From: Matthew Auld <matthew.auld@intel.com>
To: intel-gfx@lists.freedesktop.org
Cc: Lucas De Marchi <lucas.demarchi@intel.com>,
dri-devel@lists.freedesktop.org,
Jon Bloomfield <jon.bloomfield@intel.com>,
Chris Wilson <chris.p.wilson@intel.com>,
Francisco Jerez <francisco.jerez.plata@intel.com>,
Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
Subject: [PATCH v2] drm/i915/ehl: unconditionally flush the pages on acquire
Date: Fri, 9 Jul 2021 16:34:24 +0100 [thread overview]
Message-ID: <20210709153424.1999623-1-matthew.auld@intel.com> (raw)
EHL and JSL add the 'Bypass LLC' MOCS entry, which should make it
possible for userspace to bypass the GTT caching bits set by the kernel,
as per the given object cache_level. This is troublesome since the heavy
flush we apply when first acquiring the pages is skipped if the kernel
thinks the object is coherent with the GPU. As a result it might be
possible to bypass the cache and read the contents of the page directly,
which could be stale data. If it's just a case of userspace shooting
themselves in the foot then so be it, but since i915 takes the stance of
always zeroing memory before handing it to userspace, we need to prevent
this.
v2: this time actually set cache_dirty in put_pages()
BSpec: 34007
References: 046091758b50 ("Revert "drm/i915/ehl: Update MOCS table for EHL"")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
Cc: Francisco Jerez <francisco.jerez.plata@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Chris Wilson <chris.p.wilson@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
---
drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 26 ++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c b/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
index 6a04cce188fc..d5a487d4c5a6 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
@@ -298,11 +298,12 @@ __i915_gem_object_release_shmem(struct drm_i915_gem_object *obj,
void i915_gem_object_put_pages_shmem(struct drm_i915_gem_object *obj, struct sg_table *pages)
{
+ struct drm_i915_private *i915 = to_i915(obj->base.dev);
struct sgt_iter sgt_iter;
struct pagevec pvec;
struct page *page;
- GEM_WARN_ON(IS_DGFX(to_i915(obj->base.dev)));
+ GEM_WARN_ON(IS_DGFX(i915));
__i915_gem_object_release_shmem(obj, pages, true);
i915_gem_gtt_finish_pages(obj, pages);
@@ -327,6 +328,10 @@ void i915_gem_object_put_pages_shmem(struct drm_i915_gem_object *obj, struct sg_
check_release_pagevec(&pvec);
obj->mm.dirty = false;
+ /* See the comment in shmem_object_init() for why we need this */
+ if (IS_JSL_EHL(i915) && obj->flags & I915_BO_ALLOC_USER)
+ obj->cache_dirty = true;
+
sg_free_table(pages);
kfree(pages);
}
@@ -539,6 +544,25 @@ static int shmem_object_init(struct intel_memory_region *mem,
i915_gem_object_set_cache_coherency(obj, cache_level);
+ /*
+ * EHL and JSL add the 'Bypass LLC' MOCS entry, which should make it
+ * possible for userspace to bypass the GTT caching bits set by the
+ * kernel, as per the given object cache_level. This is troublesome
+ * since the heavy flush we apply when first gathering the pages is
+ * skipped if the kernel thinks the object is coherent with the GPU. As
+ * a result it might be possible to bypass the cache and read the
+ * contents of the page directly, which could be stale data. If it's
+ * just a case of userspace shooting themselves in the foot then so be
+ * it, but since i915 takes the stance of always zeroing memory before
+ * handing it to userspace, we need to prevent this.
+ *
+ * By setting cache_dirty here we make the clflush when first acquiring
+ * the pages unconditional on such platforms. We also set this again in
+ * put_pages().
