Hold the context lock before updating the context id in
param->drawctxt_id to avoid race condition between context
creation and context destroy.
Change-Id: Ic26d3e5b68078c02d15c38080b1a262ea4b1f7fe
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
When allocating userspace memory keep reference to memory
allocation till it is completely initialized and info is sent back
to userspace.
Change-Id: Id72c82bf98c094ecbd4722813c732a998dcbb188
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
When creating a context allocate an ID but don't populate the slot
with the context pointer until we are done setup up the rest of the
process. This avoids a race if somebody tries to free the same
identifier before the create operation is complete.
Change-Id: Ic0dedbadca5b4cc4ce567afad48a33078b549439
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Sudeep Yedalapure <sudeepy@codeaurora.org>
The format specifier %p can leak kernel addresses
while not valuing the kptr_restrict system settings.
Use %pK instead of %p, which evaluates whether
kptr_restrict is set.
Change-Id: I0778e43e0a03852ca2944377256a7b401586a747
Signed-off-by: Divya Ponnusamy <pdivya@codeaurora.org>
Treat 0 as a valid fd instead of treating it as an error.
CRs-Fixed: 1030098
Change-Id: I4a1b14fcbca617bc2a43b30af7256edc3920f04c
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Probably overkill, but ensure that the struct pointer we are going
to dereference to send into kref calls is valid before we dereference.
Change-Id: I308176df9f7476a2a9f1357612381a93160ad698
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
If we add the mem entry pointer in the process idr and rb tree
too early, other threads can do operations on the entry by
guessing the ID or GPU address before the object gets returned
by the creating operation.
Allocate an ID for the object but don't assign the pointer until
right before the creating function returns ensuring that another
operation can't access it until it is ready.
CRs-Fixed: 1002974
Change-Id: Ic0dedbadc0dd2125bd2a7bcc152972c0555e07f8
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
We borrow the sg table pointer from the dmabuf if it exists instead
of creating our own. If it isn't zeroed after calling
kgsl_destroy_ion() then kgsl_sharedmem_free() thinks we own it tries
to walk it / free it. Since the buffer has been previously freed
bad things happen.
CRs-Fixed: 1010950
Change-Id: Ic0dedbadbf186a47b8533cc758ff0142744aa8b2
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Santhosh Punugu <spunug@codeaurora.org>
While releasing contexts take a reference to context inside read rcu
lock to avoid racing against context deletion. This will avoid using
dangling context pointer in device_release_contexts.
Change-Id: I76e787f6dde5a324fec23e81829174bd28134c6c
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
For user memory of type KGSL_USER_MEM_TYPE_ADDR mapped to GPU driver
verify permissions and map GPU permissions same as CPU permissions.
If elevated permissions are requested return an error to prevent
privilege escalation. Without this check user could map readonly
memory into GPU driver as readwrite and gain elevated privilege.
Write permissions check is currently inverted causing readonly
user pages to be mapped as readwrite in GPU driver. Fix this
check to map readonly pages as readonly.
CRs-Fixed: 988993
Change-Id: I0e097d7e4e4c414c0849e33bcc61a26fb94291ad
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
If any of the Graphics rendering threads are running
on masked CPUs, avoid L2PC for some duration on that
CPU. This reduces latency on CPU (latency mainly
because of L2 cache flush) and helps on performance.
This change uses pm_qos_update_request_timeout() API.
Add l2pc-cpu-mask property in device tree to enable
this.
CRs-Fixed: 962598
Change-Id: If90090cd2c68ea7c07e269723931fef7201ef136
Signed-off-by: Prakash Kamliya <pkamliya@codeaurora.org>
Fix many places where we needlessly use the wrong type
or pointer decoration.
Change-Id: Ic60e91389c5a577970ffe37d4511baf3a45fea35
Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>
Signed-off-by: Prakash Kamliya <pkamliya@codeaurora.org>
Initialize local pagetable pointer to NULL in the function
kgsl_mem_entry_attach_process(). This avoids GPU page faults in
case GPU address for the memory entry does not exist.
Change-Id: Ibb37f085bc38b025e5c7305e662c5d6d5ab8106c
Signed-off-by: Lokesh Batra <lbatra@codeaurora.org>
We should not be mapping secure buffers into the CPU pagetables
since these buffers should only be accessed by the GPU in secure
mode. If the userspace does try to access this buffer, that will
trigger a stage 2 page fault and crash the device.
Change-Id: I4464a0a4edbc33df155b6c4103e77fc81d02e84a
Signed-off-by: Shrenuj Bansal <shrenujb@codeaurora.org>
Make downcasts from 64 bit addresses and sizes match the
ioctl definitions, unsigned long and size_t, rather than
unsigned int. This allows these ioctls to work with
64 bit GPU addresses if the calling process is also 64 bit.
