From: Chris Wilson <chris@chris-wilson.co.uk>
To: intel-gfx@lists.freedesktop.org
Subject: [PATCH 4/4] drm/i915/selftests: Verify mmap_gtt revocation on unbinding
Date: Wed, 6 Nov 2019 13:04:16 +0000 [thread overview]
Message-ID: <20191106130416.23076-4-chris@chris-wilson.co.uk> (raw)
In-Reply-To: <20191106130416.23076-1-chris@chris-wilson.co.uk>
Whenever, we unbind (or change fence registers) on an object, we must
revoke any and all mmap_gtt using the previous bindings. Those user PTEs
point at the GGTT which know points into a new object, the wrong object.
Ergo, those PTEs must be cleared so that any user access provokes a new
page fault.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Abdiel Janulgue <abdiel.janulgue@linux.intel.com>
---
.../drm/i915/gem/selftests/i915_gem_mman.c | 117 ++++++++++++++++++
1 file changed, 117 insertions(+)
diff --git a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c
index 3c8f2297be86..bd80b19d4e39 100644
--- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c
+++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c
@@ -790,6 +790,122 @@ static int igt_mmap_gtt(void *arg)
return err;
}
+static int check_present_pte(pte_t *pte, unsigned long addr, void *data)
+{
+ if (!pte_present(*pte) || pte_none(*pte)) {
+ pr_err("missing PTE:%lx\n",
+ (addr - (unsigned long)data) >> PAGE_SHIFT);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int check_absent_pte(pte_t *pte, unsigned long addr, void *data)
+{
+ if (pte_present(*pte) && !pte_none(*pte)) {
+ pr_err("present PTE:%lx; expected to be revoked\n",
+ (addr - (unsigned long)data) >> PAGE_SHIFT);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int check_present(struct vm_area_struct *vma,
+ unsigned long addr, unsigned long len)
+{
+ return apply_to_page_range(vma->vm_mm, addr, len,
+ check_present_pte, (void *)addr);
+}
+
+static int check_absent(struct vm_area_struct *vma,
+ unsigned long addr, unsigned long len)
+{
+ return apply_to_page_range(vma->vm_mm, addr, len,
+ check_absent_pte, (void *)addr);
+}
+
+static int prefault_range(u64 start, u64 len)
+{
+ const char __user *addr, *end;
+ char __maybe_unused c;
+
+ addr = u64_to_user_ptr(start);
+ end = addr + len;
+
+ for (; addr < end; addr += PAGE_SIZE) {
+ int err = __get_user(c, addr);
+ if (err)
+ return err;
+ }
+
+ return __get_user(c, end - 1);
+}
+
+static int igt_mmap_gtt_revoke(void *arg)
+{
+ struct drm_i915_private *i915 = arg;
+ struct drm_i915_gem_object *obj;
+ struct vm_area_struct *area;
+ unsigned long addr;
+ int err;
+
+ obj = i915_gem_object_create_internal(i915, SZ_4M);
+ if (IS_ERR(obj))
+ return PTR_ERR(obj);
+
+ err = create_mmap_offset(obj);
+ if (err)
+ goto out;
+
+ addr = igt_mmap_node(i915, &obj->base.vma_node,
+ 0, PROT_WRITE, MAP_SHARED);
+ if (IS_ERR_VALUE(addr)) {
+ err = addr;
+ goto out;
+ }
+
+ area = find_vma(current->mm, addr);
+ if (!area) {
+ pr_err("Did not create a vm_area_struct for the mmap\n");
+ err = -EINVAL;
+ goto out_unmap;
+ }
+
+ err = prefault_range(addr, obj->base.size);
+ if (err)
+ goto out_unmap;
+
+ GEM_BUG_ON(!atomic_read(&obj->bind_count));
+
+ err = check_present(area, addr, obj->base.size);
+ if (err)
+ goto out_unmap;
+
+ /*
+ * After unbinding the object from the GGTT, its address may be reused
+ * for other objects. Ergo we have to revoke the previous mmap PTE
+ * access as it no longer points to the same object.