+ */
+ if (IS_JSL_EHL(i915) && flags & I915_BO_ALLOC_USER)
+ obj->cache_dirty = true;
+
i915_gem_object_init_memory_region(obj, mem);
return 0;
--
2.26.3
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Auld <matthew.auld@intel.com>
To: intel-gfx@lists.freedesktop.org
Cc: Lucas De Marchi <lucas.demarchi@intel.com>,
dri-devel@lists.freedesktop.org,
Chris Wilson <chris.p.wilson@intel.com>,
Francisco Jerez <francisco.jerez.plata@intel.com>
Subject: [Intel-gfx] [PATCH v2] drm/i915/ehl: unconditionally flush the pages on acquire
Date: Fri, 9 Jul 2021 16:34:24 +0100 [thread overview]
Message-ID: <20210709153424.1999623-1-matthew.auld@intel.com> (raw)
EHL and JSL add the 'Bypass LLC' MOCS entry, which should make it
possible for userspace to bypass the GTT caching bits set by the kernel,
as per the given object cache_level. This is troublesome since the heavy
flush we apply when first acquiring the pages is skipped if the kernel
thinks the object is coherent with the GPU. As a result it might be
possible to bypass the cache and read the contents of the page directly,
which could be stale data. If it's just a case of userspace shooting
themselves in the foot then so be it, but since i915 takes the stance of
always zeroing memory before handing it to userspace, we need to prevent
this.
v2: this time actually set cache_dirty in put_pages()
BSpec: 34007
References: 046091758b50 ("Revert "drm/i915/ehl: Update MOCS table for EHL"")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
Cc: Francisco Jerez <francisco.jerez.plata@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Chris Wilson <chris.p.wilson@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
---
drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 26 ++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c b/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
index 6a04cce188fc..d5a487d4c5a6 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
@@ -298,11 +298,12 @@ __i915_gem_object_release_shmem(struct drm_i915_gem_object *obj,
void i915_gem_object_put_pages_shmem(struct drm_i915_gem_object *obj, struct sg_table *pages)
{
+ struct drm_i915_private *i915 = to_i915(obj->base.dev);
struct sgt_iter sgt_iter;
struct pagevec pvec;
struct page *page;
- GEM_WARN_ON(IS_DGFX(to_i915(obj->base.dev)));
+ GEM_WARN_ON(IS_DGFX(i915));
__i915_gem_object_release_shmem(obj, pages, true);
i915_gem_gtt_finish_pages(obj, pages);
@@ -327,6 +328,10 @@ void i915_gem_object_put_pages_shmem(struct drm_i915_gem_object *obj, struct sg_
check_release_pagevec(&pvec);
obj->mm.dirty = false;
+ /* See the comment in shmem_object_init() for why we need this */
+ if (IS_JSL_EHL(i915) && obj->flags & I915_BO_ALLOC_USER)
+ obj->cache_dirty = true;
+
sg_free_table(pages);
kfree(pages);
}
@@ -539,6 +544,25 @@ static int shmem_object_init(struct intel_memory_region *mem,
i915_gem_object_set_cache_coherency(obj, cache_level);
+ /*
+ * EHL and JSL add the 'Bypass LLC' MOCS entry, which should make it
+ * possible for userspace to bypass the GTT caching bits set by the
+ * kernel, as per the given object cache_level. This is troublesome
+ * since the heavy flush we apply when first gathering the pages is
+ * skipped if the kernel thinks the object is coherent with the GPU. As
+ * a result it might be possible to bypass the cache and read the
+ * contents of the page directly, which could be stale data. If it's
+ * just a case of userspace shooting themselves in the foot then so be
+ * it, but since i915 takes the stance of always zeroing memory before
+ * handing it to userspace, we need to prevent this.
+ *
+ * By setting cache_dirty here we make the clflush when first acquiring
+ * the pages unconditional on such platforms. We also set this again in
+ * put_pages().
+ */
+ if (IS_JSL_EHL(i915) && flags & I915_BO_ALLOC_USER)
+ obj->cache_dirty = true;
+
i915_gem_object_init_memory_region(obj, mem);
return 0;
--
2.26.3
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next reply other threads:[~2021-07-09 15:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-09 15:34 Matthew Auld [this message]
2021-07-09 15:34 ` [Intel-gfx] [PATCH v2] drm/i915/ehl: unconditionally flush the pages on acquire Matthew Auld
2021-07-09 17:12 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for drm/i915/ehl: unconditionally flush the pages on acquire (rev2) Patchwork
2021-07-09 17:38 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-07-10 12:00 ` [Intel-gfx] ✗ Fi.CI.IGT: failure " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210709153424.1999623-1-matthew.auld@intel.com \
--to=matthew.auld@intel.com \
--cc=chris.p.wilson@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=francisco.jerez.plata@intel.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jon.bloomfield@intel.com \
--cc=lucas.demarchi@intel.com \
--cc=tejaskumarx.surendrakumar.upadhyay@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.