXIO;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (range_overflows(args->offset, args->size, (u64)obj->base.size)) {
|
|
|
|
|
addr = -EINVAL;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addr = vm_mmap(obj->base.filp, 0, args->size,
|
|
|
|
|
PROT_READ | PROT_WRITE, MAP_SHARED,
|
|
|
|
|
args->offset);
|
|
|
|
|
if (IS_ERR_VALUE(addr))
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
if (args->flags & I915_MMAP_WC) {
|
|
|
|
|
struct mm_struct *mm = current->mm;
|
|
|
|
|
struct vm_area_struct *vma;
|
|
|
|
|
|
2020-06-08 21:33:25 -07:00
|
|
|
if (mmap_write_lock_killable(mm)) {
|
2019-05-28 10:29:47 +01:00
|
|
|
addr = -EINTR;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
vma = find_vma(mm, addr);
|
|
|
|
|
if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
|
|
|
|
|
vma->vm_page_prot =
|
|
|
|
|
pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
|
|
|
|
|
else
|
|
|
|
|
addr = -ENOMEM;
|
2020-06-08 21:33:25 -07:00
|
|
|
mmap_write_unlock(mm);
|
2019-05-28 10:29:47 +01:00
|
|
|
if (IS_ERR_VALUE(addr))
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
i915_gem_object_put(obj);
|
|
|
|
|
|
|
|
|
|
args->addr_ptr = (u64)addr;
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
i915_gem_object_put(obj);
|
|
|
|
|
return addr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned int tile_row_pages(const struct drm_i915_gem_object *obj)
|
|
|
|
|
{
|
|
|
|
|
return i915_gem_object_get_tile_row_size(obj) >> PAGE_SHIFT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* i915_gem_mmap_gtt_version - report the current feature set for GTT mmaps
|
|
|
|
|
*
|
|
|
|
|
* A history of the GTT mmap interface:
|
|
|
|
|
*
|
|
|
|
|
* 0 - Everything had to fit into the GTT. Both parties of a memcpy had to
|
|
|
|
|
* aligned and suitable for fencing, and still fit into the available
|
|
|
|
|
* mappable space left by the pinned display objects. A classic problem
|
|
|
|
|
* we called the page-fault-of-doom where we would ping-pong between
|
|
|
|
|
* two objects that could not fit inside the GTT and so the memcpy
|
|
|
|
|
* would page one object in at the expense of the other between every
|
|
|
|
|
* single byte.
|
|
|
|
|
*
|
|
|
|
|
* 1 - Objects can be any size, and have any compatible fencing (X Y, or none
|
|
|
|
|
* as set via i915_gem_set_tiling() [DRM_I915_GEM_SET_TILING]). If the
|
|
|
|
|
* object is too large for the available space (or simply too large
|
|
|
|
|
* for the mappable aperture!), a view is created instead and faulted
|
|
|
|
|
* into userspace. (This view is aligned and sized appropriately for
|
|
|
|
|
* fenced access.)
|
|
|
|
|
*
|
|
|
|
|
* 2 - Recognise WC as a separate cache domain so that we can flush the
|
|
|
|
|
* delayed writes via GTT before performing direct access via WC.
|
|
|
|
|
*
|
|
|
|
|
* 3 - Remove implicit set-domain(GTT) and synchronisation on initial
|
|
|
|
|
* pagefault; swapin remains transparent.
|
|
|
|
|
*
|
2019-12-04 12:00:32 +00:00
|
|
|
* 4 - Support multiple fault handlers per object depending on object's
|
|
|
|
|
* backing storage (a.k.a. MMAP_OFFSET).
|
|
|
|
|
*
|
2025-03-06 13:08:27 -08:00
|
|
|
* 5 - Support multiple partial mmaps(mmap part of BO + unmap a offset, multiple
|
|
|
|
|
* times with different size and offset).
|
|
|
|
|
*
|
2019-05-28 10:29:47 +01:00
|
|
|
* Restrictions:
|
|
|
|
|
*
|
|
|
|
|
* * snoopable objects cannot be accessed via the GTT. It can cause machine
|
|
|
|
|
* hangs on some architectures, corruption on others. An attempt to service
|
|
|
|
|
* a GTT page fault from a snoopable object will generate a SIGBUS.
|
|
|
|
|
*
|
|
|
|
|
* * the object must be able to fit into RAM (physical memory, though no
|
|
|
|
|
* limited to the mappable aperture).
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* Caveats:
|
|
|
|
|
*
|
|
|
|
|
* * a new GTT page fault will synchronize rendering from the GPU and flush
|
|
|
|
|
* all data to system memory. Subsequent access will not be synchronized.
|
|
|
|
|
*
|
|
|
|
|
* * all mappings are revoked on runtime device suspend.
|
|
|
|
|
*
|
|
|
|
|
* * there are only 8, 16 or 32 fence registers to share between all users
|
|
|
|
|
* (older machines require fence register for display and blitter access
|
|
|
|
|
* as well). Contention of the fence registers will cause the previous users
|
|
|
|
|
* to be unmapped and any new access will generate new page faults.
|
|
|
|
|
*
|
|
|
|
|
* * running out of memory while servicing a fault may generate a SIGBUS,
|
|
|
|
|
* rather than the expected SIGSEGV.
|
|
|
|
|
*/
|
|
|
|
|
int i915_gem_mmap_gtt_version(void)
|
|
|
|
|
{
|
2025-03-06 13:08:27 -08:00
|
|
|
return 5;
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
2022-09-01 11:38:54 -07:00
|
|
|
static inline struct i915_gtt_view
|
2019-05-28 10:29:47 +01:00
|
|
|
compute_partial_view(const struct drm_i915_gem_object *obj,
|
|
|
|
|
pgoff_t page_offset,
|
|
|
|
|
unsigned int chunk)
|
|
|
|
|
{
|
2022-09-01 11:38:54 -07:00
|
|
|
struct i915_gtt_view view;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
|
|
|
|
if (i915_gem_object_is_tiled(obj))
|
2021-04-21 18:33:58 +03:00
|
|
|
chunk = roundup(chunk, tile_row_pages(obj) ?: 1);
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2022-09-01 11:38:54 -07:00
|
|
|
view.type = I915_GTT_VIEW_PARTIAL;
|
2019-05-28 10:29:47 +01:00
|
|
|
view.partial.offset = rounddown(page_offset, chunk);
|
|
|
|
|
view.partial.size =
|
|
|
|
|
min_t(unsigned int, chunk,
|
|
|
|
|
(obj->base.size >> PAGE_SHIFT) - view.partial.offset);
|
|
|
|
|
|
|
|
|
|
/* If the partial covers the entire object, just create a normal VMA. */
|
|
|
|
|
if (chunk >= obj->base.size >> PAGE_SHIFT)
|
2022-09-01 11:38:54 -07:00
|
|
|
view.type = I915_GTT_VIEW_NORMAL;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
|
|
|
|
return view;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
static vm_fault_t i915_error_to_vmf_fault(int err)
|
|
|
|
|
{
|
|
|
|
|
switch (err) {
|
|
|
|
|
default:
|
|
|
|
|
WARN_ONCE(err, "unhandled error in %s: %i\n", __func__, err);
|
2020-08-23 17:36:59 -05:00
|
|
|
fallthrough;
|
2019-12-04 12:00:32 +00:00
|
|
|
case -EIO: /* shmemfs failure from swap device */
|
|
|
|
|
case -EFAULT: /* purged object */
|
|
|
|
|
case -ENODEV: /* bad object, how did you get here! */
|
2020-01-03 20:41:35 +00:00
|
|
|
case -ENXIO: /* unable to access backing store (on device) */
|
2019-12-04 12:00:32 +00:00
|
|
|
return VM_FAULT_SIGBUS;
|
|
|
|
|
|
|
|
|
|
case -ENOMEM: /* our allocation failure */
|
|
|
|
|
return VM_FAULT_OOM;
|
|
|
|
|
|
|
|
|
|
case 0:
|
|
|
|
|
case -EAGAIN:
|
2020-05-15 21:00:31 +01:00
|
|
|
case -ENOSPC: /* transient failure to evict? */
|
2023-10-12 16:28:01 +03:00
|
|
|
case -ENOBUFS: /* temporarily out of fences? */
|
2019-12-04 12:00:32 +00:00
|
|
|
case -ERESTARTSYS:
|
|
|
|
|
case -EINTR:
|
|
|
|
|
case -EBUSY:
|
|
|
|
|
/*
|
|
|
|
|
* EBUSY is ok: this just means that another thread
|
|
|
|
|
* already did the job.
