1 /*
2 * Copyright 2014 Advanced Micro Devices, Inc.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
17 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
18 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20 * OTHER DEALINGS IN THE SOFTWARE.
21 */
22
23 #include <linux/mm_types.h>
24 #include <linux/slab.h>
25 #include <linux/types.h>
26 #include <linux/sched/signal.h>
27 #include <linux/sched/mm.h>
28 #include <linux/uaccess.h>
29 #include <linux/mman.h>
30 #include <linux/memory.h>
31 #include "kfd_priv.h"
32 #include "kfd_events.h"
33 #include "kfd_iommu.h"
34 #include <linux/device.h>
35
36 /*
37 * Wrapper around wait_queue_entry_t
38 */
39 struct kfd_event_waiter {
40 wait_queue_entry_t wait;
41 struct kfd_event *event; /* Event to wait for */
42 bool activated; /* Becomes true when event is signaled */
43 };
44
45 /*
46 * Each signal event needs a 64-bit signal slot where the signaler will write
47 * a 1 before sending an interrupt. (This is needed because some interrupts
48 * do not contain enough spare data bits to identify an event.)
49 * We get whole pages and map them to the process VA.
50 * Individual signal events use their event_id as slot index.
51 */
52 struct kfd_signal_page {
53 uint64_t *kernel_address;
54 uint64_t __user *user_address;
55 bool need_to_free_pages;
56 };
57
58
page_slots(struct kfd_signal_page * page)59 static uint64_t *page_slots(struct kfd_signal_page *page)
60 {
61 return page->kernel_address;
62 }
63
allocate_signal_page(struct kfd_process * p)64 static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p)
65 {
66 void *backing_store;
67 struct kfd_signal_page *page;
68
69 page = kzalloc(sizeof(*page), GFP_KERNEL);
70 if (!page)
71 return NULL;
72
73 backing_store = (void *) __get_free_pages(GFP_KERNEL,
74 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
75 if (!backing_store)
76 goto fail_alloc_signal_store;
77
78 /* Initialize all events to unsignaled */
79 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT,
80 KFD_SIGNAL_EVENT_LIMIT * 8);
81
82 page->kernel_address = backing_store;
83 page->need_to_free_pages = true;
84 pr_debug("Allocated new event signal page at %p, for process %p\n",
85 page, p);
86
87 return page;
88
89 fail_alloc_signal_store:
90 kfree(page);
91 return NULL;
92 }
93
allocate_event_notification_slot(struct kfd_process * p,struct kfd_event * ev)94 static int allocate_event_notification_slot(struct kfd_process *p,
95 struct kfd_event *ev)
96 {
97 int id;
98
99 if (!p->signal_page) {
100 p->signal_page = allocate_signal_page(p);
101 if (!p->signal_page)
102 return -ENOMEM;
103 /* Oldest user mode expects 256 event slots */
104 p->signal_mapped_size = 256*8;
105 }
106
107 /*
108 * Compatibility with old user mode: Only use signal slots
109 * user mode has mapped, may be less than
110 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase
111 * of the event limit without breaking user mode.
112 */
113 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8,
114 GFP_KERNEL);
115 if (id < 0)
116 return id;
117
118 ev->event_id = id;
119 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT;
120
121 return 0;
122 }
123
124 /*
125 * Assumes that p->event_mutex is held and of course that p is not going
126 * away (current or locked).
127 */
lookup_event_by_id(struct kfd_process * p,uint32_t id)128 static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id)
129 {
130 return idr_find(&p->event_idr, id);
131 }
132
133 /**
134 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID
135 * @p: Pointer to struct kfd_process
136 * @id: ID to look up
137 * @bits: Number of valid bits in @id
138 *
139 * Finds the first signaled event with a matching partial ID. If no
140 * matching signaled event is found, returns NULL. In that case the
141 * caller should assume that the partial ID is invalid and do an
142 * exhaustive search of all siglaned events.
143 *
144 * If multiple events with the same partial ID signal at the same
145 * time, they will be found one interrupt at a time, not necessarily
146 * in the same order the interrupts occurred. As long as the number of
147 * interrupts is correct, all signaled events will be seen by the
148 * driver.
