Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 033db782 authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "msm: kgsl: Protect the memdesc->gpuaddr in SVM use cases"

parents e1d4b5cd 286b115b

drivers/gpu/msm/kgsl.c

+62 −31
Original line number Diff line number Diff line 
/* Copyright (c) 2008-2020, The Linux Foundation. All rights reserved.

/* Copyright (c) 2008-2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -265,6 +265,7 @@ kgsl_mem_entry_create(void) 
		kref_get(&entry->refcount);

	}



	atomic_set(&entry->map_count, 0);

	return entry;

}

#ifdef CONFIG_DMA_SHARED_BUFFER
@@ -459,9 +460,6 @@ static void kgsl_mem_entry_detach_process(struct kgsl_mem_entry *entry) 
	type = kgsl_memdesc_usermem_type(&entry->memdesc);

	entry->priv->stats[type].cur -= entry->memdesc.size;



	if (type != KGSL_MEM_ENTRY_ION)

		entry->priv->gpumem_mapped -= entry->memdesc.mapsize;



	spin_unlock(&entry->priv->mem_lock);



	kgsl_mmu_put_gpuaddr(&entry->memdesc);
@@ -2136,7 +2134,7 @@ static int check_vma(unsigned long hostptr, u64 size) 
	return true;

}



static int memdesc_sg_virt(struct kgsl_memdesc *memdesc)

static int memdesc_sg_virt(struct kgsl_memdesc *memdesc, unsigned long useraddr)

{

	int ret = 0;

	long npages = 0, i;
@@ -2159,13 +2157,13 @@ static int memdesc_sg_virt(struct kgsl_memdesc *memdesc) 
	}



	down_read(&current->mm->mmap_sem);

	if (!check_vma(memdesc->useraddr, memdesc->size)) {

	if (!check_vma(useraddr, memdesc->size)) {

		up_read(&current->mm->mmap_sem);

		ret = -EFAULT;

		goto out;

	}



	npages = get_user_pages(memdesc->useraddr, sglen, write, pages, NULL);

	npages = get_user_pages(useraddr, sglen, write, pages, NULL);

	up_read(&current->mm->mmap_sem);



	ret = (npages < 0) ? (int)npages : 0;
@@ -2203,7 +2201,6 @@ static int kgsl_setup_anon_useraddr(struct kgsl_pagetable *pagetable, 


	entry->memdesc.pagetable = pagetable;

	entry->memdesc.size = (uint64_t) size;

	entry->memdesc.useraddr = hostptr;

	entry->memdesc.flags |= (uint64_t)KGSL_MEMFLAGS_USERMEM_ADDR;



	if (kgsl_memdesc_use_cpu_map(&entry->memdesc)) {
@@ -2211,15 +2208,15 @@ static int kgsl_setup_anon_useraddr(struct kgsl_pagetable *pagetable, 


		/* Register the address in the database */

		ret = kgsl_mmu_set_svm_region(pagetable,

			(uint64_t) entry->memdesc.useraddr, (uint64_t) size);

			(uint64_t) hostptr, (uint64_t) size);



		if (ret)

			return ret;



		entry->memdesc.gpuaddr = (uint64_t)  entry->memdesc.useraddr;

		entry->memdesc.gpuaddr = (uint64_t) hostptr;

	}



	return memdesc_sg_virt(&entry->memdesc);

	return memdesc_sg_virt(&entry->memdesc, hostptr);

}



#ifdef CONFIG_DMA_SHARED_BUFFER
@@ -2304,8 +2301,7 @@ static int kgsl_setup_dmabuf_useraddr(struct kgsl_device *device, 
		return ret;

	}



	/* Setup the user addr/cache mode for cache operations */

	entry->memdesc.useraddr = hostptr;

	/* Setup the cache mode for cache operations */

	_setup_cache_mode(entry, vma);

	up_read(&current->mm->mmap_sem);

	return 0;
@@ -3318,7 +3314,12 @@ long kgsl_ioctl_gpumem_get_info(struct kgsl_device_private *dev_priv, 
	param->flags = (unsigned int) entry->memdesc.flags;

	param->size = (size_t) entry->memdesc.size;

	param->mmapsize = (size_t) kgsl_memdesc_footprint(&entry->memdesc);

	param->useraddr = entry->memdesc.useraddr;

	/*

	 * Entries can have multiple user mappings so thre isn't any one address

	 * we can report. Plus, the user should already know their mappings, so

	 * there isn't any value in reporting it back to them.

