drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
For Gen7, the original cmdparser motive was to permit limited use of register read/write instructions in unprivileged BB's. This worked by copying the user supplied bb to a kmd owned bb, and running it in secure mode, from the ggtt, only if the scanner finds no unsafe commands or registers. For Gen8+ we can't use this same technique because running bb's from the ggtt also disables access to ppgtt space. But we also do not actually require 'secure' execution since we are only trying to reduce the available command/register set. Instead we will copy the user buffer to a kmd owned read-only bb in ppgtt, and run in the usual non-secure mode. Note that ro pages are only supported by ppgtt (not ggtt), but luckily that's exactly what we need. Add the required paths to map the shadow buffer to ppgtt ro for Gen8+ v2: IS_GEN7/IS_GEN (Mika) v3: rebase v4: rebase v5: rebase Signed-off-by: Jon Bloomfield <jon.bloomfield@intel.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Dave Airlie <airlied@redhat.com> Cc: Takashi Iwai <tiwai@suse.de> Cc: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com> Reviewed-by: Chris Wilson <chris.p.wilson@intel.com>
This commit is contained in:
parent
311a50e76a
commit
4f7af1948a
drivers/gpu/drm/i915
@ -1956,6 +1956,34 @@ static int i915_reset_gen7_sol_offsets(struct i915_request *rq)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static struct i915_vma *
|
||||||
|
shadow_batch_pin(struct i915_execbuffer *eb, struct drm_i915_gem_object *obj)
|
||||||
|
{
|
||||||
|
struct drm_i915_private *dev_priv = eb->i915;
|
||||||
|
struct i915_vma * const vma = *eb->vma;
|
||||||
|
struct i915_address_space *vm;
|
||||||
|
u64 flags;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* PPGTT backed shadow buffers must be mapped RO, to prevent
|
||||||
|
* post-scan tampering
|
||||||
|
*/
|
||||||
|
if (CMDPARSER_USES_GGTT(dev_priv)) {
|
||||||
|
flags = PIN_GLOBAL;
|
||||||
|
vm = &dev_priv->ggtt.vm;
|
||||||
|
eb->batch_flags |= I915_DISPATCH_SECURE;
|
||||||
|
} else if (vma->vm->has_read_only) {
|
||||||
|
flags = PIN_USER;
|
||||||
|
vm = vma->vm;
|
||||||
|
i915_gem_object_set_readonly(obj);
|
||||||
|
} else {
|
||||||
|
DRM_DEBUG("Cannot prevent post-scan tampering without RO capable vm\n");
|
||||||
|
return ERR_PTR(-EINVAL);
|
||||||
|
}
|
||||||
|
|
||||||
|
return i915_gem_object_pin(obj, vm, NULL, 0, 0, flags);
|
||||||
|
}
|
||||||
|
|
||||||
static struct i915_vma *eb_parse(struct i915_execbuffer *eb)
|
static struct i915_vma *eb_parse(struct i915_execbuffer *eb)
|
||||||
{
|
{
|
||||||
struct intel_engine_pool_node *pool;
|
struct intel_engine_pool_node *pool;
|
||||||
@ -1972,14 +2000,21 @@ static struct i915_vma *eb_parse(struct i915_execbuffer *eb)
|
|||||||
eb->batch_start_offset,
|
eb->batch_start_offset,
|
||||||
eb->batch_len);
|
eb->batch_len);
|
||||||
if (err) {
|
if (err) {
|
||||||
if (err == -EACCES) /* unhandled chained batch */
|
/*
|
||||||
|
* Unsafe GGTT-backed buffers can still be submitted safely
|
||||||
|
* as non-secure.
|
||||||
|
* For PPGTT backing however, we have no choice but to forcibly
|
||||||
|
* reject unsafe buffers
|
||||||
|
*/
|
||||||
|
if (CMDPARSER_USES_GGTT(eb->i915) && (err == -EACCES))
|
||||||
|
/* Execute original buffer non-secure */
|
||||||
vma = NULL;
|
vma = NULL;
|
||||||
else
|
else
|
||||||
vma = ERR_PTR(err);
|
vma = ERR_PTR(err);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
vma = i915_gem_object_ggtt_pin(pool->obj, NULL, 0, 0, 0);
|
vma = shadow_batch_pin(eb, pool->obj);
|
||||||
if (IS_ERR(vma))
|
if (IS_ERR(vma))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -1989,6 +2024,10 @@ static struct i915_vma *eb_parse(struct i915_execbuffer *eb)
|
|||||||
vma->exec_flags = &eb->flags[eb->buffer_count];
|
vma->exec_flags = &eb->flags[eb->buffer_count];
|
||||||
eb->buffer_count++;
|
eb->buffer_count++;
|
||||||
|
|
||||||
|
eb->batch_start_offset = 0;
|
||||||
|
eb->batch = vma;
|
||||||
|
/* eb->batch_len unchanged */
|
||||||
|
|
||||||
vma->private = pool;
|
vma->private = pool;
|
||||||
return vma;
|
return vma;
|
||||||
|
|
||||||
@ -2546,21 +2585,6 @@ i915_gem_do_execbuffer(struct drm_device *dev,
|
|||||||
err = PTR_ERR(vma);
|
err = PTR_ERR(vma);
|
||||||
goto err_vma;
|
goto err_vma;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (vma) {
|
|
||||||
/*
|
|
||||||
* Batch parsed and accepted:
|
|
||||||
*
|
|
||||||
* Set the DISPATCH_SECURE bit to remove the NON_SECURE
|
|
||||||
* bit from MI_BATCH_BUFFER_START commands issued in
|
|
||||||
* the dispatch_execbuffer implementations. We
|
|
||||||
* specifically don't want that set on batches the
|
|
||||||
* command parser has accepted.