|
|
|
|
|
*/
|
|
|
|
|
return VM_FAULT_NOPAGE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static vm_fault_t vm_fault_cpu(struct vm_fault *vmf)
|
|
|
|
|
{
|
|
|
|
|
struct vm_area_struct *area = vmf->vma;
|
|
|
|
|
struct i915_mmap_offset *mmo = area->vm_private_data;
|
|
|
|
|
struct drm_i915_gem_object *obj = mmo->obj;
|
2024-08-07 11:05:21 +01:00
|
|
|
unsigned long obj_offset;
|
2020-01-03 20:41:35 +00:00
|
|
|
resource_size_t iomap;
|
2019-12-04 12:00:32 +00:00
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
/* Sanity check that we allow writing into this object */
|
2019-12-31 20:03:56 +00:00
|
|
|
if (unlikely(i915_gem_object_is_readonly(obj) &&
|
|
|
|
|
area->vm_flags & VM_WRITE))
|
|
|
|
|
return VM_FAULT_SIGBUS;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2021-03-23 16:50:12 +01:00
|
|
|
if (i915_gem_object_lock_interruptible(obj, NULL))
|
|
|
|
|
return VM_FAULT_NOPAGE;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
err = i915_gem_object_pin_pages(obj);
|
|
|
|
|
if (err)
|
2019-12-31 20:03:56 +00:00
|
|
|
goto out;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2020-01-03 20:41:35 +00:00
|
|
|
iomap = -1;
|
2021-03-23 16:49:56 +01:00
|
|
|
if (!i915_gem_object_has_struct_page(obj)) {
|
2020-01-03 20:41:35 +00:00
|
|
|
iomap = obj->mm.region->iomap.base;
|
|
|
|
|
iomap -= obj->mm.region->region.start;
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-07 11:05:21 +01:00
|
|
|
obj_offset = area->vm_pgoff - drm_vma_node_start(&mmo->vma_node);
|
2019-12-04 12:00:32 +00:00
|
|
|
/* PTEs are revoked in obj->ops->put_pages() */
|
2020-01-03 20:41:35 +00:00
|
|
|
err = remap_io_sg(area,
|
|
|
|
|
area->vm_start, area->vm_end - area->vm_start,
|
2024-08-07 11:05:21 +01:00
|
|
|
obj->mm.pages->sgl, obj_offset, iomap);
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2019-12-31 20:03:56 +00:00
|
|
|
if (area->vm_flags & VM_WRITE) {
|
2019-12-04 12:00:32 +00:00
|
|
|
GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
|
|
|
|
|
obj->mm.dirty = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i915_gem_object_unpin_pages(obj);
|
|
|
|
|
|
2019-12-31 20:03:56 +00:00
|
|
|
out:
|
2021-03-23 16:50:12 +01:00
|
|
|
i915_gem_object_unlock(obj);
|
2019-12-31 20:03:56 +00:00
|
|
|
return i915_error_to_vmf_fault(err);
|
2019-12-04 12:00:32 +00:00
|
|
|
}
|
|
|
|
|
|
2024-08-02 10:38:50 +02:00
|
|
|
static void set_address_limits(struct vm_area_struct *area,
|
|
|
|
|
struct i915_vma *vma,
|
|
|
|
|
unsigned long obj_offset,
|
2024-08-07 11:45:53 +01:00
|
|
|
resource_size_t gmadr_start,
|
2024-08-02 10:38:50 +02:00
|
|
|
unsigned long *start_vaddr,
|
2024-08-07 11:45:53 +01:00
|
|
|
unsigned long *end_vaddr,
|
|
|
|
|
unsigned long *pfn)
|
2024-08-02 10:38:50 +02:00
|
|
|
{
|
|
|
|
|
unsigned long vm_start, vm_end, vma_size; /* user's memory parameters */
|
|
|
|
|
long start, end; /* memory boundaries */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Let's move into the ">> PAGE_SHIFT"
|
|
|
|
|
* domain to be sure not to lose bits
|
|
|
|
|
*/
|
|
|
|
|
vm_start = area->vm_start >> PAGE_SHIFT;
|
|
|
|
|
vm_end = area->vm_end >> PAGE_SHIFT;
|
|
|
|
|
vma_size = vma->size >> PAGE_SHIFT;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Calculate the memory boundaries by considering the offset
|
|
|
|
|
* provided by the user during memory mapping and the offset
|
|
|
|
|
* provided for the partial mapping.
|
|
|
|
|
*/
|
|
|
|
|
start = vm_start;
|
|
|
|
|
start -= obj_offset;
|
|
|
|
|
start += vma->gtt_view.partial.offset;
|
|
|
|
|
end = start + vma_size;
|
|
|
|
|
|
|
|
|
|
start = max_t(long, start, vm_start);
|
|
|
|
|
end = min_t(long, end, vm_end);
|
|
|
|
|
|
|
|
|
|
/* Let's move back into the "<< PAGE_SHIFT" domain */
|
|
|
|
|
*start_vaddr = (unsigned long)start << PAGE_SHIFT;
|
|
|
|
|
*end_vaddr = (unsigned long)end << PAGE_SHIFT;
|
2024-08-07 11:45:53 +01:00
|
|
|
|
|
|
|
|
*pfn = (gmadr_start + i915_ggtt_offset(vma)) >> PAGE_SHIFT;
|
|
|
|
|
*pfn += (*start_vaddr - area->vm_start) >> PAGE_SHIFT;
|
|
|
|
|
*pfn += obj_offset - vma->gtt_view.partial.offset;
|
2024-08-02 10:38:50 +02:00
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
static vm_fault_t vm_fault_gtt(struct vm_fault *vmf)
|
2019-05-28 10:29:47 +01:00
|
|
|
{
|
|
|
|
|
#define MIN_CHUNK_PAGES (SZ_1M >> PAGE_SHIFT)
|
|
|
|
|
struct vm_area_struct *area = vmf->vma;
|
2019-12-04 12:00:32 +00:00
|
|
|
struct i915_mmap_offset *mmo = area->vm_private_data;
|
|
|
|
|
struct drm_i915_gem_object *obj = mmo->obj;
|
2019-05-28 10:29:47 +01:00
|
|
|
struct drm_device *dev = obj->base.dev;
|
|
|
|
|
struct drm_i915_private *i915 = to_i915(dev);
|
2019-06-13 16:21:54 -07:00
|
|
|
struct intel_runtime_pm *rpm = &i915->runtime_pm;
|
2021-12-19 23:24:57 +02:00
|
|
|
struct i915_ggtt *ggtt = to_gt(i915)->ggtt;
|
2019-05-28 10:29:47 +01:00
|
|
|
bool write = area->vm_flags & VM_WRITE;
|
2020-08-19 16:09:02 +02:00
|
|
|
struct i915_gem_ww_ctx ww;
|
2024-08-02 10:38:50 +02:00
|
|
|
unsigned long obj_offset;
|
|
|
|
|
unsigned long start, end; /* memory boundaries */
|
2019-05-28 10:29:47 +01:00
|
|
|
intel_wakeref_t wakeref;
|
|
|
|
|
struct i915_vma *vma;
|
|
|
|
|
pgoff_t page_offset;
|
2024-08-02 10:38:50 +02:00
|
|
|
unsigned long pfn;
|
2019-05-28 10:29:47 +01:00
|
|
|
int srcu;
|
|
|
|
|
int ret;
|
|
|
|
|
|
2024-08-02 10:38:50 +02:00
|
|
|
obj_offset = area->vm_pgoff - drm_vma_node_start(&mmo->vma_node);
|
2019-05-28 10:29:47 +01:00
|
|
|
page_offset = (vmf->address - area->vm_start) >> PAGE_SHIFT;
|
2024-08-02 10:38:50 +02:00
|
|
|
page_offset += obj_offset;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
|
|
|
|
trace_i915_gem_object_fault(obj, page_offset, true, write);
|
|
|
|
|
|
2020-08-19 16:09:02 +02:00
|
|
|
wakeref = intel_runtime_pm_get(rpm);
|
|
|
|
|
|
|
|
|
|
i915_gem_ww_ctx_init(&ww, true);
|
|
|
|
|
retry:
|
|
|
|
|
ret = i915_gem_object_lock(obj, &ww);
|
2019-05-28 10:29:47 +01:00
|
|
|
if (ret)
|
2020-08-19 16:09:02 +02:00
|
|
|
goto err_rpm;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2020-08-19 16:09:02 +02:00
|
|
|
/* Sanity check that we allow writing into this object */
|
|
|
|
|
if (i915_gem_object_is_readonly(obj) && write) {
|
|
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto err_rpm;
|
|
|
|
|
}
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2020-08-19 16:09:02 +02:00
|
|
|
ret = i915_gem_object_pin_pages(obj);
|
2019-09-12 17:08:34 +01:00
|
|
|
if (ret)
|
2019-05-28 10:29:47 +01:00
|
|
|
goto err_rpm;
|
|
|
|
|
|
2022-11-02 12:21:09 -07:00
|
|
|
ret = intel_gt_reset_lock_interruptible(ggtt->vm.gt, &srcu);
|
2020-08-19 16:09:02 +02:00
|
|
|
if (ret)
|
|
|
|
|
goto err_pages;
|
|
|
|
|
|
2019-05-28 10:29:47 +01:00
|
|
|
/* Now pin it into the GTT as needed */
|
2020-08-19 16:09:02 +02:00
|
|
|
vma = i915_gem_object_ggtt_pin_ww(obj, &ww, NULL, 0, 0,
|
|
|
|
|
PIN_MAPPABLE |
|
|
|
|
|
PIN_NONBLOCK /* NOWARN */ |
|
|
|
|
|
PIN_NOEVICT);
|
|
|
|
|
if (IS_ERR(vma) && vma != ERR_PTR(-EDEADLK)) {
|
2019-05-28 10:29:47 +01:00
|
|
|
/* Use a partial view if it is bigger than available space */
|
2022-09-01 11:38:54 -07:00
|
|
|
struct i915_gtt_view view =
|
2019-05-28 10:29:47 +01:00
|
|
|
compute_partial_view(obj, page_offset, MIN_CHUNK_PAGES);
|
|
|
|
|
unsigned int flags;
|
|
|
|
|
|
2019-08-21 13:32:34 +01:00
|
|
|
flags = PIN_MAPPABLE | PIN_NOSEARCH;
|
2022-09-01 11:38:54 -07:00
|
|
|
if (view.type == I915_GTT_VIEW_NORMAL)
|
2019-05-28 10:29:47 +01:00
|
|
|
flags |= PIN_NONBLOCK; /* avoid warnings for pinned */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Userspace is now writing through an untracked VMA, abandon
|
|
|
|
|
* all hope that the hardware is able to track future writes.