149 */
lookup_signaled_event_by_partial_id(struct kfd_process * p,uint32_t id,uint32_t bits)150 static struct kfd_event *lookup_signaled_event_by_partial_id(
151 struct kfd_process *p, uint32_t id, uint32_t bits)
152 {
153 struct kfd_event *ev;
154
155 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT)
156 return NULL;
157
158 /* Fast path for the common case that @id is not a partial ID
159 * and we only need a single lookup.
160 */
161 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) {
162 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
163 return NULL;
164
165 return idr_find(&p->event_idr, id);
166 }
167
168 /* General case for partial IDs: Iterate over all matching IDs
169 * and find the first one that has signaled.
170 */
171 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) {
172 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
173 continue;
174
175 ev = idr_find(&p->event_idr, id);
176 }
177
178 return ev;
179 }
180
create_signal_event(struct file * devkfd,struct kfd_process * p,struct kfd_event * ev)181 static int create_signal_event(struct file *devkfd,
182 struct kfd_process *p,
183 struct kfd_event *ev)
184 {
185 int ret;
186
187 if (p->signal_mapped_size &&
188 p->signal_event_count == p->signal_mapped_size / 8) {
189 if (!p->signal_event_limit_reached) {
190 pr_debug("Signal event wasn't created because limit was reached\n");
191 p->signal_event_limit_reached = true;
192 }
193 return -ENOSPC;
194 }
195
196 ret = allocate_event_notification_slot(p, ev);
197 if (ret) {
198 pr_warn("Signal event wasn't created because out of kernel memory\n");
199 return ret;
200 }
201
202 p->signal_event_count++;
203
204 ev->user_signal_address = &p->signal_page->user_address[ev->event_id];
205 pr_debug("Signal event number %zu created with id %d, address %p\n",
206 p->signal_event_count, ev->event_id,
207 ev->user_signal_address);
208
209 return 0;
210 }
211
create_other_event(struct kfd_process * p,struct kfd_event * ev)212 static int create_other_event(struct kfd_process *p, struct kfd_event *ev)
213 {
214 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an
215 * intentional integer overflow to -1 without a compiler
216 * warning. idr_alloc treats a negative value as "maximum
217 * signed integer".
218 */
219 int id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID,
220 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1,
221 GFP_KERNEL);
222
223 if (id < 0)
224 return id;
225 ev->event_id = id;
226
227 return 0;
228 }
229
kfd_event_init_process(struct kfd_process * p)230 void kfd_event_init_process(struct kfd_process *p)
231 {
232 mutex_init(&p->event_mutex);
233 idr_init(&p->event_idr);
234 p->signal_page = NULL;
235 p->signal_event_count = 0;
236 }
237
destroy_event(struct kfd_process * p,struct kfd_event * ev)238 static void destroy_event(struct kfd_process *p, struct kfd_event *ev)
239 {
240 struct kfd_event_waiter *waiter;
241
242 /* Wake up pending waiters. They will return failure */
243 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
244 waiter->event = NULL;
245 wake_up_all(&ev->wq);
246
247 if (ev->type == KFD_EVENT_TYPE_SIGNAL ||
248 ev->type == KFD_EVENT_TYPE_DEBUG)
249 p->signal_event_count--;
250
251 idr_remove(&p->event_idr, ev->event_id);
252 kfree(ev);
253 }
254
destroy_events(struct kfd_process * p)255 static void destroy_events(struct kfd_process *p)
256 {
257 struct kfd_event *ev;
258 uint32_t id;
259
260 idr_for_each_entry(&p->event_idr, ev, id)
261 destroy_event(p, ev);
262 idr_destroy(&p->event_idr);
263 }
264
265 /*
266 * We assume that the process is being destroyed and there is no need to
267 * unmap the pages or keep bookkeeping data in order.