	 */

	param->useraddr = 0;



	kgsl_mem_entry_put(entry);

	return result;
@@ -3787,9 +3788,6 @@ static int _sparse_bind(struct kgsl_process_private *process, 
	if (memdesc->gpuaddr)

		return -EINVAL;



	if (memdesc->useraddr != 0)

		return -EINVAL;



	pagetable = memdesc->pagetable;



	/* Clear out any mappings */
@@ -4069,7 +4067,12 @@ long kgsl_ioctl_gpuobj_info(struct kgsl_device_private *dev_priv, 
	param->flags = entry->memdesc.flags;

	param->size = entry->memdesc.size;

	param->va_len = kgsl_memdesc_footprint(&entry->memdesc);

	param->va_addr = (uint64_t) entry->memdesc.useraddr;

	/*

	 * Entries can have multiple user mappings so thre isn't any one address

	 * we can report. Plus, the user should already know their mappings, so

	 * there isn't any value in reporting it back to them.

	 */

	param->va_addr = 0;



	kgsl_mem_entry_put(entry);

	return 0;
@@ -4176,24 +4179,21 @@ static void kgsl_gpumem_vm_open(struct vm_area_struct *vma) 


	if (kgsl_mem_entry_get(entry) == 0)

		vma->vm_private_data = NULL;



	atomic_inc(&entry->map_count);

}



static int

kgsl_gpumem_vm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)

{

	struct kgsl_mem_entry *entry = vma->vm_private_data;

	int ret;



	if (!entry)

		return VM_FAULT_SIGBUS;

	if (!entry->memdesc.ops || !entry->memdesc.ops->vmfault)

		return VM_FAULT_SIGBUS;



	ret = entry->memdesc.ops->vmfault(&entry->memdesc, vma, vmf);

	if ((ret == 0) || (ret == VM_FAULT_NOPAGE))

		entry->priv->gpumem_mapped += PAGE_SIZE;



	return ret;

	return entry->memdesc.ops->vmfault(&entry->memdesc, vma, vmf);

}



static void
@@ -4204,7 +4204,13 @@ kgsl_gpumem_vm_close(struct vm_area_struct *vma) 
	if (!entry)

		return;



	entry->memdesc.useraddr = 0;

	/*

	 * Remove the memdesc from the mapped stat once all the mappings have

	 * gone away

	 */

	if (!atomic_dec_return(&entry->map_count))

		entry->priv->gpumem_mapped -= entry->memdesc.size;



	kgsl_mem_entry_put(entry);

}
@@ -4243,7 +4249,8 @@ get_mmap_entry(struct kgsl_process_private *private, 
		}

	}



	if (entry->memdesc.useraddr != 0) {

	/* Don't allow ourselves to remap user memory */

	if (entry->memdesc.flags & KGSL_MEMFLAGS_USERMEM_ADDR) {

		ret = -EBUSY;

		goto err_put;

	}
@@ -4276,19 +4283,34 @@ static unsigned long _gpu_set_svm_region(struct kgsl_process_private *private, 
{

	int ret;



	/*

	 * Protect access to the gpuaddr here to prevent multiple vmas from

	 * trying to map a SVM region at the same time

	 */

	spin_lock(&entry->memdesc.lock);



	if (entry->memdesc.gpuaddr) {

		spin_unlock(&entry->memdesc.lock);

		return (unsigned long) -EBUSY;

	}



	ret = kgsl_mmu_set_svm_region(private->pagetable, (uint64_t) addr,

		(uint64_t) size);



	if (ret != 0)

		return ret;

	if (ret != 0) {

		spin_unlock(&entry->memdesc.lock);

		return (unsigned long) ret;