|
|
|
|
|
*/
|
|
|
|
|
|
2020-08-19 16:09:02 +02:00
|
|
|
vma = i915_gem_object_ggtt_pin_ww(obj, &ww, &view, 0, 0, flags);
|
|
|
|
|
if (IS_ERR(vma) && vma != ERR_PTR(-EDEADLK)) {
|
2019-05-28 10:29:47 +01:00
|
|
|
flags = PIN_MAPPABLE;
|
2022-09-01 11:38:54 -07:00
|
|
|
view.type = I915_GTT_VIEW_PARTIAL;
|
2020-08-19 16:09:02 +02:00
|
|
|
vma = i915_gem_object_ggtt_pin_ww(obj, &ww, &view, 0, 0, flags);
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
2019-09-02 05:02:46 +01:00
|
|
|
|
2022-01-14 14:23:15 +01:00
|
|
|
/*
|
|
|
|
|
* The entire mappable GGTT is pinned? Unexpected!
|
|
|
|
|
* Try to evict the object we locked too, as normally we skip it
|
|
|
|
|
* due to lack of short term pinning inside execbuf.
|
|
|
|
|
*/
|
|
|
|
|
if (vma == ERR_PTR(-ENOSPC)) {
|
|
|
|
|
ret = mutex_lock_interruptible(&ggtt->vm.mutex);
|
|
|
|
|
if (!ret) {
|
2022-12-16 11:34:56 +00:00
|
|
|
ret = i915_gem_evict_vm(&ggtt->vm, &ww, NULL);
|
2022-01-14 14:23:15 +01:00
|
|
|
mutex_unlock(&ggtt->vm.mutex);
|
|
|
|
|
}
|
|
|
|
|
if (ret)
|
|
|
|
|
goto err_reset;
|
|
|
|
|
vma = i915_gem_object_ggtt_pin_ww(obj, &ww, &view, 0, 0, flags);
|
|
|
|
|
}
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
if (IS_ERR(vma)) {
|
|
|
|
|
ret = PTR_ERR(vma);
|
drm/i915: Pull i915_vma_pin under the vm->mutex
Replace the struct_mutex requirement for pinning the i915_vma with the
local vm->mutex instead. Note that the vm->mutex is tainted by the
shrinker (we require unbinding from inside fs-reclaim) and so we cannot
allocate while holding that mutex. Instead we have to preallocate
workers to do allocate and apply the PTE updates after we have we
reserved their slot in the drm_mm (using fences to order the PTE writes
with the GPU work and with later unbind).
In adding the asynchronous vma binding, one subtle requirement is to
avoid coupling the binding fence into the backing object->resv. That is
the asynchronous binding only applies to the vma timeline itself and not
to the pages as that is a more global timeline (the binding of one vma
does not need to be ordered with another vma, nor does the implicit GEM
fencing depend on a vma, only on writes to the backing store). Keeping
the vma binding distinct from the backing store timelines is verified by
a number of async gem_exec_fence and gem_exec_schedule tests. The way we
do this is quite simple, we keep the fence for the vma binding separate
and only wait on it as required, and never add it to the obj->resv
itself.
Another consequence in reducing the locking around the vma is the
destruction of the vma is no longer globally serialised by struct_mutex.
A natural solution would be to add a kref to i915_vma, but that requires
decoupling the reference cycles, possibly by introducing a new
i915_mm_pages object that is own by both obj->mm and vma->pages.
However, we have not taken that route due to the overshadowing lmem/ttm
discussions, and instead play a series of complicated games with
trylocks to (hopefully) ensure that only one destruction path is called!
v2: Add some commentary, and some helpers to reduce patch churn.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191004134015.13204-4-chris@chris-wilson.co.uk
2019-10-04 14:39:58 +01:00
|
|
|
goto err_reset;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Access to snoopable pages through the GTT is incoherent. */
|
drm/i915: use pat_index instead of cache_level
Currently the KMD is using enum i915_cache_level to set caching policy for
buffer objects. This is flaky because the PAT index which really controls
the caching behavior in PTE has far more levels than what's defined in the
enum. In addition, the PAT index is platform dependent, having to translate
between i915_cache_level and PAT index is not reliable, and makes the code
more complicated.
From UMD's perspective there is also a necessity to set caching policy for
performance fine tuning. It's much easier for the UMD to directly use PAT
index because the behavior of each PAT index is clearly defined in Bspec.
Having the abstracted i915_cache_level sitting in between would only cause
more ambiguity. PAT is expected to work much like MOCS already works today,
and by design userspace is expected to select the index that exactly
matches the desired behavior described in the hardware specification.
For these reasons this patch replaces i915_cache_level with PAT index. Also
note, the cache_level is not completely removed yet, because the KMD still
has the need of creating buffer objects with simple cache settings such as
cached, uncached, or writethrough. For kernel objects, cache_level is used
for simplicity and backward compatibility. For Pre-gen12 platforms PAT can
have 1:1 mapping to i915_cache_level, so these two are interchangeable. see
the use of LEGACY_CACHELEVEL.
One consequence of this change is that gen8_pte_encode is no longer working
for gen12 platforms due to the fact that gen12 platforms has different PAT
definitions. In the meantime the mtl_pte_encode introduced specfically for
MTL becomes generic for all gen12 platforms. This patch renames the MTL
PTE encode function into gen12_pte_encode and apply it to all gen12. Even
though this change looks unrelated, but separating them would temporarily
break gen12 PTE encoding, thus squash them in one patch.
Special note: this patch changes the way caching behavior is controlled in
the sense that some objects are left to be managed by userspace. For such
objects we need to be careful not to change the userspace settings.There
are kerneldoc and comments added around obj->cache_coherent, cache_dirty,
and how to bypass the checkings by i915_gem_object_has_cache_level. For
full understanding, these changes need to be looked at together with the
two follow-up patches, one disables the {set|get}_caching ioctl's and the
other adds set_pat extension to the GEM_CREATE uAPI.
Bspec: 63019
Cc: Chris Wilson <chris.p.wilson@linux.intel.com>
Signed-off-by: Fei Yang <fei.yang@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Reviewed-by: Matt Roper <matthew.d.roper@intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230509165200.1740-3-fei.yang@intel.com
2023-05-09 09:52:00 -07:00
|
|
|
/*
|
|
|
|
|
* For objects created by userspace through GEM_CREATE with pat_index
|
|
|
|
|
* set by set_pat extension, coherency is managed by userspace, make
|
|
|
|
|
* sure we don't fail handling the vm fault by calling
|
|
|
|
|
* i915_gem_object_has_cache_level() which always return true for such
|
|
|
|
|
* objects. Otherwise this helper function would fall back to checking
|
|
|
|
|
* whether the object is un-cached.
|
|
|
|
|
*/
|
|
|
|
|
if (!(i915_gem_object_has_cache_level(obj, I915_CACHE_NONE) ||
|
|
|
|
|
HAS_LLC(i915))) {
|
drm/i915: Pull i915_vma_pin under the vm->mutex
Replace the struct_mutex requirement for pinning the i915_vma with the
local vm->mutex instead. Note that the vm->mutex is tainted by the
shrinker (we require unbinding from inside fs-reclaim) and so we cannot
allocate while holding that mutex. Instead we have to preallocate
workers to do allocate and apply the PTE updates after we have we
reserved their slot in the drm_mm (using fences to order the PTE writes
with the GPU work and with later unbind).
In adding the asynchronous vma binding, one subtle requirement is to
avoid coupling the binding fence into the backing object->resv. That is
the asynchronous binding only applies to the vma timeline itself and not
to the pages as that is a more global timeline (the binding of one vma
does not need to be ordered with another vma, nor does the implicit GEM
fencing depend on a vma, only on writes to the backing store). Keeping
the vma binding distinct from the backing store timelines is verified by
a number of async gem_exec_fence and gem_exec_schedule tests. The way we
do this is quite simple, we keep the fence for the vma binding separate
and only wait on it as required, and never add it to the obj->resv
itself.
Another consequence in reducing the locking around the vma is the
destruction of the vma is no longer globally serialised by struct_mutex.
A natural solution would be to add a kref to i915_vma, but that requires
decoupling the reference cycles, possibly by introducing a new
i915_mm_pages object that is own by both obj->mm and vma->pages.