268 */
shutdown_signal_page(struct kfd_process * p)269 static void shutdown_signal_page(struct kfd_process *p)
270 {
271 struct kfd_signal_page *page = p->signal_page;
272
273 if (page) {
274 if (page->need_to_free_pages)
275 free_pages((unsigned long)page->kernel_address,
276 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
277 kfree(page);
278 }
279 }
280
kfd_event_free_process(struct kfd_process * p)281 void kfd_event_free_process(struct kfd_process *p)
282 {
283 destroy_events(p);
284 shutdown_signal_page(p);
285 }
286
event_can_be_gpu_signaled(const struct kfd_event * ev)287 static bool event_can_be_gpu_signaled(const struct kfd_event *ev)
288 {
289 return ev->type == KFD_EVENT_TYPE_SIGNAL ||
290 ev->type == KFD_EVENT_TYPE_DEBUG;
291 }
292
event_can_be_cpu_signaled(const struct kfd_event * ev)293 static bool event_can_be_cpu_signaled(const struct kfd_event *ev)
294 {
295 return ev->type == KFD_EVENT_TYPE_SIGNAL;
296 }
297
kfd_event_page_set(struct kfd_process * p,void * kernel_address,uint64_t size)298 int kfd_event_page_set(struct kfd_process *p, void *kernel_address,
299 uint64_t size)
300 {
301 struct kfd_signal_page *page;
302
303 if (p->signal_page)
304 return -EBUSY;
305
306 page = kzalloc(sizeof(*page), GFP_KERNEL);
307 if (!page)
308 return -ENOMEM;
309
310 /* Initialize all events to unsignaled */
311 memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT,
312 KFD_SIGNAL_EVENT_LIMIT * 8);
313
314 page->kernel_address = kernel_address;
315
316 p->signal_page = page;
317 p->signal_mapped_size = size;
318
319 return 0;
320 }
321
kfd_event_create(struct file * devkfd,struct kfd_process * p,uint32_t event_type,bool auto_reset,uint32_t node_id,uint32_t * event_id,uint32_t * event_trigger_data,uint64_t * event_page_offset,uint32_t * event_slot_index)322 int kfd_event_create(struct file *devkfd, struct kfd_process *p,
323 uint32_t event_type, bool auto_reset, uint32_t node_id,
324 uint32_t *event_id, uint32_t *event_trigger_data,
325 uint64_t *event_page_offset, uint32_t *event_slot_index)
326 {
327 int ret = 0;
328 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL);
329
330 if (!ev)
331 return -ENOMEM;
332
333 ev->type = event_type;
334 ev->auto_reset = auto_reset;
335 ev->signaled = false;
336
337 init_waitqueue_head(&ev->wq);
338
339 *event_page_offset = 0;
340
341 mutex_lock(&p->event_mutex);
342
343 switch (event_type) {
344 case KFD_EVENT_TYPE_SIGNAL:
345 case KFD_EVENT_TYPE_DEBUG:
346 ret = create_signal_event(devkfd, p, ev);
347 if (!ret) {
348 *event_page_offset = KFD_MMAP_TYPE_EVENTS;
349 *event_slot_index = ev->event_id;
350 }
351 break;
352 default:
353 ret = create_other_event(p, ev);
354 break;
355 }
356
357 if (!ret) {
358 *event_id = ev->event_id;
359 *event_trigger_data = ev->event_id;
360 } else {
361 kfree(ev);
362 }
363
364 mutex_unlock(&p->event_mutex);
365
366 return ret;
367 }
368
369 /* Assumes that p is current. */
kfd_event_destroy(struct kfd_process * p,uint32_t event_id)370 int kfd_event_destroy(struct kfd_process *p, uint32_t event_id)
371 {
372 struct kfd_event *ev;
373 int ret = 0;
374
375 mutex_lock(&p->event_mutex);
376
377 ev = lookup_event_by_id(p, event_id);
378
379 if (ev)
380 destroy_event(p, ev);
381 else
382 ret = -EINVAL;
383
384 mutex_unlock(&p->event_mutex);
385 return ret;
386 }
387
set_event(struct kfd_event * ev)388 static void set_event(struct kfd_event *ev)
389 {
390 struct kfd_event_waiter *waiter;
391
392 /* Auto reset if the list is non-empty and we're waking
393 * someone. waitqueue_active is safe here because we're
394 * protected by the p->event_mutex, which is also held when
395 * updating the wait queues in kfd_wait_on_events.
