forked from Minki/linux
d23db88c3a
This is pure evil. Userspace, I'm looking at you SNA, repacks batch buffers on the fly after generation as they are being passed to the kernel for execution. These batches also contain self-referenced relocations as a single buffer encompasses the state commands, kernels, vertices and sampler. During generation the buffers are placed at known offsets within the full batch, and then the relocation deltas (as passed to the kernel) are tweaked as the batch is repacked into a smaller buffer. This means that userspace is passing negative relocations deltas, which subsequently wrap to large values if the batch is at a low address. The GPU hangs when it then tries to use the large value as a base for its address offsets, rather than wrapping back to the real value (as one would hope). As the GPU uses positive offsets from the base, we can treat the relocation address as the minimum address read by the GPU. For the upper bound, we trust that userspace will not read beyond the end of the buffer. So, how do we fix negative relocations from wrapping? We can either check that every relocation looks valid when we write it, and then position each object such that we prevent the offset wraparound, or we just special-case the self-referential behaviour of SNA and force all batches to be above 256k. Daniel prefers the latter approach. This fixes a GPU hang when it tries to use an address (relocation + offset) greater than the GTT size. The issue would occur quite easily with full-ppgtt as each fd gets its own VM space, so low offsets would often be handed out. However, with the rearrangement of the low GTT due to capturing the BIOS framebuffer, it is already affecting kernels 3.15 onwards. I think only IVB+ is susceptible to this bug, but the workaround should only kick in rarely, so it seems sensible to always apply it. v3: Use a bias for batch buffers to prevent small negative delta relocations from wrapping. v4 from Daniel: - s/BIAS/BATCH_OFFSET_BIAS/ - Extract eb_vma_misplaced/i915_vma_misplaced since the conditions were growing rather cumbersome. - Add a comment to eb_get_batch explaining why we do this. - Apply the batch offset bias everywhere but mention that we've only observed it on gen7 gpus. - Drop PIN_OFFSET_FIX for now, that slipped in from a feature patch. v5: Add static to eb_get_batch, spotted by 0-day tester. Testcase: igt/gem_bad_reloc Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=78533 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> (v3) Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> |
||
---|---|---|
.. | ||
armada | ||
ast | ||
bochs | ||
bridge | ||
cirrus | ||
exynos | ||
gma500 | ||
i2c | ||
i810 | ||
i915 | ||
mga | ||
mgag200 | ||
msm | ||
nouveau | ||
omapdrm | ||
panel | ||
qxl | ||
r128 | ||
radeon | ||
rcar-du | ||
savage | ||
shmobile | ||
sis | ||
tdfx | ||
tegra | ||
tilcdc | ||
ttm | ||
udl | ||
via | ||
vmwgfx | ||
ati_pcigart.c | ||
drm_agpsupport.c | ||
drm_auth.c | ||
drm_buffer.c | ||
drm_bufs.c | ||
drm_cache.c | ||
drm_context.c | ||
drm_crtc_helper.c | ||
drm_crtc_internal.h | ||
drm_crtc.c | ||
drm_debugfs.c | ||
drm_dma.c | ||
drm_dp_helper.c | ||
drm_drv.c | ||
drm_edid_load.c | ||
drm_edid.c | ||
drm_encoder_slave.c | ||
drm_fb_cma_helper.c | ||
drm_fb_helper.c | ||
drm_flip_work.c | ||
drm_fops.c | ||
drm_gem_cma_helper.c | ||
drm_gem.c | ||
drm_global.c | ||
drm_hashtab.c | ||
drm_info.c | ||
drm_ioc32.c | ||
drm_ioctl.c | ||
drm_irq.c | ||
drm_lock.c | ||
drm_memory.c | ||
drm_mipi_dsi.c | ||
drm_mm.c | ||
drm_modes.c | ||
drm_panel.c | ||
drm_pci.c | ||
drm_plane_helper.c | ||
drm_platform.c | ||
drm_prime.c | ||
drm_probe_helper.c | ||
drm_rect.c | ||
drm_scatter.c | ||
drm_stub.c | ||
drm_sysfs.c | ||
drm_trace_points.c | ||
drm_trace.h | ||
drm_usb.c | ||
drm_vm.c | ||
drm_vma_manager.c | ||
Kconfig | ||
Makefile | ||
README.drm |
************************************************************ * For the very latest on DRI development, please see: * * http://dri.freedesktop.org/ * ************************************************************ The Direct Rendering Manager (drm) is a device-independent kernel-level device driver that provides support for the XFree86 Direct Rendering Infrastructure (DRI). The DRM supports the Direct Rendering Infrastructure (DRI) in four major ways: 1. The DRM provides synchronized access to the graphics hardware via the use of an optimized two-tiered lock. 2. The DRM enforces the DRI security policy for access to the graphics hardware by only allowing authenticated X11 clients access to restricted regions of memory. 3. The DRM provides a generic DMA engine, complete with multiple queues and the ability to detect the need for an OpenGL context switch. 4. The DRM is extensible via the use of small device-specific modules that rely extensively on the API exported by the DRM module. Documentation on the DRI is available from: http://dri.freedesktop.org/wiki/Documentation http://sourceforge.net/project/showfiles.php?group_id=387 http://dri.sourceforge.net/doc/ For specific information about kernel-level support, see: The Direct Rendering Manager, Kernel Support for the Direct Rendering Infrastructure http://dri.sourceforge.net/doc/drm_low_level.html Hardware Locking for the Direct Rendering Infrastructure http://dri.sourceforge.net/doc/hardware_locking_low_level.html A Security Analysis of the Direct Rendering Infrastructure http://dri.sourceforge.net/doc/security_low_level.html