However, we have not taken that route due to the overshadowing lmem/ttm
discussions, and instead play a series of complicated games with
trylocks to (hopefully) ensure that only one destruction path is called!
v2: Add some commentary, and some helpers to reduce patch churn.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191004134015.13204-4-chris@chris-wilson.co.uk
2019-10-04 14:39:58 +01:00
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto err_unpin;
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = i915_vma_pin_fence(vma);
|
|
|
|
|
if (ret)
|
|
|
|
|
goto err_unpin;
|
|
|
|
|
|
2024-08-07 11:45:53 +01:00
|
|
|
/*
|
|
|
|
|
* Dump all the necessary parameters in this function to perform the
|
|
|
|
|
* arithmetic calculation for the virtual address start and end and
|
|
|
|
|
* the PFN (Page Frame Number).
|
|
|
|
|
*/
|
|
|
|
|
set_address_limits(area, vma, obj_offset, ggtt->gmadr.start,
|
|
|
|
|
&start, &end, &pfn);
|
2024-08-02 10:38:50 +02:00
|
|
|
|
2019-05-28 10:29:47 +01:00
|
|
|
/* Finally, remap it using the new GTT offset */
|
2024-08-02 10:38:50 +02:00
|
|
|
ret = remap_io_mapping(area, start, pfn, end - start, &ggtt->iomap);
|
2019-05-28 10:29:47 +01:00
|
|
|
if (ret)
|
|
|
|
|
goto err_fence;
|
|
|
|
|
|
2019-06-13 16:21:54 -07:00
|
|
|
assert_rpm_wakelock_held(rpm);
|
2019-08-22 07:09:13 +01:00
|
|
|
|
|
|
|
|
/* Mark as being mmapped into userspace for later revocation */
|
2021-12-19 23:24:57 +02:00
|
|
|
mutex_lock(&to_gt(i915)->ggtt->vm.mutex);
|
2019-05-28 10:29:47 +01:00
|
|
|
if (!i915_vma_set_userfault(vma) && !obj->userfault_count++)
|
2021-12-19 23:24:57 +02:00
|
|
|
list_add(&obj->userfault_link, &to_gt(i915)->ggtt->userfault_list);
|
|
|
|
|
mutex_unlock(&to_gt(i915)->ggtt->vm.mutex);
|
2019-08-22 07:09:13 +01:00
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
/* Track the mmo associated with the fenced vma */
|
|
|
|
|
vma->mmo = mmo;
|
|
|
|
|
|
2021-10-05 10:17:28 -07:00
|
|
|
if (CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND)
|
2022-10-27 14:52:41 +05:30
|
|
|
intel_wakeref_auto(&i915->runtime_pm.userfault_wakeref,
|
2019-05-28 10:29:47 +01:00
|
|
|
msecs_to_jiffies_timeout(CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND));
|
|
|
|
|
|
2019-09-20 13:18:21 +01:00
|
|
|
if (write) {
|
|
|
|
|
GEM_BUG_ON(!i915_gem_object_has_pinned_pages(obj));
|
|
|
|
|
i915_vma_set_ggtt_write(vma);
|
|
|
|
|
obj->mm.dirty = true;
|
|
|
|
|
}
|
2019-05-28 10:29:47 +01:00
|
|
|
|
|
|
|
|
err_fence:
|
|
|
|
|
i915_vma_unpin_fence(vma);
|
|
|
|
|
err_unpin:
|
|
|
|
|
__i915_vma_unpin(vma);
|
|
|
|
|
err_reset:
|
2019-07-12 20:29:53 +01:00
|
|
|
intel_gt_reset_unlock(ggtt->vm.gt, srcu);
|
2020-08-19 16:09:02 +02:00
|
|
|
err_pages:
|
|
|
|
|
i915_gem_object_unpin_pages(obj);
|
2019-05-28 10:29:47 +01:00
|
|
|
err_rpm:
|
2020-08-19 16:09:02 +02:00
|
|
|
if (ret == -EDEADLK) {
|
|
|
|
|
ret = i915_gem_ww_ctx_backoff(&ww);
|
|
|
|
|
if (!ret)
|
|
|
|
|
goto retry;
|
|
|
|
|
}
|
|
|
|
|
i915_gem_ww_ctx_fini(&ww);
|
2019-06-13 16:21:54 -07:00
|
|
|
intel_runtime_pm_put(rpm, wakeref);
|
2019-12-04 12:00:32 +00:00
|
|
|
return i915_error_to_vmf_fault(ret);
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
2020-05-01 15:51:20 +01:00
|
|
|
static int
|
|
|
|
|
vm_access(struct vm_area_struct *area, unsigned long addr,
|
|
|
|
|
void *buf, int len, int write)
|
|
|
|
|
{
|
|
|
|
|
struct i915_mmap_offset *mmo = area->vm_private_data;
|
|
|
|
|
struct drm_i915_gem_object *obj = mmo->obj;
|
2021-03-23 16:50:23 +01:00
|
|
|
struct i915_gem_ww_ctx ww;
|
2020-05-01 15:51:20 +01:00
|
|
|
void *vaddr;
|
2021-03-23 16:50:23 +01:00
|
|
|
int err = 0;
|
2020-05-01 15:51:20 +01:00
|
|
|
|
|
|
|
|
if (i915_gem_object_is_readonly(obj) && write)
|
|
|
|
|
return -EACCES;
|
|
|
|
|
|
|
|
|
|
addr -= area->vm_start;
|
2022-03-03 11:34:28 +05:30
|
|
|
if (range_overflows_t(u64, addr, len, obj->base.size))
|
2020-05-01 15:51:20 +01:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2021-03-23 16:50:23 +01:00
|
|
|
i915_gem_ww_ctx_init(&ww, true);
|
|
|
|
|
retry:
|
|
|
|
|
err = i915_gem_object_lock(obj, &ww);
|
|
|
|
|
if (err)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2020-05-01 15:51:20 +01:00
|
|
|
/* As this is primarily for debugging, let's focus on simplicity */
|
|
|
|
|
vaddr = i915_gem_object_pin_map(obj, I915_MAP_FORCE_WC);
|
2021-03-23 16:50:23 +01:00
|
|
|
if (IS_ERR(vaddr)) {
|
|
|
|
|
err = PTR_ERR(vaddr);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2020-05-01 15:51:20 +01:00
|
|
|
|
|
|
|
|
if (write) {
|
|
|
|
|
memcpy(vaddr + addr, buf, len);
|
|
|
|
|
__i915_gem_object_flush_map(obj, addr, len);
|
|
|
|
|
} else {
|
|
|
|
|
memcpy(buf, vaddr + addr, len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i915_gem_object_unpin_map(obj);
|
2021-03-23 16:50:23 +01:00
|
|
|
out:
|
|
|
|
|
if (err == -EDEADLK) {
|
|
|
|
|
err = i915_gem_ww_ctx_backoff(&ww);
|
|
|
|
|
if (!err)
|
|
|
|
|
goto retry;
|
|
|
|
|
}
|
|
|
|
|
i915_gem_ww_ctx_fini(&ww);
|
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2020-05-01 15:51:20 +01:00
|
|
|
|
|
|
|
|
return len;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
void __i915_gem_object_release_mmap_gtt(struct drm_i915_gem_object *obj)
|
2019-05-28 10:29:47 +01:00
|
|
|
{
|
|
|
|
|
struct i915_vma *vma;
|
|
|
|
|
|
|
|
|
|
GEM_BUG_ON(!obj->userfault_count);
|
|
|
|
|
|
|
|
|
|
for_each_ggtt_vma(vma, obj)
|
2019-12-04 12:00:32 +00:00
|
|
|
i915_vma_revoke_mmap(vma);
|
|
|
|
|
|
|
|
|
|
GEM_BUG_ON(obj->userfault_count);
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
/*
|
2019-05-28 10:29:47 +01:00
|
|
|
* It is vital that we remove the page mapping if we have mapped a tiled
|
|
|
|
|
* object through the GTT and then lose the fence register due to
|
|
|
|
|
* resource pressure. Similarly if the object has been moved out of the
|
|
|
|
|
* aperture, than pages mapped into userspace must be revoked. Removing the
|
|
|
|
|
* mapping will then trigger a page fault on the next user access, allowing
|
2019-12-04 12:00:32 +00:00
|
|
|
* fixup by vm_fault_gtt().
|
2019-05-28 10:29:47 +01:00
|
|
|
*/
|
2020-07-02 17:36:22 +01:00
|
|
|
void i915_gem_object_release_mmap_gtt(struct drm_i915_gem_object *obj)
|
2019-05-28 10:29:47 +01:00
|
|
|
{
|
|
|
|
|
struct drm_i915_private *i915 = to_i915(obj->base.dev);
|
|
|
|
|
intel_wakeref_t wakeref;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
/*
|
|
|
|
|
* Serialisation between user GTT access and our code depends upon
|
2019-05-28 10:29:47 +01:00
|
|
|
* revoking the CPU's PTE whilst the mutex is held. The next user
|
|
|
|
|
* pagefault then has to wait until we release the mutex.
|
|
|
|
|
*
|
|
|
|
|
* Note that RPM complicates somewhat by adding an additional
|
|
|
|
|
* requirement that operations to the GGTT be made holding the RPM
|
|
|
|
|
* wakeref.