	}



	entry->memdesc.gpuaddr = (uint64_t) addr;

	spin_unlock(&entry->memdesc.lock);



	entry->memdesc.pagetable = private->pagetable;



	ret = kgsl_mmu_map(private->pagetable, &entry->memdesc);

	if (ret) {

		kgsl_mmu_put_gpuaddr(&entry->memdesc);

		return ret;

		return (unsigned long) ret;

	}



	kgsl_memfree_purge(private->pagetable, entry->memdesc.gpuaddr,
@@ -4351,6 +4373,14 @@ static unsigned long _search_range(struct kgsl_process_private *private, 
		result = _gpu_set_svm_region(private, entry, cpu, len);

		if (!IS_ERR_VALUE(result))

			break;

		/*

		 * _gpu_set_svm_region will return -EBUSY if we tried to set up

		 * SVM on an object that already has a GPU address. If

		 * that happens don't bother walking the rest of the

		 * region

		 */

		if ((long) result == -EBUSY)

			return -EBUSY;



		trace_kgsl_mem_unmapped_area_collision(entry, cpu, len);
@@ -4570,9 +4600,10 @@ static int kgsl_mmap(struct file *file, struct vm_area_struct *vma) 


	vma->vm_file = file;



	entry->memdesc.useraddr = vma->vm_start;

	if (atomic_inc_return(&entry->map_count) == 1)

		entry->priv->gpumem_mapped += entry->memdesc.size;



	trace_kgsl_mem_mmap(entry);

	trace_kgsl_mem_mmap(entry, vma->vm_start);

	return 0;

}

drivers/gpu/msm/kgsl.h

+11 −5
Original line number Diff line number Diff line 
/* Copyright (c) 2008-2020, The Linux Foundation. All rights reserved.

/* Copyright (c) 2008-2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -196,11 +196,9 @@ struct kgsl_memdesc_ops { 
 * @pagetable: Pointer to the pagetable that the object is mapped in

 * @hostptr: Kernel virtual address

 * @hostptr_count: Number of threads using hostptr

 * @useraddr: User virtual address (if applicable)

 * @gpuaddr: GPU virtual address

 * @physaddr: Physical address of the memory object

 * @size: Size of the memory object

 * @mapsize: Size of memory mapped in userspace

 * @priv: Internal flags and settings

 * @sgt: Scatter gather table for allocated pages

 * @ops: Function hooks for the memdesc memory type
@@ -215,11 +213,9 @@ struct kgsl_memdesc { 
	struct kgsl_pagetable *pagetable;

	void *hostptr;

	unsigned int hostptr_count;

	unsigned long useraddr;

	uint64_t gpuaddr;

	phys_addr_t physaddr;

	uint64_t size;

	uint64_t mapsize;

	unsigned int priv;

	struct sg_table *sgt;

	struct kgsl_memdesc_ops *ops;
@@ -229,6 +225,11 @@ struct kgsl_memdesc { 
	struct page **pages;

	unsigned int page_count;

	unsigned int cur_bindings;

	/*

	 * @lock: Spinlock to protect the gpuaddr from being accessed by

	 * multiple entities trying to map the same SVM region at once

	 */

	spinlock_t lock;

};



/*
@@ -277,6 +278,11 @@ struct kgsl_mem_entry { 
	struct work_struct work;

	spinlock_t bind_lock;

	struct rb_root bind_tree;

	/*

	 * @map_count: Count how many vmas this object is mapped in - used for

	 * debugfs accounting

	 */

	atomic_t map_count;

};



struct kgsl_device_private;

drivers/gpu/msm/kgsl_debugfs.c

+15 −7
Original line number Diff line number Diff line 
/* Copyright (c) 2002,2008-2017,2020, The Linux Foundation. All rights reserved.