396 */
397 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq);
398
399 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
400 waiter->activated = true;
401
402 wake_up_all(&ev->wq);
403 }
404
405 /* Assumes that p is current. */
kfd_set_event(struct kfd_process * p,uint32_t event_id)406 int kfd_set_event(struct kfd_process *p, uint32_t event_id)
407 {
408 int ret = 0;
409 struct kfd_event *ev;
410
411 mutex_lock(&p->event_mutex);
412
413 ev = lookup_event_by_id(p, event_id);
414
415 if (ev && event_can_be_cpu_signaled(ev))
416 set_event(ev);
417 else
418 ret = -EINVAL;
419
420 mutex_unlock(&p->event_mutex);
421 return ret;
422 }
423
reset_event(struct kfd_event * ev)424 static void reset_event(struct kfd_event *ev)
425 {
426 ev->signaled = false;
427 }
428
429 /* Assumes that p is current. */
kfd_reset_event(struct kfd_process * p,uint32_t event_id)430 int kfd_reset_event(struct kfd_process *p, uint32_t event_id)
431 {
432 int ret = 0;
433 struct kfd_event *ev;
434
435 mutex_lock(&p->event_mutex);
436
437 ev = lookup_event_by_id(p, event_id);
438
439 if (ev && event_can_be_cpu_signaled(ev))
440 reset_event(ev);
441 else
442 ret = -EINVAL;
443
444 mutex_unlock(&p->event_mutex);
445 return ret;
446
447 }
448
acknowledge_signal(struct kfd_process * p,struct kfd_event * ev)449 static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev)
450 {
451 page_slots(p->signal_page)[ev->event_id] = UNSIGNALED_EVENT_SLOT;
452 }
453
set_event_from_interrupt(struct kfd_process * p,struct kfd_event * ev)454 static void set_event_from_interrupt(struct kfd_process *p,
455 struct kfd_event *ev)
456 {
457 if (ev && event_can_be_gpu_signaled(ev)) {
458 acknowledge_signal(p, ev);
459 set_event(ev);
460 }
461 }
462
kfd_signal_event_interrupt(u32 pasid,uint32_t partial_id,uint32_t valid_id_bits)463 void kfd_signal_event_interrupt(u32 pasid, uint32_t partial_id,
464 uint32_t valid_id_bits)
465 {
466 struct kfd_event *ev = NULL;
467
468 /*
469 * Because we are called from arbitrary context (workqueue) as opposed
470 * to process context, kfd_process could attempt to exit while we are
471 * running so the lookup function increments the process ref count.
472 */
473 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
474
475 if (!p)
476 return; /* Presumably process exited. */
477
478 mutex_lock(&p->event_mutex);
479
480 if (valid_id_bits)
481 ev = lookup_signaled_event_by_partial_id(p, partial_id,
482 valid_id_bits);
483 if (ev) {
484 set_event_from_interrupt(p, ev);
485 } else if (p->signal_page) {
486 /*
487 * Partial ID lookup failed. Assume that the event ID
488 * in the interrupt payload was invalid and do an
489 * exhaustive search of signaled events.
490 */
491 uint64_t *slots = page_slots(p->signal_page);
492 uint32_t id;
493
494 if (valid_id_bits)
495 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n",
496 partial_id, valid_id_bits);
497
498 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT / 64) {
499 /* With relatively few events, it's faster to
500 * iterate over the event IDR
501 */
502 idr_for_each_entry(&p->event_idr, ev, id) {
503 if (id >= KFD_SIGNAL_EVENT_LIMIT)
504 break;
505
506 if (slots[id] != UNSIGNALED_EVENT_SLOT)
507 set_event_from_interrupt(p, ev);
508 }
509 } else {
510 /* With relatively many events, it's faster to
511 * iterate over the signal slots and lookup
512 * only signaled events from the IDR.