|
|
|
|
|
*/
|
2019-06-13 16:21:54 -07:00
|
|
|
wakeref = intel_runtime_pm_get(&i915->runtime_pm);
|
2021-12-19 23:24:57 +02:00
|
|
|
mutex_lock(&to_gt(i915)->ggtt->vm.mutex);
|
2019-05-28 10:29:47 +01:00
|
|
|
|
|
|
|
|
if (!obj->userfault_count)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
__i915_gem_object_release_mmap_gtt(obj);
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
/*
|
|
|
|
|
* Ensure that the CPU's PTE are revoked and there are not outstanding
|
2019-05-28 10:29:47 +01:00
|
|
|
* memory transactions from userspace before we return. The TLB
|
|
|
|
|
* flushing implied above by changing the PTE above *should* be
|
|
|
|
|
* sufficient, an extra barrier here just provides us with a bit
|
|
|
|
|
* of paranoid documentation about our requirement to serialise
|
|
|
|
|
* memory writes before touching registers / GSM.
|
|
|
|
|
*/
|
|
|
|
|
wmb();
|
|
|
|
|
|
|
|
|
|
out:
|
2021-12-19 23:24:57 +02:00
|
|
|
mutex_unlock(&to_gt(i915)->ggtt->vm.mutex);
|
2019-06-13 16:21:54 -07:00
|
|
|
intel_runtime_pm_put(&i915->runtime_pm, wakeref);
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
2022-09-13 20:57:14 +05:30
|
|
|
void i915_gem_object_runtime_pm_release_mmap_offset(struct drm_i915_gem_object *obj)
|
|
|
|
|
{
|
|
|
|
|
struct ttm_buffer_object *bo = i915_gem_to_ttm(obj);
|
|
|
|
|
struct ttm_device *bdev = bo->bdev;
|
|
|
|
|
|
|
|
|
|
drm_vma_node_unmap(&bo->base.vma_node, bdev->dev_mapping);
|
|
|
|
|
|
2022-10-27 14:52:42 +05:30
|
|
|
/*
|
|
|
|
|
* We have exclusive access here via runtime suspend. All other callers
|
|
|
|
|
* must first grab the rpm wakeref.
|
|
|
|
|
*/
|
|
|
|
|
GEM_BUG_ON(!obj->userfault_count);
|
|
|
|
|
list_del(&obj->userfault_link);
|
|
|
|
|
obj->userfault_count = 0;
|
2022-09-13 20:57:14 +05:30
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
void i915_gem_object_release_mmap_offset(struct drm_i915_gem_object *obj)
|
|
|
|
|
{
|
2020-01-20 10:49:22 +00:00
|
|
|
struct i915_mmap_offset *mmo, *mn;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2022-01-06 17:49:09 +00:00
|
|
|
if (obj->ops->unmap_virtual)
|
|
|
|
|
obj->ops->unmap_virtual(obj);
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
spin_lock(&obj->mmo.lock);
|
2020-01-20 10:49:22 +00:00
|
|
|
rbtree_postorder_for_each_entry_safe(mmo, mn,
|
|
|
|
|
&obj->mmo.offsets, offset) {
|
2019-12-04 12:00:32 +00:00
|
|
|
/*
|
|
|
|
|
* vma_node_unmap for GTT mmaps handled already in
|
|
|
|
|
* __i915_gem_object_release_mmap_gtt
|
|
|
|
|
*/
|
|
|
|
|
if (mmo->mmap_type == I915_MMAP_TYPE_GTT)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
spin_unlock(&obj->mmo.lock);
|
|
|
|
|
drm_vma_node_unmap(&mmo->vma_node,
|
|
|
|
|
obj->base.dev->anon_inode->i_mapping);
|
|
|
|
|
spin_lock(&obj->mmo.lock);
|
|
|
|
|
}
|
|
|
|
|
spin_unlock(&obj->mmo.lock);
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-20 10:49:22 +00:00
|
|
|
static struct i915_mmap_offset *
|
|
|
|
|
lookup_mmo(struct drm_i915_gem_object *obj,
|
|
|
|
|
enum i915_mmap_type mmap_type)
|
|
|
|
|
{
|
|
|
|
|
struct rb_node *rb;
|
|
|
|
|
|
|
|
|
|
spin_lock(&obj->mmo.lock);
|
|
|
|
|
rb = obj->mmo.offsets.rb_node;
|
|
|
|
|
while (rb) {
|
|
|
|
|
struct i915_mmap_offset *mmo =
|
|
|
|
|
rb_entry(rb, typeof(*mmo), offset);
|
|
|
|
|
|
|
|
|
|
if (mmo->mmap_type == mmap_type) {
|
|
|
|
|
spin_unlock(&obj->mmo.lock);
|
|
|
|
|
return mmo;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mmo->mmap_type < mmap_type)
|
|
|
|
|
rb = rb->rb_right;
|
|
|
|
|
else
|
|
|
|
|
rb = rb->rb_left;
|
|
|
|
|
}
|
|
|
|
|
spin_unlock(&obj->mmo.lock);
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct i915_mmap_offset *
|
|
|
|
|
insert_mmo(struct drm_i915_gem_object *obj, struct i915_mmap_offset *mmo)
|
|
|
|
|
{
|
|
|
|
|
struct rb_node *rb, **p;
|
|
|
|
|
|
|
|
|
|
spin_lock(&obj->mmo.lock);
|
|
|
|
|
rb = NULL;
|
|
|
|
|
p = &obj->mmo.offsets.rb_node;
|
|
|
|
|
while (*p) {
|
|
|
|
|
struct i915_mmap_offset *pos;
|
|
|
|
|
|
|
|
|
|
rb = *p;
|
|
|
|
|
pos = rb_entry(rb, typeof(*pos), offset);
|
|
|
|
|
|
|
|
|
|
if (pos->mmap_type == mmo->mmap_type) {
|
|
|
|
|
spin_unlock(&obj->mmo.lock);
|
|
|
|
|
drm_vma_offset_remove(obj->base.dev->vma_offset_manager,
|
|
|
|
|
&mmo->vma_node);
|
|
|
|
|
kfree(mmo);
|
|
|
|
|
return pos;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pos->mmap_type < mmo->mmap_type)
|
|
|
|
|
p = &rb->rb_right;
|
|
|
|
|
else
|
|
|
|
|
p = &rb->rb_left;
|
|
|
|
|
}
|
|
|
|
|
rb_link_node(&mmo->offset, rb, p);
|
|
|
|
|
rb_insert_color(&mmo->offset, &obj->mmo.offsets);
|
|
|
|
|
spin_unlock(&obj->mmo.lock);
|
|
|
|
|
|
|
|
|
|
return mmo;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
static struct i915_mmap_offset *
|
|
|
|
|
mmap_offset_attach(struct drm_i915_gem_object *obj,
|
|
|
|
|
enum i915_mmap_type mmap_type,
|
|
|
|
|
struct drm_file *file)
|
2019-05-28 10:29:47 +01:00
|
|
|
{
|
|
|
|
|
struct drm_i915_private *i915 = to_i915(obj->base.dev);
|
2019-12-04 12:00:32 +00:00
|
|
|
struct i915_mmap_offset *mmo;
|
2019-05-28 10:29:47 +01:00
|
|
|
int err;
|
|
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
GEM_BUG_ON(obj->ops->mmap_offset || obj->ops->mmap_ops);
|
|
|
|
|
|
2020-01-20 10:49:22 +00:00
|
|
|
mmo = lookup_mmo(obj, mmap_type);
|
|
|
|
|
if (mmo)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
mmo = kmalloc(sizeof(*mmo), GFP_KERNEL);
|
|
|
|
|
if (!mmo)
|
|
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
|
|
|
|
|
|
mmo->obj = obj;
|
|
|
|
|
mmo->mmap_type = mmap_type;
|
|
|
|
|
drm_vma_node_reset(&mmo->vma_node);
|
|
|
|
|
|
2020-01-20 10:49:22 +00:00
|
|
|
err = drm_vma_offset_add(obj->base.dev->vma_offset_manager,
|
|
|
|
|
&mmo->vma_node, obj->base.size / PAGE_SIZE);
|
2019-05-28 10:29:47 +01:00
|
|
|
if (likely(!err))
|
2020-01-20 10:49:22 +00:00
|
|
|
goto insert;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
|
|
|
|
/* Attempt to reap some mmap space from dead objects */
|
2021-12-14 21:33:35 +02:00
|
|
|
err = intel_gt_retire_requests_timeout(to_gt(i915), MAX_SCHEDULE_TIMEOUT,
|
2021-07-21 14:50:58 -07:00
|
|
|
NULL);
|
2019-10-04 14:40:05 +01:00
|
|
|
if (err)
|
2019-12-04 12:00:32 +00:00
|
|
|
goto err;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2019-10-04 14:40:05 +01:00
|
|
|
i915_gem_drain_freed_objects(i915);
|
2020-01-20 10:49:22 +00:00
|
|
|
err = drm_vma_offset_add(obj->base.dev->vma_offset_manager,
|
|
|
|
|
&mmo->vma_node, obj->base.size / PAGE_SIZE);
|
2019-12-04 12:00:32 +00:00
|
|
|
if (err)
|
|
|
|
|
goto err;
|
|
|
|
|
|
2020-01-20 10:49:22 +00:00
|
|
|
insert:
|
|
|
|
|
mmo = insert_mmo(obj, mmo);
|
|
|
|
|
GEM_BUG_ON(lookup_mmo(obj, mmap_type) != mmo);
|
2019-12-04 12:00:32 +00:00
|
|
|
out:
|
|
|
|
|
if (file)
|
2023-01-17 18:52:36 +01:00
|
|
|
drm_vma_node_allow_once(&mmo->vma_node, file);
|
2019-12-04 12:00:32 +00:00
|
|
|
return mmo;
|
|
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
kfree(mmo);
|
|
|
|
|
return ERR_PTR(err);
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
static int
|
2021-06-10 09:01:52 +02:00
|
|
|
__assign_mmap_offset(struct drm_i915_gem_object *obj,
|
2019-12-04 12:00:32 +00:00
|
|
|
enum i915_mmap_type mmap_type,
|
2021-06-10 09:01:52 +02:00
|
|
|
u64 *offset, struct drm_file *file)
|
2019-05-28 10:29:47 +01:00
|
|
|
{
|
2019-12-04 12:00:32 +00:00
|
|
|
struct i915_mmap_offset *mmo;
|
2019-11-05 14:53:05 +00:00
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
if (i915_gem_object_never_mmap(obj))
|
|
|
|
|
return -ENODEV;
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
if (obj->ops->mmap_offset) {
|
2021-07-14 14:28:33 +02:00
|
|
|
if (mmap_type != I915_MMAP_TYPE_FIXED)
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