Change-Id: I4e1772eca3715ccaa92f49197dccb96229cb07ca
Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>
Using ftrace from mem_map and mem_free before the process information
is stored in the entry will cause ftrace to dereference NULL. Wait for
this information to be set before tracing.
Change-Id: I5a5b67f2c019fe87a9697923847d4cd42fe5939f
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
There are several points during the submission pipeline where we can
bail if the context has been detached. Return -ENOENT in those cases
so the dispatcher can 1) not try to requeue the command or the
context and 2) not log an error (detached commands should be
silently discarded).
Change-Id: Ic0dedbad5d67b24e8bd2804647133d03617ea8dc
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
'cat /dev/kgsl-3d0' is the first smoke test that everybody runs when
bringing up a new GPU since it can be run without any other tools
and verifies the full power / initialization path. Instead of just
returning -EINVAL for a read print a little message to let the user
know that indeed, the GPU is up and happy.
Change-Id: Ic0dedbadf9c8a2a926142a79802d8a340892bc3d
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
This flag doesn't represent anything that any ARM architecture iommu
can actually do. If userspace sets it in the allocation flags, it will
be clear when their ioctl returns and userspace can decide to fail
if necessary.
Change-Id: I956f6ee51e4f2d898b75ae34921459d1d756bd54
Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
Check whether MMU is enabled or not before we really
destroy the pagetable.
Change-Id: Ic5fb794d16ae88573de36e5b9c2f289f5bd92ac1
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
In a low memory state, mem error messages can get flooded
causing a watchdog bite. Ratelimit these messages to avoid
the same.
CRs-Fixed: 854148
Change-Id: I8acfeea38278a1f1aec4767f0037a883cc625090
Signed-off-by: Harshdeep Dhatt <hdhatt@codeaurora.org>
Add IOCTL_KGSL_GPU_COMMAND to replace all command submission
APIs before it and support real memory object lists and 64 bit
addressing.
Change-Id: Ic0dedbad1adebb18880d269b13d9fb887ee7c477
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Move the cmdbatch code to kgsl_cmdbatch.c to further
uncomplicate kgsl.c and consolidate some of the nastier
bits in one spot.
Change-Id: Ic0dedbadb0ba18242ec414e2d0a04fd69bd9bee8
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Add IOCTL_KGSL_GPUOBJ_SYNC to replace IOCTL_KGSL_GPUMEM_SYNC_CACHE
and IOCTL_KGSL_GPUMEM_SYNC_CACHE_BULK to support 64 bit GPU addressing
Change-Id: Ic0dedbad518975a1fadff5035d9d77d455277962
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Add IOCTL_KGSL_GPUOBJ_IMPORT to replace IOCTL_KGSL_MAP_USER_MEM
for 64 bit GPU addressing. Only dma-buf and user address mapping
are supported in the new API (deprecating ASHMEM and PMEM).
Change-Id: Ic0dedbada58f8690d3de9c255bb9f4943beb0e48
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Add IOCTL_KGSL_GPUOBJ_INFO to replace IOCTL_KGSL_GPUMEM_GET_INFO
to support 64 bit GPU addressing.
Change-Id: Ic0dedbad311f49537a670c3a59bf75e0df5438a5
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
We need to support A5XX on the msm-3.10 branch. Squash all
the changes from msm-3.14 onto msm-3.10 to facilitate this.
Tip commit of msm-3.14 where this was squashed from:
27f1b4d442086ef081141988563e3d48714202c0
Change-Id: Id79b0f274c252c6a37718ec6dd437ffa5e34c4a6
Signed-off-by: Shrenuj Bansal <shrenujb@codeaurora.org>
Before deleting memory entries, detach page table from the list
for last fd close of a process. This will keep one to one mapping
between process private and page table.This fixes the issue where
new allocations under a new process structure do not conflict
with addresses mapped in older pagetable.
CRs-Fixed: 785064
Change-Id: I9e21fee93d7dee889199a3dc61f16cd8797b10bf
Signed-off-by: Rajeev Kulkarni <krajeev@codeaurora.org>
A spinlock deadlock can occur between the spinlock in drawctxt
and the spinlock in cmdbatch. Two thread traces that can cause
deadlock are:
1. _kgsl_cmdbatch_timer(gets spin_lock(&cmdbatch->lock))-
>kgsl_sync_fence_log->sync_fence_log->sync_pt_log-
>kgsl_sync_pt_log->kgsl_context_dump-
>adreno_drawctxt_dump(gets spin_lock(&drawctxt->lock))
2. sync_fence_wait->sync_fence_log->sync_pt_log->kgsl_sync_pt_log-
>kgsl_context_dump-
>adreno_drawctxt_dump(gets spin_lock(&drawctxt->lock) and
then tries to get spin_lock(&cmdbatch->lock))
In thread 1 above it gets spin_lock(&cmdbatch->lock) first and then
spin_lock(&drawctxt->lock) where as thread 2 takes
spin_lock(&drawctxt->lock) first followed by spin_lock(&cmdbatch->lock)
which can cause a deadlock since the 2 threads are not taking the
locks in same order.