513 */
514 for (id = 0; id < KFD_SIGNAL_EVENT_LIMIT; id++)
515 if (slots[id] != UNSIGNALED_EVENT_SLOT) {
516 ev = lookup_event_by_id(p, id);
517 set_event_from_interrupt(p, ev);
518 }
519 }
520 }
521
522 mutex_unlock(&p->event_mutex);
523 kfd_unref_process(p);
524 }
525
alloc_event_waiters(uint32_t num_events)526 static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events)
527 {
528 struct kfd_event_waiter *event_waiters;
529 uint32_t i;
530
531 event_waiters = kmalloc_array(num_events,
532 sizeof(struct kfd_event_waiter),
533 GFP_KERNEL);
534 if (!event_waiters)
535 return NULL;
536
537 for (i = 0; (event_waiters) && (i < num_events) ; i++) {
538 init_wait(&event_waiters[i].wait);
539 event_waiters[i].activated = false;
540 }
541
542 return event_waiters;
543 }
544
init_event_waiter_get_status(struct kfd_process * p,struct kfd_event_waiter * waiter,uint32_t event_id)545 static int init_event_waiter_get_status(struct kfd_process *p,
546 struct kfd_event_waiter *waiter,
547 uint32_t event_id)
548 {
549 struct kfd_event *ev = lookup_event_by_id(p, event_id);
550
551 if (!ev)
552 return -EINVAL;
553
554 waiter->event = ev;
555 waiter->activated = ev->signaled;
556 ev->signaled = ev->signaled && !ev->auto_reset;
557
558 return 0;
559 }
560
init_event_waiter_add_to_waitlist(struct kfd_event_waiter * waiter)561 static void init_event_waiter_add_to_waitlist(struct kfd_event_waiter *waiter)
562 {
563 struct kfd_event *ev = waiter->event;
564
565 /* Only add to the wait list if we actually need to
566 * wait on this event.
567 */
568 if (!waiter->activated)
569 add_wait_queue(&ev->wq, &waiter->wait);
570 }
571
572 /* test_event_condition - Test condition of events being waited for
573 * @all: Return completion only if all events have signaled
574 * @num_events: Number of events to wait for
575 * @event_waiters: Array of event waiters, one per event
576 *
577 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have
578 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all)
579 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of
580 * the events have been destroyed.
581 */
test_event_condition(bool all,uint32_t num_events,struct kfd_event_waiter * event_waiters)582 static uint32_t test_event_condition(bool all, uint32_t num_events,
583 struct kfd_event_waiter *event_waiters)
584 {
585 uint32_t i;
586 uint32_t activated_count = 0;
587
588 for (i = 0; i < num_events; i++) {
589 if (!event_waiters[i].event)
590 return KFD_IOC_WAIT_RESULT_FAIL;
591
592 if (event_waiters[i].activated) {
593 if (!all)
594 return KFD_IOC_WAIT_RESULT_COMPLETE;
595
596 activated_count++;
597 }
598 }
599
600 return activated_count == num_events ?
601 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT;
602 }
603
604 /*
605 * Copy event specific data, if defined.
606 * Currently only memory exception events have additional data to copy to user
607 */
copy_signaled_event_data(uint32_t num_events,struct kfd_event_waiter * event_waiters,struct kfd_event_data __user * data)608 static int copy_signaled_event_data(uint32_t num_events,
609 struct kfd_event_waiter *event_waiters,
610 struct kfd_event_data __user *data)
611 {
612 struct kfd_hsa_memory_exception_data *src;
613 struct kfd_hsa_memory_exception_data __user *dst;
614 struct kfd_event_waiter *waiter;
615 struct kfd_event *event;
616 uint32_t i;
617
618 for (i = 0; i < num_events; i++) {
619 waiter = &event_waiters[i];
620 event = waiter->event;
621 if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) {
622 dst = &data[i].memory_exception_data;
623 src = &event->memory_exception_data;
624 if (copy_to_user(dst, src,
625 sizeof(struct kfd_hsa_memory_exception_data)))
626 return -EFAULT;
627 }
628 }
629
630 return 0;
631
632 }
633
634
635
user_timeout_to_jiffies(uint32_t user_timeout_ms)636 static long user_timeout_to_jiffies(uint32_t user_timeout_ms)
637 {
638 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE)
639 return 0;
640
641 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE)
642 return MAX_SCHEDULE_TIMEOUT;
643
644 /*
645 * msecs_to_jiffies interprets all values above 2^31-1 as infinite,
646 * but we consider them finite.
647 * This hack is wrong, but nobody is likely to notice.