*offset = obj->ops->mmap_offset(obj);
|
|
|
|
|
return 0;
|
2019-09-28 09:25:46 +01:00
|
|
|
}
|
|
|
|
|
|
2021-07-14 14:28:33 +02:00
|
|
|
if (mmap_type == I915_MMAP_TYPE_FIXED)
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
if (mmap_type != I915_MMAP_TYPE_GTT &&
|
2021-03-23 16:49:56 +01:00
|
|
|
!i915_gem_object_has_struct_page(obj) &&
|
2021-06-24 10:42:38 +02:00
|
|
|
!i915_gem_object_has_iomem(obj))
|
2021-06-10 09:01:52 +02:00
|
|
|
return -ENODEV;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
|
|
|
|
mmo = mmap_offset_attach(obj, mmap_type, file);
|
2021-06-10 09:01:52 +02:00
|
|
|
if (IS_ERR(mmo))
|
|
|
|
|
return PTR_ERR(mmo);
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
*offset = drm_vma_node_offset_addr(&mmo->vma_node);
|
2021-06-10 09:01:52 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
__assign_mmap_offset_handle(struct drm_file *file,
|
|
|
|
|
u32 handle,
|
|
|
|
|
enum i915_mmap_type mmap_type,
|
|
|
|
|
u64 *offset)
|
|
|
|
|
{
|
|
|
|
|
struct drm_i915_gem_object *obj;
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
obj = i915_gem_object_lookup(file, handle);
|
|
|
|
|
if (!obj)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
2021-06-24 10:42:38 +02:00
|
|
|
err = i915_gem_object_lock_interruptible(obj, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
goto out_put;
|
2021-06-10 09:01:52 +02:00
|
|
|
err = __assign_mmap_offset(obj, mmap_type, offset, file);
|
2021-06-24 10:42:38 +02:00
|
|
|
i915_gem_object_unlock(obj);
|
|
|
|
|
out_put:
|
2019-05-28 10:29:47 +01:00
|
|
|
i915_gem_object_put(obj);
|
2019-12-04 12:00:32 +00:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
i915_gem_dumb_mmap_offset(struct drm_file *file,
|
|
|
|
|
struct drm_device *dev,
|
|
|
|
|
u32 handle,
|
|
|
|
|
u64 *offset)
|
|
|
|
|
{
|
2021-12-19 23:24:57 +02:00
|
|
|
struct drm_i915_private *i915 = to_i915(dev);
|
2019-12-04 12:00:32 +00:00
|
|
|
enum i915_mmap_type mmap_type;
|
|
|
|
|
|
2021-07-14 14:28:33 +02:00
|
|
|
if (HAS_LMEM(to_i915(dev)))
|
|
|
|
|
mmap_type = I915_MMAP_TYPE_FIXED;
|
2021-12-01 16:30:48 -08:00
|
|
|
else if (pat_enabled())
|
2019-12-04 12:00:32 +00:00
|
|
|
mmap_type = I915_MMAP_TYPE_WC;
|
2021-12-19 23:24:57 +02:00
|
|
|
else if (!i915_ggtt_has_aperture(to_gt(i915)->ggtt))
|
2019-12-04 12:00:32 +00:00
|
|
|
return -ENODEV;
|
|
|
|
|
else
|
|
|
|
|
mmap_type = I915_MMAP_TYPE_GTT;
|
|
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
return __assign_mmap_offset_handle(file, handle, mmap_type, offset);
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2019-12-04 12:00:32 +00:00
|
|
|
* i915_gem_mmap_offset_ioctl - prepare an object for GTT mmap'ing
|
2019-05-28 10:29:47 +01:00
|
|
|
* @dev: DRM device
|
|
|
|
|
* @data: GTT mapping ioctl data
|
|
|
|
|
* @file: GEM object info
|
|
|
|
|
*
|
|
|
|
|
* Simply returns the fake offset to userspace so it can mmap it.
|
|
|
|
|
* The mmap call will end up in drm_gem_mmap(), which will set things
|
|
|
|
|
* up so we can get faults in the handler above.
|
|
|
|
|
*
|
|
|
|
|
* The fault handler will take care of binding the object into the GTT
|
|
|
|
|
* (since it may have been evicted to make room for something), allocating
|
|
|
|
|
* a fence register, and mapping the appropriate aperture address into
|
|
|
|
|
* userspace.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2019-12-04 12:00:32 +00:00
|
|
|
i915_gem_mmap_offset_ioctl(struct drm_device *dev, void *data,
|
|
|
|
|
struct drm_file *file)
|
2019-05-28 10:29:47 +01:00
|
|
|
{
|
2019-12-04 12:00:32 +00:00
|
|
|
struct drm_i915_private *i915 = to_i915(dev);
|
|
|
|
|
struct drm_i915_gem_mmap_offset *args = data;
|
|
|
|
|
enum i915_mmap_type type;
|
2019-12-04 18:06:28 +00:00
|
|
|
int err;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2019-12-07 22:26:44 +00:00
|
|
|
/*
|
|
|
|
|
* Historically we failed to check args.pad and args.offset
|
|
|
|
|
* and so we cannot use those fields for user input and we cannot
|
|
|
|
|
* add -EINVAL for them as the ABI is fixed, i.e. old userspace
|
|
|
|
|
* may be feeding in garbage in those fields.
|
|
|
|
|
*
|
|
|
|
|
* if (args->pad) return -EINVAL; is verbotten!
|
|
|
|
|
*/
|
|
|
|
|
|
2019-12-04 18:06:28 +00:00
|
|
|
err = i915_user_extensions(u64_to_user_ptr(args->extensions),
|
|
|
|
|
NULL, 0, NULL);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
|
|
|
|
switch (args->flags) {
|
|
|
|
|
case I915_MMAP_OFFSET_GTT:
|
2021-12-19 23:24:57 +02:00
|
|
|
if (!i915_ggtt_has_aperture(to_gt(i915)->ggtt))
|
2019-12-04 12:00:32 +00:00
|
|
|
return -ENODEV;
|
|
|
|
|
type = I915_MMAP_TYPE_GTT;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case I915_MMAP_OFFSET_WC:
|
2021-12-01 16:30:48 -08:00
|
|
|
if (!pat_enabled())
|
2019-12-04 12:00:32 +00:00
|
|
|
return -ENODEV;
|
|
|
|
|
type = I915_MMAP_TYPE_WC;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case I915_MMAP_OFFSET_WB:
|
|
|
|
|
type = I915_MMAP_TYPE_WB;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case I915_MMAP_OFFSET_UC:
|
2021-12-01 16:30:48 -08:00
|
|
|
if (!pat_enabled())
|
2019-12-04 12:00:32 +00:00
|
|
|
return -ENODEV;
|
|
|
|
|
type = I915_MMAP_TYPE_UC;
|
|
|
|
|
break;
|
|
|
|
|
|
2021-07-14 14:28:33 +02:00
|
|
|
case I915_MMAP_OFFSET_FIXED:
|
|
|
|
|
type = I915_MMAP_TYPE_FIXED;
|
|
|
|
|
break;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
default:
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
2019-05-28 10:29:47 +01:00
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
return __assign_mmap_offset_handle(file, args->handle, type, &args->offset);
|
2019-12-04 12:00:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void vm_open(struct vm_area_struct *vma)
|
|
|
|
|
{
|
|
|
|
|
struct i915_mmap_offset *mmo = vma->vm_private_data;
|
|
|
|
|
struct drm_i915_gem_object *obj = mmo->obj;
|
|
|
|
|
|
|
|
|
|
GEM_BUG_ON(!obj);
|
|
|
|
|
i915_gem_object_get(obj);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void vm_close(struct vm_area_struct *vma)
|
|
|
|
|
{
|
|
|
|
|
struct i915_mmap_offset *mmo = vma->vm_private_data;
|
|
|
|
|
struct drm_i915_gem_object *obj = mmo->obj;
|
|
|
|
|
|
|
|
|
|
GEM_BUG_ON(!obj);
|
|
|
|
|
i915_gem_object_put(obj);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const struct vm_operations_struct vm_ops_gtt = {
|
|
|
|
|
.fault = vm_fault_gtt,
|
2020-05-01 15:51:20 +01:00
|
|
|
.access = vm_access,
|
2019-12-04 12:00:32 +00:00
|
|
|
.open = vm_open,
|
|
|
|
|
.close = vm_close,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const struct vm_operations_struct vm_ops_cpu = {
|
|
|
|
|
.fault = vm_fault_cpu,
|
2020-05-01 15:51:20 +01:00
|
|
|
.access = vm_access,
|
2019-12-04 12:00:32 +00:00
|
|
|
.open = vm_open,
|
|
|
|
|
.close = vm_close,
|
|
|
|
|
};
|
|
|
|
|
|
2020-01-01 14:10:07 +00:00
|
|
|
static int singleton_release(struct inode *inode, struct file *file)
|
|
|
|
|
{
|
|
|
|
|
struct drm_i915_private *i915 = file->private_data;
|
|
|
|
|
|
|
|
|
|
cmpxchg(&i915->gem.mmap_singleton, file, NULL);
|
|
|
|
|
drm_dev_put(&i915->drm);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const struct file_operations singleton_fops = {
|
|
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.release = singleton_release,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct file *mmap_singleton(struct drm_i915_private *i915)
|
|
|
|
|
{
|
|
|
|
|
struct file *file;
|
|
|
|
|
|
file, i915: fix file reference for mmap_singleton()
Today we got a report at [1] for rcu stalls on the i915 testsuite in [2]
due to the conversion of files to SLAB_TYPSSAFE_BY_RCU. Afaict,
get_file_rcu() goes into an infinite loop trying to carefully verify
that i915->gem.mmap_singleton hasn't changed - see the splat below.