Fix is to make thread 1 take spin_lock(&drawctxt->lock) before
spin_lock(&cmdbatch->lock).
Change-Id: I50304f3db31466ca9b7acc910d66228c53bb30a8
CRs-Fixed: 786667
Signed-off-by: Shubhraprakash Das <sadas@codeaurora.org>
Make all interaction between kgsl code and kgsl power code state
oriented. Function calls between the two should change the state
and checks involving power should be against the state. As part
of this transition add the "AWARE" state. In this state the GPU
is powered up but timers and interrupts are disabled to maintain
the current context. This state is used for initialization and
error conditions.
Change-Id: I743630fb14ad10f6f5e25fdb25d1ae23d85f0cbc
Signed-off-by: Lucille Sylvester <lsylvest@codeaurora.org>
If the device doesn't support content protection, make the failing
IOCTLS return EOPNOTSUPP instead of EINVAL, so that the userspace
code knows that this feature is not supported.
Change-Id: I5071417f94f89b9a98654412d045944bd7bde7c3
Signed-off-by: Lynus Vaz <lvaz@codeaurora.org>
A sync fence timeout may lead to call adreno_drawctxt_dump()
for drawctxt sync pt dump, at the same time, its quite possible
that the cmdbatch timer expires on the *same* CPU, this will
also lead to call adreno_drawctx_dump(). This result into spin
lock recursion. Use spin_lock_bh instead of spin_lock to disable
soft irq (timer) while we are dumping the sync pt information.
Along with this change, few _irq are replaced with _bh, which
is enough to disable soft irq (timers).
Change-Id: I0d56601b81ded7c4821e2d9a837fb9e6b121ea8a
Signed-off-by: Prakash Kamliya <pkamliya@codeaurora.org>
During process close release memory entries of all the file
descriptors. Also remove device file from mem entry since its
no longer used.
CRs-Fixed: 762691
Change-Id: Ib60324218454f87905d351a7c71c52e522725070
Signed-off-by: Rajeev Kulkarni <krajeev@codeaurora.org>
By convention we should set the private page flag on all secure
buffer chunks and we should check the flag when mapping to make
sure that we are only mapping secure buffers to secure pagetables
and vice versa.
Change-Id: Ic0dedbadb47c9c46dd1ee22e6a40421181c77692
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Consolidate the SCM secure buffer lock code to save code space
and fix some minor parameter checks and error returns.
Change-Id: Ic0dedbad22f2215abd362d6e9107655a6227442c
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
It appear that flush_cache_all() (which uses the set/way ops)
doesn't affect the state of the caches of other CPUs so there is
still a risk of getting stale data from a CPU that was blissfully
unaware that a flush happened.
So far this has only been seen on ARM64 targets (8994 and 8939) and
we are optimistic that the damage is limited to those targets so
disable the full flush safety valve from the bulk cache operation
on ARM64. The downside is that the performance for flushing lots
of caches goes way way down but right now we should be far more
concerned with making sure the bits are right than we should be
with the bits going fast.
Change-Id: Ic0dedbadf099b842338c3edd953b50c4246c140c
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Memory with the KGSL_MEMFLAGS_USE_CPUMAP flag specified use the same
CPU and GPU address. Secure buffers do not have a CPU mapping so they
cannot use the KGSL_MEMFLAGS_USE_CPUMAP flag.
Change-Id: Idbf41c0950e8ca0db899ce669dbbb79094c07729
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
Secure buffers can be read write buffers, so a guard page is
needed. Reserve 1MB of secure memory and use this as a guard
page for secure buffers.
Change-Id: I01dba11cf4d3de92e1f675cd5bc6d7c217da3d25
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
If there are no open context IDs available for a new context try
flushing the event workqueue to process any outstanding
events that might be holding up detached contexts and then try
again one more time.
Change-Id: Ic0dedbadb875910fe32ce0f880152f47cf3404c1
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
LuK1337
Sunil Khatri
Jordan Crouse
Pradosh Das
Divya Ponnusamy
Carter Cooper
Linux Build Service Account
Deepak Kumar
Tarun Karra
Prakash Kamliya
Jeremy Gebben
Lokesh Batra
Shrenuj Bansal
Rajesh Kemisetti
Harshdeep Dhatt
Rajeev Kulkarni
Shubhraprakash Das
Lucille Sylvester
Lynus Vaz