648 */
649 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF);
650
651 return msecs_to_jiffies(user_timeout_ms) + 1;
652 }
653
free_waiters(uint32_t num_events,struct kfd_event_waiter * waiters)654 static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters)
655 {
656 uint32_t i;
657
658 for (i = 0; i < num_events; i++)
659 if (waiters[i].event)
660 remove_wait_queue(&waiters[i].event->wq,
661 &waiters[i].wait);
662
663 kfree(waiters);
664 }
665
kfd_wait_on_events(struct kfd_process * p,uint32_t num_events,void __user * data,bool all,uint32_t user_timeout_ms,uint32_t * wait_result)666 int kfd_wait_on_events(struct kfd_process *p,
667 uint32_t num_events, void __user *data,
668 bool all, uint32_t user_timeout_ms,
669 uint32_t *wait_result)
670 {
671 struct kfd_event_data __user *events =
672 (struct kfd_event_data __user *) data;
673 uint32_t i;
674 int ret = 0;
675
676 struct kfd_event_waiter *event_waiters = NULL;
677 long timeout = user_timeout_to_jiffies(user_timeout_ms);
678
679 event_waiters = alloc_event_waiters(num_events);
680 if (!event_waiters) {
681 ret = -ENOMEM;
682 goto out;
683 }
684
685 mutex_lock(&p->event_mutex);
686
687 for (i = 0; i < num_events; i++) {
688 struct kfd_event_data event_data;
689
690 if (copy_from_user(&event_data, &events[i],
691 sizeof(struct kfd_event_data))) {
692 ret = -EFAULT;
693 goto out_unlock;
694 }
695
696 ret = init_event_waiter_get_status(p, &event_waiters[i],
697 event_data.event_id);
698 if (ret)
699 goto out_unlock;
700 }
701
702 /* Check condition once. */
703 *wait_result = test_event_condition(all, num_events, event_waiters);
704 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) {
705 ret = copy_signaled_event_data(num_events,
706 event_waiters, events);
707 goto out_unlock;
708 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) {
709 /* This should not happen. Events shouldn't be
710 * destroyed while we're holding the event_mutex
711 */
712 goto out_unlock;
713 }
714
715 /* Add to wait lists if we need to wait. */
716 for (i = 0; i < num_events; i++)
717 init_event_waiter_add_to_waitlist(&event_waiters[i]);
718
719 mutex_unlock(&p->event_mutex);
720
721 while (true) {
722 if (fatal_signal_pending(current)) {
723 ret = -EINTR;
724 break;
725 }
726
727 if (signal_pending(current)) {
728 /*
729 * This is wrong when a nonzero, non-infinite timeout
730 * is specified. We need to use
731 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block
732 * contains a union with data for each user and it's
733 * in generic kernel code that I don't want to
734 * touch yet.
735 */
736 ret = -ERESTARTSYS;
737 break;
738 }
739
740 /* Set task state to interruptible sleep before
741 * checking wake-up conditions. A concurrent wake-up
742 * will put the task back into runnable state. In that
743 * case schedule_timeout will not put the task to
744 * sleep and we'll get a chance to re-check the
745 * updated conditions almost immediately. Otherwise,
746 * this race condition would lead to a soft hang or a
747 * very long sleep.
748 */
749 set_current_state(TASK_INTERRUPTIBLE);
750
751 *wait_result = test_event_condition(all, num_events,
752 event_waiters);
753 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT)
754 break;
755
756 if (timeout <= 0)
757 break;
758
759 timeout = schedule_timeout(timeout);
760 }
761 __set_current_state(TASK_RUNNING);
762
763 /* copy_signaled_event_data may sleep. So this has to happen
764 * after the task state is set back to RUNNING.