So I stared at this code to figure out what it actually does. It seems
that the i915->gem.mmap_singleton pointer itself never had rcu semantics.
The i915->gem.mmap_singleton is replaced in
file->f_op->release::singleton_release():
static int singleton_release(struct inode *inode, struct file *file)
{
struct drm_i915_private *i915 = file->private_data;
cmpxchg(&i915->gem.mmap_singleton, file, NULL);
drm_dev_put(&i915->drm);
return 0;
}
The cmpxchg() is ordered against a concurrent update of
i915->gem.mmap_singleton from mmap_singleton(). IOW, when
mmap_singleton() fails to get a reference on i915->gem.mmap_singleton:
While mmap_singleton() does
rcu_read_lock();
file = get_file_rcu(&i915->gem.mmap_singleton);
rcu_read_unlock();
it allocates a new file via anon_inode_getfile() and does
smp_store_mb(i915->gem.mmap_singleton, file);
So, then what happens in the case of this bug is that at some point
fput() is called and drops the file->f_count to zero leaving the pointer
in i915->gem.mmap_singleton in tact.
Now, there might be delays until
file->f_op->release::singleton_release() is called and
i915->gem.mmap_singleton is set to NULL.
Say concurrently another task hits mmap_singleton() and does:
rcu_read_lock();
file = get_file_rcu(&i915->gem.mmap_singleton);
rcu_read_unlock();
When get_file_rcu() fails to get a reference via atomic_inc_not_zero()
it will try the reload from i915->gem.mmap_singleton expecting it to be
NULL, assuming it has comparable semantics as we expect in
__fget_files_rcu().
But it hasn't so it reloads the same pointer again, trying the same
atomic_inc_not_zero() again and doing so until
file->f_op->release::singleton_release() of the old file has been
called.
So, in contrast to __fget_files_rcu() here we want to not retry when
atomic_inc_not_zero() has failed. We only want to retry in case we
managed to get a reference but the pointer did change on reload.
<3> [511.395679] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3> [511.395716] rcu: Tasks blocked on level-1 rcu_node (CPUs 0-9): P6238
<3> [511.395934] rcu: (detected by 16, t=65002 jiffies, g=123977, q=439 ncpus=20)
<6> [511.395944] task:i915_selftest state:R running task stack:10568 pid:6238 tgid:6238 ppid:1001 flags:0x00004002
<6> [511.395962] Call Trace:
<6> [511.395966] <TASK>
<6> [511.395974] ? __schedule+0x3a8/0xd70
<6> [511.395995] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
<6> [511.396003] ? lockdep_hardirqs_on+0xc3/0x140
<6> [511.396013] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
<6> [511.396029] ? get_file_rcu+0x10/0x30
<6> [511.396039] ? get_file_rcu+0x10/0x30
<6> [511.396046] ? i915_gem_object_mmap+0xbc/0x450 [i915]
<6> [511.396509] ? i915_gem_mmap+0x272/0x480 [i915]
<6> [511.396903] ? mmap_region+0x253/0xb60
<6> [511.396925] ? do_mmap+0x334/0x5c0
<6> [511.396939] ? vm_mmap_pgoff+0x9f/0x1c0
<6> [511.396949] ? rcu_is_watching+0x11/0x50
<6> [511.396962] ? igt_mmap_offset+0xfc/0x110 [i915]
<6> [511.397376] ? __igt_mmap+0xb3/0x570 [i915]
<6> [511.397762] ? igt_mmap+0x11e/0x150 [i915]
<6> [511.398139] ? __trace_bprintk+0x76/0x90
<6> [511.398156] ? __i915_subtests+0xbf/0x240 [i915]
<6> [511.398586] ? __pfx___i915_live_setup+0x10/0x10 [i915]
<6> [511.399001] ? __pfx___i915_live_teardown+0x10/0x10 [i915]
<6> [511.399433] ? __run_selftests+0xbc/0x1a0 [i915]
<6> [511.399875] ? i915_live_selftests+0x4b/0x90 [i915]
<6> [511.400308] ? i915_pci_probe+0x106/0x200 [i915]
<6> [511.400692] ? pci_device_probe+0x95/0x120
<6> [511.400704] ? really_probe+0x164/0x3c0
<6> [511.400715] ? __pfx___driver_attach+0x10/0x10
<6> [511.400722] ? __driver_probe_device+0x73/0x160
<6> [511.400731] ? driver_probe_device+0x19/0xa0
<6> [511.400741] ? __driver_attach+0xb6/0x180
<6> [511.400749] ? __pfx___driver_attach+0x10/0x10
<6> [511.400756] ? bus_for_each_dev+0x77/0xd0
<6> [511.400770] ? bus_add_driver+0x114/0x210
<6> [511.400781] ? driver_register+0x5b/0x110
<6> [511.400791] ? i915_init+0x23/0xc0 [i915]
<6> [511.401153] ? __pfx_i915_init+0x10/0x10 [i915]
<6> [511.401503] ? do_one_initcall+0x57/0x270
<6> [511.401515] ? rcu_is_watching+0x11/0x50
<6> [511.401521] ? kmalloc_trace+0xa3/0xb0
<6> [511.401532] ? do_init_module+0x5f/0x210
<6> [511.401544] ? load_module+0x1d00/0x1f60
<6> [511.401581] ? init_module_from_file+0x86/0xd0
<6> [511.401590] ? init_module_from_file+0x86/0xd0
<6> [511.401613] ? idempotent_init_module+0x17c/0x230
<6> [511.401639] ? __x64_sys_finit_module+0x56/0xb0
<6> [511.401650] ? do_syscall_64+0x3c/0x90
<6> [511.401659] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8
<6> [511.401684] </TASK>
Link: [1]: https://lore.kernel.org/intel-gfx/SJ1PR11MB6129CB39EED831784C331BAFB9DEA@SJ1PR11MB6129.namprd11.prod.outlook.com
Link: [2]: https://intel-gfx-ci.01.org/tree/linux-next/next-20231013/bat-dg2-11/igt@i915_selftest@live@mman.html#dmesg-warnings10963
Cc: Jann Horn <jannh@google.com>,
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/20231025-formfrage-watscheln-84526cd3bd7d@brauner
Signed-off-by: Christian Brauner <brauner@kernel.org>
2023-10-25 12:14:37 +02:00
|
|
|
file = get_file_active(&i915->gem.mmap_singleton);
|
2020-01-01 14:10:07 +00:00
|
|
|
if (file)
|
|
|
|
|
return file;
|
|
|
|
|
|
|
|
|
|
file = anon_inode_getfile("i915.gem", &singleton_fops, i915, O_RDWR);
|
|
|
|
|
if (IS_ERR(file))
|
|
|
|
|
return file;
|
|
|
|
|
|
|
|
|
|
/* Everyone shares a single global address space */
|
|
|
|
|
file->f_mapping = i915->drm.anon_inode->i_mapping;
|
|
|
|
|
|
|
|
|
|
smp_store_mb(i915->gem.mmap_singleton, file);
|
|
|
|
|
drm_dev_get(&i915->drm);
|
|
|
|
|
|
|
|
|
|
return file;
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-04 16:30:58 +02:00
|
|
|
static int
|
|
|
|
|
i915_gem_object_mmap(struct drm_i915_gem_object *obj,
|
|
|
|
|
struct i915_mmap_offset *mmo,
|
|
|
|
|
struct vm_area_struct *vma)
|
2019-12-04 12:00:32 +00:00
|
|
|
{
|
2023-04-04 16:30:58 +02:00
|
|
|
struct drm_i915_private *i915 = to_i915(obj->base.dev);
|
|
|
|
|
struct drm_device *dev = &i915->drm;
|
2020-01-01 14:10:07 +00:00
|
|
|
struct file *anon;
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2020-01-30 14:39:31 +00:00
|
|
|
if (i915_gem_object_is_readonly(obj)) {
|
2019-12-04 12:00:32 +00:00
|
|
|
if (vma->vm_flags & VM_WRITE) {
|
2020-01-30 14:39:31 +00:00
|
|
|
i915_gem_object_put(obj);
|
2019-12-04 12:00:32 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
2023-01-26 11:37:49 -08:00
|
|
|
vm_flags_clear(vma, VM_MAYWRITE);
|
2019-12-04 12:00:32 +00:00
|
|
|
}
|
|
|
|
|
|
2020-01-30 14:39:31 +00:00
|
|
|
anon = mmap_singleton(to_i915(dev));
|
2020-01-01 14:10:07 +00:00
|
|
|
if (IS_ERR(anon)) {
|
2020-01-30 14:39:31 +00:00
|
|
|
i915_gem_object_put(obj);
|
2020-01-01 14:10:07 +00:00
|
|
|
return PTR_ERR(anon);
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-26 11:37:49 -08:00
|
|
|
vm_flags_set(vma, VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP | VM_IO);
|
2019-12-04 12:00:32 +00:00
|
|
|
|
2020-01-01 14:10:07 +00:00
|
|
|
/*
|
|
|
|
|
* We keep the ref on mmo->obj, not vm_file, but we require
|
|
|
|
|
* vma->vm_file->f_mapping, see vma_link(), for later revocation.
