tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

drm/msm/a6xx: Track current_ctx_seqno per ring

With preemption it is not enough to track the current_ctx_seqno globally
as execution might switch between rings.

This is especially problematic when current_ctx_seqno is used to
determine whether a page table switch is necessary as it might lead to
security bugs.

Track current context per ring.

Tested-by: Rob Clark <robdclark@gmail.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-QRD
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8450-HDK
Signed-off-by: Antonino Maniscalco <antomani103@gmail.com>
Patchwork: https://patchwork.freedesktop.org/patch/618012/
Signed-off-by: Rob Clark <robdclark@chromium.org>

authored by

Antonino Maniscalco and committed by
Rob Clark 3241504e 76a28f4c

+23 -22
+1 -1
drivers/gpu/drm/msm/adreno/a2xx_gpu.c
··· 22 22 break; 23 23 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 24 24 /* ignore if there has not been a ctx switch: */ 25 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 25 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 26 26 break; 27 27 fallthrough; 28 28 case MSM_SUBMIT_CMD_BUF:
+1 -1
drivers/gpu/drm/msm/adreno/a3xx_gpu.c
··· 40 40 break; 41 41 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 42 42 /* ignore if there has not been a ctx switch: */ 43 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 43 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 44 44 break; 45 45 fallthrough; 46 46 case MSM_SUBMIT_CMD_BUF:
+1 -1
drivers/gpu/drm/msm/adreno/a4xx_gpu.c
··· 34 34 break; 35 35 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 36 36 /* ignore if there has not been a ctx switch: */ 37 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 37 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 38 38 break; 39 39 fallthrough; 40 40 case MSM_SUBMIT_CMD_BUF:
+3 -3
drivers/gpu/drm/msm/adreno/a5xx_gpu.c
··· 77 77 case MSM_SUBMIT_CMD_IB_TARGET_BUF: 78 78 break; 79 79 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 80 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 80 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 81 81 break; 82 82 fallthrough; 83 83 case MSM_SUBMIT_CMD_BUF: ··· 132 132 unsigned int i, ibs = 0; 133 133 134 134 if (IS_ENABLED(CONFIG_DRM_MSM_GPU_SUDO) && submit->in_rb) { 135 - gpu->cur_ctx_seqno = 0; 135 + ring->cur_ctx_seqno = 0; 136 136 a5xx_submit_in_rb(gpu, submit); 137 137 return; 138 138 } ··· 171 171 case MSM_SUBMIT_CMD_IB_TARGET_BUF: 172 172 break; 173 173 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 174 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 174 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 175 175 break; 176 176 fallthrough; 177 177 case MSM_SUBMIT_CMD_BUF:
+6 -4
drivers/gpu/drm/msm/adreno/a6xx_gpu.c
··· 109 109 u32 asid; 110 110 u64 memptr = rbmemptr(ring, ttbr0); 111 111 112 - if (ctx->seqno == a6xx_gpu->base.base.cur_ctx_seqno) 112 + if (ctx->seqno == ring->cur_ctx_seqno) 113 113 return; 114 114 115 115 if (msm_iommu_pagetable_params(ctx->aspace->mmu, &ttbr, &asid)) ··· 219 219 case MSM_SUBMIT_CMD_IB_TARGET_BUF: 220 220 break; 221 221 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 222 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 222 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 223 223 break; 224 224 fallthrough; 225 225 case MSM_SUBMIT_CMD_BUF: ··· 305 305 case MSM_SUBMIT_CMD_IB_TARGET_BUF: 306 306 break; 307 307 case MSM_SUBMIT_CMD_CTX_RESTORE_BUF: 308 - if (gpu->cur_ctx_seqno == submit->queue->ctx->seqno) 308 + if (ring->cur_ctx_seqno == submit->queue->ctx->seqno) 309 309 break; 310 310 fallthrough; 311 311 case MSM_SUBMIT_CMD_BUF: ··· 854 854 struct a6xx_gpu *a6xx_gpu = to_a6xx_gpu(adreno_gpu); 855 855 struct a6xx_gmu *gmu = &a6xx_gpu->gmu; 856 856 u64 gmem_range_min; 857 + unsigned int i; 857 858 int ret; 858 859 859 860 if (!adreno_has_gmu_wrapper(adreno_gpu)) { ··· 1136 1135 /* Always come up on rb 0 */ 1137 1136 a6xx_gpu->cur_ring = gpu->rb[0]; 1138 1137 1139 - gpu->cur_ctx_seqno = 0; 1138 + for (i = 0; i < gpu->nr_rings; i++) 1139 + gpu->rb[i]->cur_ctx_seqno = 0; 1140 1140 1141 1141 /* Enable the SQE_to start the CP engine */ 1142 1142 gpu_write(gpu, REG_A6XX_CP_SQE_CNTL, 1);
+1 -1
drivers/gpu/drm/msm/msm_gpu.c
··· 783 783 mutex_unlock(&gpu->active_lock); 784 784 785 785 gpu->funcs->submit(gpu, submit); 786 - gpu->cur_ctx_seqno = submit->queue->ctx->seqno; 786 + submit->ring->cur_ctx_seqno = submit->queue->ctx->seqno; 787 787 788 788 pm_runtime_put(&gpu->pdev->dev); 789 789 hangcheck_timer_reset(gpu);
-11
drivers/gpu/drm/msm/msm_gpu.h
··· 194 194 refcount_t sysprof_active; 195 195 196 196 /** 197 - * cur_ctx_seqno: 198 - * 199 - * The ctx->seqno value of the last context to submit rendering, 200 - * and the one with current pgtables installed (for generations 201 - * that support per-context pgtables). Tracked by seqno rather 202 - * than pointer value to avoid dangling pointers, and cases where 203 - * a ctx can be freed and a new one created with the same address. 204 - */ 205 - int cur_ctx_seqno; 206 - 207 - /** 208 197 * lock: 209 198 * 210 199 * General lock for serializing all the gpu things.
+10
drivers/gpu/drm/msm/msm_ringbuffer.h
··· 100 100 * preemption. Can be aquired from irq context. 101 101 */ 102 102 spinlock_t preempt_lock; 103 + 104 + /** 105 + * cur_ctx_seqno: 106 + * 107 + * The ctx->seqno value of the last context to submit to this ring 108 + * Tracked by seqno rather than pointer value to avoid dangling 109 + * pointers, and cases where a ctx can be freed and a new one created 110 + * with the same address. 111 + */ 112 + int cur_ctx_seqno; 103 113 }; 104 114 105 115 struct msm_ringbuffer *msm_ringbuffer_new(struct msm_gpu *gpu, int id,