765 */
766 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE)
767 ret = copy_signaled_event_data(num_events,
768 event_waiters, events);
769
770 mutex_lock(&p->event_mutex);
771 out_unlock:
772 free_waiters(num_events, event_waiters);
773 mutex_unlock(&p->event_mutex);
774 out:
775 if (ret)
776 *wait_result = KFD_IOC_WAIT_RESULT_FAIL;
777 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL)
778 ret = -EIO;
779
780 return ret;
781 }
782
kfd_event_mmap(struct kfd_process * p,struct vm_area_struct * vma)783 int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma)
784 {
785 unsigned long pfn;
786 struct kfd_signal_page *page;
787 int ret;
788
789 /* check required size doesn't exceed the allocated size */
790 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) <
791 get_order(vma->vm_end - vma->vm_start)) {
792 pr_err("Event page mmap requested illegal size\n");
793 return -EINVAL;
794 }
795
796 page = p->signal_page;
797 if (!page) {
798 /* Probably KFD bug, but mmap is user-accessible. */
799 pr_debug("Signal page could not be found\n");
800 return -EINVAL;
801 }
802
803 pfn = __pa(page->kernel_address);
804 pfn >>= PAGE_SHIFT;
805
806 vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE
807 | VM_DONTDUMP | VM_PFNMAP;
808
809 pr_debug("Mapping signal page\n");
810 pr_debug(" start user address == 0x%08lx\n", vma->vm_start);
811 pr_debug(" end user address == 0x%08lx\n", vma->vm_end);
812 pr_debug(" pfn == 0x%016lX\n", pfn);
813 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags);
814 pr_debug(" size == 0x%08lX\n",
815 vma->vm_end - vma->vm_start);
816
817 page->user_address = (uint64_t __user *)vma->vm_start;
818
819 /* mapping the page to user process */
820 ret = remap_pfn_range(vma, vma->vm_start, pfn,
821 vma->vm_end - vma->vm_start, vma->vm_page_prot);
822 if (!ret)
823 p->signal_mapped_size = vma->vm_end - vma->vm_start;
824
825 return ret;
826 }
827
828 /*
829 * Assumes that p->event_mutex is held and of course
830 * that p is not going away (current or locked).
831 */
lookup_events_by_type_and_signal(struct kfd_process * p,int type,void * event_data)832 static void lookup_events_by_type_and_signal(struct kfd_process *p,
833 int type, void *event_data)
834 {
835 struct kfd_hsa_memory_exception_data *ev_data;
836 struct kfd_event *ev;
837 uint32_t id;
838 bool send_signal = true;
839
840 ev_data = (struct kfd_hsa_memory_exception_data *) event_data;
841
842 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
843 idr_for_each_entry_continue(&p->event_idr, ev, id)
844 if (ev->type == type) {
845 send_signal = false;
846 dev_dbg(kfd_device,
847 "Event found: id %X type %d",
848 ev->event_id, ev->type);
849 set_event(ev);
850 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data)
851 ev->memory_exception_data = *ev_data;
852 }
853
854 if (type == KFD_EVENT_TYPE_MEMORY) {
855 dev_warn(kfd_device,
856 "Sending SIGSEGV to process %d (pasid 0x%x)",
857 p->lead_thread->pid, p->pasid);
858 send_sig(SIGSEGV, p->lead_thread, 0);
859 }
860
861 /* Send SIGTERM no event of type "type" has been found*/
862 if (send_signal) {
863 if (send_sigterm) {
864 dev_warn(kfd_device,
865 "Sending SIGTERM to process %d (pasid 0x%x)",
866 p->lead_thread->pid, p->pasid);
867 send_sig(SIGTERM, p->lead_thread, 0);
868 } else {
869 dev_err(kfd_device,
870 "Process %d (pasid 0x%x) got unhandled exception",
871 p->lead_thread->pid, p->pasid);
872 }
873 }
874 }
875
876 #ifdef KFD_SUPPORT_IOMMU_V2
kfd_signal_iommu_event(struct kfd_dev * dev,u32 pasid,unsigned long address,bool is_write_requested,bool is_execute_requested)877 void kfd_signal_iommu_event(struct kfd_dev *dev, u32 pasid,
878 unsigned long address, bool is_write_requested,
879 bool is_execute_requested)
880 {
881 struct kfd_hsa_memory_exception_data memory_exception_data;
882 struct vm_area_struct *vma;
883
884 /*
885 * Because we are called from arbitrary context (workqueue) as opposed
886 * to process context, kfd_process could attempt to exit while we are
887 * running so the lookup function increments the process ref count.
888 */
889 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
890 struct mm_struct *mm;
891
892 if (!p)
893 return; /* Presumably process exited. */
894
895 /* Take a safe reference to the mm_struct, which may otherwise
896 * disappear even while the kfd_process is still referenced.