+ */
+ err = i915_gem_object_unbind(obj, I915_GEM_OBJECT_UNBIND_ACTIVE);
+ if (err) {
+ pr_err("Failed to unbind object!\n");
+ goto out_unmap;
+ }
+ GEM_BUG_ON(atomic_read(&obj->bind_count));
+
+ err = check_absent(area, addr, obj->base.size);
+ if (err)
+ goto out_unmap;
+
+out_unmap:
+ vm_munmap(addr, obj->base.size);
+out:
+ i915_gem_object_put(obj);
+ return err;
+}
+
int i915_gem_mman_live_selftests(struct drm_i915_private *i915)
{
static const struct i915_subtest tests[] = {
@@ -797,6 +913,7 @@ int i915_gem_mman_live_selftests(struct drm_i915_private *i915)
SUBTEST(igt_smoke_tiling),
SUBTEST(igt_mmap_offset_exhaustion),
SUBTEST(igt_mmap_gtt),
+ SUBTEST(igt_mmap_gtt_revoke),
};
return i915_subtests(tests, i915);
--
2.24.0
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
WARNING: multiple messages have this Message-ID (diff)
From: Chris Wilson <chris@chris-wilson.co.uk>
To: intel-gfx@lists.freedesktop.org
Subject: [Intel-gfx] [PATCH 4/4] drm/i915/selftests: Verify mmap_gtt revocation on unbinding
Date: Wed, 6 Nov 2019 13:04:16 +0000 [thread overview]
Message-ID: <20191106130416.23076-4-chris@chris-wilson.co.uk> (raw)
Message-ID: <20191106130416.SjH5me1LBr1GTOZ8fTo2Ju-AziAc3cZCYOqm3J5sTOA@z> (raw)
In-Reply-To: <20191106130416.23076-1-chris@chris-wilson.co.uk>
Whenever, we unbind (or change fence registers) on an object, we must
revoke any and all mmap_gtt using the previous bindings. Those user PTEs
point at the GGTT which know points into a new object, the wrong object.
Ergo, those PTEs must be cleared so that any user access provokes a new
page fault.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Abdiel Janulgue <abdiel.janulgue@linux.intel.com>
---
.../drm/i915/gem/selftests/i915_gem_mman.c | 117 ++++++++++++++++++
1 file changed, 117 insertions(+)
diff --git a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c
index 3c8f2297be86..bd80b19d4e39 100644
--- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c
+++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c
@@ -790,6 +790,122 @@ static int igt_mmap_gtt(void *arg)
return err;
}
+static int check_present_pte(pte_t *pte, unsigned long addr, void *data)
+{
+ if (!pte_present(*pte) || pte_none(*pte)) {
+ pr_err("missing PTE:%lx\n",
+ (addr - (unsigned long)data) >> PAGE_SHIFT);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int check_absent_pte(pte_t *pte, unsigned long addr, void *data)
+{
+ if (pte_present(*pte) && !pte_none(*pte)) {
+ pr_err("present PTE:%lx; expected to be revoked\n",
+ (addr - (unsigned long)data) >> PAGE_SHIFT);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int check_present(struct vm_area_struct *vma,
+ unsigned long addr, unsigned long len)
+{
+ return apply_to_page_range(vma->vm_mm, addr, len,
+ check_present_pte, (void *)addr);
+}
+
+static int check_absent(struct vm_area_struct *vma,
+ unsigned long addr, unsigned long len)
+{
+ return apply_to_page_range(vma->vm_mm, addr, len,
+ check_absent_pte, (void *)addr);
+}
+
+static int prefault_range(u64 start, u64 len)
+{
+ const char __user *addr, *end;
+ char __maybe_unused c;
+
+ addr = u64_to_user_ptr(start);
+ end = addr + len;