/* Copyright (c) 2002,2008-2017,2020-2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -152,7 +152,11 @@ static int print_mem_entry(void *data, void *ptr) 
	flags[3] = get_alignflag(m);

	flags[4] = get_cacheflag(m);

	flags[5] = kgsl_memdesc_use_cpu_map(m) ? 'p' : '-';

	flags[6] = (m->useraddr) ? 'Y' : 'N';

	/*

	 * Show Y if at least one vma has this entry

	 * mapped (could be multiple)

	 */

	flags[6] = atomic_read(&entry->map_count) ? 'Y' : 'N';

	flags[7] = kgsl_memdesc_is_secured(m) ?  's' : '-';

	flags[8] = m->flags & KGSL_MEMFLAGS_SPARSE_PHYS ? 'P' : '-';

	flags[9] = '\0';
@@ -163,12 +167,16 @@ static int print_mem_entry(void *data, void *ptr) 
		kgsl_get_egl_counts(entry, &egl_surface_count,

						&egl_image_count);



	seq_printf(s, "%pK %pK %16llu %5d %9s %10s %16s %5d %16llu %6d %6d",

	seq_printf(s, "%pK %d %16llu %5d %9s %10s %16s %5d %16d %6d %6d",

			(uint64_t *)(uintptr_t) m->gpuaddr,

			(unsigned long *) m->useraddr,

			m->size, entry->id, flags,

			/*

			 * Show zero for the useraddr - we can't reliably track

			 * that value for multiple vmas anyway

			 */

			0, m->size, entry->id, flags,

			memtype_str(usermem_type),

			usage, (m->sgt ? m->sgt->nents : 0), m->mapsize,

			usage, (m->sgt ? m->sgt->nents : 0),

			atomic_read(&entry->map_count),

			egl_surface_count, egl_image_count);



	if (entry->metadata[0] != 0)
@@ -239,7 +247,7 @@ static int process_mem_seq_show(struct seq_file *s, void *ptr) 
	if (ptr == SEQ_START_TOKEN) {

		seq_printf(s, "%16s %16s %16s %5s %9s %10s %16s %5s %16s %6s %6s\n",

			"gpuaddr", "useraddr", "size", "id", "flags", "type",

			"usage", "sglen", "mapsize", "eglsrf", "eglimg");

			"usage", "sglen", "mapcount", "eglsrf", "eglimg");

		return 0;

	} else

		return print_mem_entry(s, ptr);

drivers/gpu/msm/kgsl_iommu.c

+6 −1
Original line number Diff line number Diff line 
/* Copyright (c) 2011-2020, The Linux Foundation. All rights reserved.

/* Copyright (c) 2011-2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -2523,6 +2523,11 @@ static int kgsl_iommu_get_gpuaddr(struct kgsl_pagetable *pagetable, 
		goto out;

	}



	/*

	 * This path is only called in a non-SVM path with locks so we can be

	 * sure we aren't racing with anybody so we don't need to worry about

	 * taking the lock

	 */

	ret = _insert_gpuaddr(pagetable, addr, size);

	if (ret == 0) {

		memdesc->gpuaddr = addr;

drivers/gpu/msm/kgsl_mmu.c

+8 −2
Original line number Diff line number Diff line 
/* Copyright (c) 2002,2007-2017, The Linux Foundation. All rights reserved.

/* Copyright (c) 2002,2007-2017,2021, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -450,10 +450,16 @@ void kgsl_mmu_put_gpuaddr(struct kgsl_memdesc *memdesc) 
	if (PT_OP_VALID(pagetable, put_gpuaddr) && (unmap_fail == 0))

		pagetable->pt_ops->put_gpuaddr(memdesc);



	memdesc->pagetable = NULL;



	/*

	 * If SVM tries to take a GPU address it will lose the race until the

	 * gpuaddr returns to zero so we shouldn't need to worry about taking a

	 * lock here

	 */

	if (!kgsl_memdesc_is_global(memdesc))

		memdesc->gpuaddr = 0;



	memdesc->pagetable = NULL;

}

EXPORT_SYMBOL(kgsl_mmu_put_gpuaddr);