[PATCH] drm/i915/userptr: detect un-GUP-able pages early

From: Jinoh Kang
Date: Fri Jan 15 2021 - 11:25:27 EST

Next message: Andrey Konovalov: "Re: [PATCH 2/2] kasan, arm64: fix pointer tags in KASAN reports"
Previous message: Johannes Weiner: "Re: [PATCH] mm: memcontrol: prevent starvation when writing memory.high"
Next in thread: Jinoh Kang: "Re: [PATCH] drm/i915/userptr: detect un-GUP-able pages early"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If GUP-ineligible pages are passed to a GEM userptr object, -EFAULT is
returned only when the object is actually bound.

The xf86-video-intel userspace driver cannot differentiate this
condition, and marks the GPU as wedged. This not only disables graphics
acceleration but may also cripple other functions such as VT switch.

Solve this by "prefaulting" user pages on GEM object creation, testing
whether all pages are eligible for get_user_pages() in the process.
On failure, return -EFAULT so that userspace can fallback to software
blitting.

This behavior can be enabled via a new modparam "gem_userptr_prefault",
which is false by default.

Known use cases:

- As a debugging aid, invalid pointers and/or wrong pages passed to
userptr could be caught much earlier.
- Qubes OS R4.0 uses VM_PFNMAP pages from drivers/xen/privcmd.c, in
order to map framebuffers from Xen guest to dom0. These pages are not
GUP-able, but they cannot be exposed via DMA-BUF either. Previously
this issue had gone somehow undetected, until some patch between
v4.14 and v4.19 triggered it.

Signed-off-by: Jinoh Kang <jinoh.kang.kr@xxxxxxxxx>
Cc: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Cc: Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx>
Cc: Joonas Lahtinen <joonas.lahtinen@xxxxxxxxxxxxxxx>
Cc: Rodrigo Vivi <rodrigo.vivi@xxxxxxxxx>
Cc: David Airlie <airlied@xxxxxxxx>
Cc: Daniel Vetter <daniel@xxxxxxxx>
Cc: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: Matthew Auld <matthew.auld@xxxxxxxxx>
---
drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 35 +++++++++++++++++++++
drivers/gpu/drm/i915/i915_params.c | 3 ++
drivers/gpu/drm/i915/i915_params.h | 1 +
3 files changed, 39 insertions(+)

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
index f2eaed6aca3d..5d653df2f759 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
@@ -712,6 +712,33 @@ static const struct drm_i915_gem_object_ops i915_gem_userptr_ops = {
.release = i915_gem_userptr_release,
};

+static int i915_gem_userptr_prefault(unsigned long start,
+ unsigned long nr_pages,
+ bool readonly)
+{
+ unsigned int gup_flags = (readonly ? 0 : FOLL_WRITE) | FOLL_NOWAIT;
+ int err = 0;
+
+ mmap_read_lock(current->mm);
+ while (nr_pages) {
+ long ret;
+
+ ret = get_user_pages(start, nr_pages, gup_flags, NULL, NULL);
+ if (ret < 0) {
+ err = (int)ret;
+ break;
+ }
+ if (ret == 0)
+ ret = 1; /* skip this page */
+
+ start += ret << PAGE_SHIFT;
+ nr_pages -= ret;
+ }
+ mmap_read_unlock(current->mm);
+
+ return err;
+}
+
/*
* Creates a new mm object that wraps some normal memory from the process
* context - user memory.
@@ -796,6 +823,14 @@ i915_gem_userptr_ioctl(struct drm_device *dev,
if (!access_ok((char __user *)(unsigned long)args->user_ptr, args->user_size))
return -EFAULT;

+ if (i915_modparams.gem_userptr_prefault) {
+ ret = i915_gem_userptr_prefault((unsigned long)args->user_ptr,
+ args->user_size >> PAGE_SHIFT,
+ args->flags & I915_USERPTR_READ_ONLY);
+ if (ret)
+ return ret;
+ }
+
if (args->flags & I915_USERPTR_READ_ONLY) {
/*
* On almost all of the older hw, we cannot tell the GPU that
diff --git a/drivers/gpu/drm/i915/i915_params.c b/drivers/gpu/drm/i915/i915_params.c
index 7f139ea4a90b..b5e0a88c059f 100644
--- a/drivers/gpu/drm/i915/i915_params.c
+++ b/drivers/gpu/drm/i915/i915_params.c
@@ -197,6 +197,9 @@ i915_param_named_unsafe(fake_lmem_start, ulong, 0400,
"Fake LMEM start offset (default: 0)");
#endif

+i915_param_named(gem_userptr_prefault, bool, 0600,
+ "Prefault pages when userptr GEM object is created (default: false)");
+
static __always_inline void _print_param(struct drm_printer *p,
const char *name,
const char *type,
diff --git a/drivers/gpu/drm/i915/i915_params.h b/drivers/gpu/drm/i915/i915_params.h
index 330c03e2b4f7..323f60298b05 100644
--- a/drivers/gpu/drm/i915/i915_params.h
+++ b/drivers/gpu/drm/i915/i915_params.h
@@ -79,6 +79,7 @@ struct drm_printer;
param(bool, disable_display, false, 0400) \
param(bool, verbose_state_checks, true, 0) \
param(bool, nuclear_pageflip, false, 0400) \
+ param(bool, gem_userptr_prefault, false, 0600) \
param(bool, enable_dp_mst, true, 0600) \
param(bool, enable_gvt, false, 0400)

--
2.26.2

Next message: Andrey Konovalov: "Re: [PATCH 2/2] kasan, arm64: fix pointer tags in KASAN reports"
Previous message: Johannes Weiner: "Re: [PATCH] mm: memcontrol: prevent starvation when writing memory.high"
Next in thread: Jinoh Kang: "Re: [PATCH] drm/i915/userptr: detect un-GUP-able pages early"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]