|
|
|
|
|
* Our userspace is accustomed to having per-file resource cleanup
|
|
|
|
|
* (i.e. contexts, objects and requests) on their close(fd), which
|
|
|
|
|
* requires avoiding extraneous references to their filp, hence why
|
|
|
|
|
* we prefer to use an anonymous file for their mmaps.
|
|
|
|
|
*/
|
2020-09-14 15:09:33 +02:00
|
|
|
vma_set_file(vma, anon);
|
|
|
|
|
/* Drop the initial creation reference, the vma is now holding one. */
|
|
|
|
|
fput(anon);
|
2020-01-01 14:10:07 +00:00
|
|
|
|
2021-06-10 09:01:52 +02:00
|
|
|
if (obj->ops->mmap_ops) {
|
|
|
|
|
vma->vm_page_prot = pgprot_decrypted(vm_get_page_prot(vma->vm_flags));
|
|
|
|
|
vma->vm_ops = obj->ops->mmap_ops;
|
2023-04-04 16:30:58 +02:00
|
|
|
vma->vm_private_data = obj->base.vma_node.driver_private;
|
2021-06-10 09:01:52 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
vma->vm_private_data = mmo;
|
|
|
|
|
|
2019-12-04 12:00:32 +00:00
|
|
|
switch (mmo->mmap_type) {
|
|
|
|
|
case I915_MMAP_TYPE_WC:
|
|
|
|
|
vma->vm_page_prot =
|
|
|
|
|
pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
|
|
|
|
|
vma->vm_ops = &vm_ops_cpu;
|
|
|
|
|
break;
|
|
|
|
|
|
2021-07-14 14:28:33 +02:00
|
|
|
case I915_MMAP_TYPE_FIXED:
|
|
|
|
|
GEM_WARN_ON(1);
|
|
|
|
|
fallthrough;
|
2019-12-04 12:00:32 +00:00
|
|
|
case I915_MMAP_TYPE_WB:
|
|
|
|
|
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
|
|
|
|
|
vma->vm_ops = &vm_ops_cpu;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case I915_MMAP_TYPE_UC:
|
|
|
|
|
vma->vm_page_prot =
|
|
|
|
|
pgprot_noncached(vm_get_page_prot(vma->vm_flags));
|
|
|
|
|
vma->vm_ops = &vm_ops_cpu;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case I915_MMAP_TYPE_GTT:
|
|
|
|
|
vma->vm_page_prot =
|
|
|
|
|
pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
|
|
|
|
|
vma->vm_ops = &vm_ops_gtt;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot);
|
|
|
|
|
|
|
|
|
|
return 0;
|
2019-05-28 10:29:47 +01:00
|
|
|
}
|
|
|
|
|
|
2023-04-04 16:30:58 +02:00
|
|
|
/*
|
|
|
|
|
* This overcomes the limitation in drm_gem_mmap's assignment of a
|
|
|
|
|
* drm_gem_object as the vma->vm_private_data. Since we need to
|
|
|
|
|
* be able to resolve multiple mmap offsets which could be tied
|
|
|
|
|
* to a single gem object.
|
|
|
|
|
*/
|
|
|
|
|
int i915_gem_mmap(struct file *filp, struct vm_area_struct *vma)
|
|
|
|
|
{
|
|
|
|
|
struct drm_vma_offset_node *node;
|
|
|
|
|
struct drm_file *priv = filp->private_data;
|
|
|
|
|
struct drm_device *dev = priv->minor->dev;
|
|
|
|
|
struct drm_i915_gem_object *obj = NULL;
|
|
|
|
|
struct i915_mmap_offset *mmo = NULL;
|
|
|
|
|
|
|
|
|
|
if (drm_dev_is_unplugged(dev))
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
|
drm_vma_offset_lock_lookup(dev->vma_offset_manager);
|
2024-08-07 11:05:20 +01:00
|
|
|
node = drm_vma_offset_lookup_locked(dev->vma_offset_manager,
|
|
|
|
|
vma->vm_pgoff,
|
|
|
|
|
vma_pages(vma));
|
2023-04-04 16:30:58 +02:00
|
|
|
if (node && drm_vma_node_is_allowed(node, priv)) {
|
|
|
|
|
/*
|
|
|
|
|
* Skip 0-refcnted objects as it is in the process of being
|
|
|
|
|
* destroyed and will be invalid when the vma manager lock
|
|
|
|
|
* is released.
|
|
|
|
|
*/
|
|
|
|
|
if (!node->driver_private) {
|
|
|
|
|
mmo = container_of(node, struct i915_mmap_offset, vma_node);
|
|
|
|
|
obj = i915_gem_object_get_rcu(mmo->obj);
|
|
|
|
|
|
|
|
|
|
GEM_BUG_ON(obj && obj->ops->mmap_ops);
|
|
|
|
|
} else {
|
|
|
|
|
obj = i915_gem_object_get_rcu
|
|
|
|
|
(container_of(node, struct drm_i915_gem_object,
|
|
|
|
|
base.vma_node));
|
|
|
|
|
|
|
|
|
|
GEM_BUG_ON(obj && !obj->ops->mmap_ops);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
drm_vma_offset_unlock_lookup(dev->vma_offset_manager);
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
if (!obj)
|
|
|
|
|
return node ? -EACCES : -EINVAL;
|
|
|
|
|
|
|
|
|
|
return i915_gem_object_mmap(obj, mmo, vma);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int i915_gem_fb_mmap(struct drm_i915_gem_object *obj, struct vm_area_struct *vma)
|
|
|
|
|
{
|
|
|
|
|
struct drm_i915_private *i915 = to_i915(obj->base.dev);
|
|
|
|
|
struct drm_device *dev = &i915->drm;
|
|
|
|
|
struct i915_mmap_offset *mmo = NULL;
|
|
|
|
|
enum i915_mmap_type mmap_type;
|
|
|
|
|
struct i915_ggtt *ggtt = to_gt(i915)->ggtt;
|
|
|
|
|
|
|
|
|
|
if (drm_dev_is_unplugged(dev))
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
|
|
|
|
/* handle ttm object */
|
|
|
|
|
if (obj->ops->mmap_ops) {
|
|
|
|
|
/*
|
|
|
|
|
* ttm fault handler, ttm_bo_vm_fault_reserved() uses fake offset
|
|
|
|
|
* to calculate page offset so set that up.
|
|
|
|
|
*/
|
|
|
|
|
vma->vm_pgoff += drm_vma_node_start(&obj->base.vma_node);
|
|
|
|
|
} else {
|
|
|
|
|
/* handle stolen and smem objects */
|
|
|
|
|
mmap_type = i915_ggtt_has_aperture(ggtt) ? I915_MMAP_TYPE_GTT : I915_MMAP_TYPE_WC;
|
|
|
|
|
mmo = mmap_offset_attach(obj, mmap_type, NULL);
|
2023-06-06 11:23:56 +03:00
|
|
|
if (IS_ERR(mmo))
|
|
|
|
|
return PTR_ERR(mmo);
|
2024-08-02 10:38:49 +02:00
|
|
|
|
|
|
|
|
vma->vm_pgoff += drm_vma_node_start(&mmo->vma_node);
|
2023-04-04 16:30:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When we install vm_ops for mmap we are too late for
|
|
|
|
|
* the vm_ops->open() which increases the ref_count of
|
|
|
|
|
* this obj and then it gets decreased by the vm_ops->close().
|
|
|
|
|
* To balance this increase the obj ref_count here.
|
|
|
|
|
*/
|
|
|
|
|
obj = i915_gem_object_get(obj);
|
|
|
|
|
return i915_gem_object_mmap(obj, mmo, vma);
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-28 10:29:47 +01:00
|
|
|
#if IS_ENABLED(CONFIG_DRM_I915_SELFTEST)
|
|
|
|
|
#include "selftests/i915_gem_mman.c"
|
|
|
|
|
#endif
|