+
+ for (; addr < end; addr += PAGE_SIZE) {
+ int err = __get_user(c, addr);
+ if (err)
+ return err;
+ }
+
+ return __get_user(c, end - 1);
+}
+
+static int igt_mmap_gtt_revoke(void *arg)
+{
+ struct drm_i915_private *i915 = arg;
+ struct drm_i915_gem_object *obj;
+ struct vm_area_struct *area;
+ unsigned long addr;
+ int err;
+
+ obj = i915_gem_object_create_internal(i915, SZ_4M);
+ if (IS_ERR(obj))
+ return PTR_ERR(obj);
+
+ err = create_mmap_offset(obj);
+ if (err)
+ goto out;
+
+ addr = igt_mmap_node(i915, &obj->base.vma_node,
+ 0, PROT_WRITE, MAP_SHARED);
+ if (IS_ERR_VALUE(addr)) {
+ err = addr;
+ goto out;
+ }
+
+ area = find_vma(current->mm, addr);
+ if (!area) {
+ pr_err("Did not create a vm_area_struct for the mmap\n");
+ err = -EINVAL;
+ goto out_unmap;
+ }
+
+ err = prefault_range(addr, obj->base.size);
+ if (err)
+ goto out_unmap;
+
+ GEM_BUG_ON(!atomic_read(&obj->bind_count));
+
+ err = check_present(area, addr, obj->base.size);
+ if (err)
+ goto out_unmap;
+
+ /*
+ * After unbinding the object from the GGTT, its address may be reused
+ * for other objects. Ergo we have to revoke the previous mmap PTE
+ * access as it no longer points to the same object.
+ */
+ err = i915_gem_object_unbind(obj, I915_GEM_OBJECT_UNBIND_ACTIVE);
+ if (err) {
+ pr_err("Failed to unbind object!\n");
+ goto out_unmap;
+ }
+ GEM_BUG_ON(atomic_read(&obj->bind_count));
+
+ err = check_absent(area, addr, obj->base.size);
+ if (err)
+ goto out_unmap;
+
+out_unmap:
+ vm_munmap(addr, obj->base.size);
+out:
+ i915_gem_object_put(obj);
+ return err;
+}
+
int i915_gem_mman_live_selftests(struct drm_i915_private *i915)
{
static const struct i915_subtest tests[] = {
@@ -797,6 +913,7 @@ int i915_gem_mman_live_selftests(struct drm_i915_private *i915)
SUBTEST(igt_smoke_tiling),
SUBTEST(igt_mmap_offset_exhaustion),
SUBTEST(igt_mmap_gtt),
+ SUBTEST(igt_mmap_gtt_revoke),
};
return i915_subtests(tests, i915);
--
2.24.0
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2019-11-06 13:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-06 13:04 [PATCH 1/4] drm: Expose a method for creating anonymous struct file around drm_minor Chris Wilson
2019-11-06 13:04 ` [Intel-gfx] " Chris Wilson
2019-11-06 13:04 ` [PATCH 2/4] drm/i915/selftests: Replace mock_file hackery with drm's true fake Chris Wilson
2019-11-06 13:04 ` [Intel-gfx] " Chris Wilson
2019-11-06 13:04 ` [PATCH 3/4] drm/i915/selftests: Wrap vm_mmap() around GEM objects Chris Wilson
2019-11-06 13:04 ` [Intel-gfx] " Chris Wilson
2019-11-06 13:04 ` Chris Wilson [this message]
2019-11-06 13:04 ` [Intel-gfx] [PATCH 4/4] drm/i915/selftests: Verify mmap_gtt revocation on unbinding Chris Wilson
2019-11-06 15:39 ` ✗ Fi.CI.CHECKPATCH: warning for series starting with [1/4] drm: Expose a method for creating anonymous struct file around drm_minor Patchwork
2019-11-06 15:39 ` [Intel-gfx] " Patchwork
2019-11-06 16:07 ` ✗ Fi.CI.BAT: failure " Patchwork
2019-11-06 16:07 ` [Intel-gfx] " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191106130416.23076-4-chris@chris-wilson.co.uk \
--to=chris@chris-wilson.co.uk \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.