|
|
||||||
*/
|
|
||||||
eb.batch_flags |= I915_DISPATCH_SECURE;
|
|
||||||
eb.batch_start_offset = 0;
|
|
||||||
eb.batch = vma;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (eb.batch_len == 0)
|
if (eb.batch_len == 0)
|
||||||
|
@ -2075,6 +2075,12 @@ IS_SUBPLATFORM(const struct drm_i915_private *i915,
|
|||||||
#define VEBOX_MASK(dev_priv) \
|
#define VEBOX_MASK(dev_priv) \
|
||||||
ENGINE_INSTANCES_MASK(dev_priv, VECS0, I915_MAX_VECS)
|
ENGINE_INSTANCES_MASK(dev_priv, VECS0, I915_MAX_VECS)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The Gen7 cmdparser copies the scanned buffer to the ggtt for execution
|
||||||
|
* All later gens can run the final buffer from the ppgtt
|
||||||
|
*/
|
||||||
|
#define CMDPARSER_USES_GGTT(dev_priv) IS_GEN(dev_priv, 7)
|
||||||
|
|
||||||
#define HAS_LLC(dev_priv) (INTEL_INFO(dev_priv)->has_llc)
|
#define HAS_LLC(dev_priv) (INTEL_INFO(dev_priv)->has_llc)
|
||||||
#define HAS_SNOOP(dev_priv) (INTEL_INFO(dev_priv)->has_snoop)
|
#define HAS_SNOOP(dev_priv) (INTEL_INFO(dev_priv)->has_snoop)
|
||||||
#define HAS_EDRAM(dev_priv) ((dev_priv)->edram_size_mb)
|
#define HAS_EDRAM(dev_priv) ((dev_priv)->edram_size_mb)
|
||||||
@ -2285,6 +2291,14 @@ int i915_gem_object_unbind(struct drm_i915_gem_object *obj,
|
|||||||
unsigned long flags);
|
unsigned long flags);
|
||||||
#define I915_GEM_OBJECT_UNBIND_ACTIVE BIT(0)
|
#define I915_GEM_OBJECT_UNBIND_ACTIVE BIT(0)
|
||||||
|
|
||||||
|
struct i915_vma * __must_check
|
||||||
|
i915_gem_object_pin(struct drm_i915_gem_object *obj,
|
||||||
|
struct i915_address_space *vm,
|
||||||
|
const struct i915_ggtt_view *view,
|
||||||
|
u64 size,
|
||||||
|
u64 alignment,
|
||||||
|
u64 flags);
|
||||||
|
|
||||||
void i915_gem_runtime_suspend(struct drm_i915_private *dev_priv);
|
void i915_gem_runtime_suspend(struct drm_i915_private *dev_priv);
|
||||||
|
|
||||||
static inline int __must_check
|
static inline int __must_check
|
||||||
|
@ -964,6 +964,20 @@ i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj,
|
|||||||
{
|
{
|
||||||
struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
|
struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
|
||||||
struct i915_address_space *vm = &dev_priv->ggtt.vm;
|
struct i915_address_space *vm = &dev_priv->ggtt.vm;
|
||||||
|
|
||||||
|
return i915_gem_object_pin(obj, vm, view, size, alignment,
|
||||||
|
flags | PIN_GLOBAL);
|
||||||
|
}
|
||||||
|
|
||||||
|
struct i915_vma *
|
||||||
|
i915_gem_object_pin(struct drm_i915_gem_object *obj,
|
||||||
|
struct i915_address_space *vm,
|
||||||
|
const struct i915_ggtt_view *view,
|
||||||
|
u64 size,
|
||||||
|
u64 alignment,
|
||||||
|
u64 flags)
|
||||||
|
{
|
||||||
|
struct drm_i915_private *dev_priv = to_i915(obj->base.dev);
|
||||||
struct i915_vma *vma;
|
struct i915_vma *vma;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -1038,7 +1052,7 @@ i915_gem_object_ggtt_pin(struct drm_i915_gem_object *obj,
|
|||||||
return ERR_PTR(ret);
|
return ERR_PTR(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = i915_vma_pin(vma, size, alignment, flags | PIN_GLOBAL);
|
ret = i915_vma_pin(vma, size, alignment, flags);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ERR_PTR(ret);
|
return ERR_PTR(ret);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user