897 */
898 mm = get_task_mm(p->lead_thread);
899 if (!mm) {
900 kfd_unref_process(p);
901 return; /* Process is exiting */
902 }
903
904 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
905
906 mmap_read_lock(mm);
907 vma = find_vma(mm, address);
908
909 memory_exception_data.gpu_id = dev->id;
910 memory_exception_data.va = address;
911 /* Set failure reason */
912 memory_exception_data.failure.NotPresent = 1;
913 memory_exception_data.failure.NoExecute = 0;
914 memory_exception_data.failure.ReadOnly = 0;
915 if (vma && address >= vma->vm_start) {
916 memory_exception_data.failure.NotPresent = 0;
917
918 if (is_write_requested && !(vma->vm_flags & VM_WRITE))
919 memory_exception_data.failure.ReadOnly = 1;
920 else
921 memory_exception_data.failure.ReadOnly = 0;
922
923 if (is_execute_requested && !(vma->vm_flags & VM_EXEC))
924 memory_exception_data.failure.NoExecute = 1;
925 else
926 memory_exception_data.failure.NoExecute = 0;
927 }
928
929 mmap_read_unlock(mm);
930 mmput(mm);
931
932 pr_debug("notpresent %d, noexecute %d, readonly %d\n",
933 memory_exception_data.failure.NotPresent,
934 memory_exception_data.failure.NoExecute,
935 memory_exception_data.failure.ReadOnly);
936
937 /* Workaround on Raven to not kill the process when memory is freed
938 * before IOMMU is able to finish processing all the excessive PPRs
939 */
940 if (dev->device_info->asic_family != CHIP_RAVEN &&
941 dev->device_info->asic_family != CHIP_RENOIR) {
942 mutex_lock(&p->event_mutex);
943
944 /* Lookup events by type and signal them */
945 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY,
946 &memory_exception_data);
947
948 mutex_unlock(&p->event_mutex);
949 }
950
951 kfd_unref_process(p);
952 }
953 #endif /* KFD_SUPPORT_IOMMU_V2 */
954
kfd_signal_hw_exception_event(u32 pasid)955 void kfd_signal_hw_exception_event(u32 pasid)
956 {
957 /*
958 * Because we are called from arbitrary context (workqueue) as opposed
959 * to process context, kfd_process could attempt to exit while we are
960 * running so the lookup function increments the process ref count.
961 */
962 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
963
964 if (!p)
965 return; /* Presumably process exited. */
966
967 mutex_lock(&p->event_mutex);
968
969 /* Lookup events by type and signal them */
970 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL);
971
972 mutex_unlock(&p->event_mutex);
973 kfd_unref_process(p);
974 }
975
kfd_signal_vm_fault_event(struct kfd_dev * dev,u32 pasid,struct kfd_vm_fault_info * info)976 void kfd_signal_vm_fault_event(struct kfd_dev *dev, u32 pasid,
977 struct kfd_vm_fault_info *info)
978 {
979 struct kfd_event *ev;
980 uint32_t id;
981 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
982 struct kfd_hsa_memory_exception_data memory_exception_data;
983
984 if (!p)
985 return; /* Presumably process exited. */
986 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
987 memory_exception_data.gpu_id = dev->id;
988 memory_exception_data.failure.imprecise = true;
989 /* Set failure reason */
990 if (info) {
991 memory_exception_data.va = (info->page_addr) << PAGE_SHIFT;
992 memory_exception_data.failure.NotPresent =
993 info->prot_valid ? 1 : 0;
994 memory_exception_data.failure.NoExecute =
995 info->prot_exec ? 1 : 0;
996 memory_exception_data.failure.ReadOnly =
997 info->prot_write ? 1 : 0;
998 memory_exception_data.failure.imprecise = 0;
999 }
1000 mutex_lock(&p->event_mutex);
1001
1002 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1003 idr_for_each_entry_continue(&p->event_idr, ev, id)
1004 if (ev->type == KFD_EVENT_TYPE_MEMORY) {
1005 ev->memory_exception_data = memory_exception_data;
1006 set_event(ev);
1007 }
1008
1009 mutex_unlock(&p->event_mutex);
1010 kfd_unref_process(p);
1011 }
1012
kfd_signal_reset_event(struct kfd_dev * dev)1013 void kfd_signal_reset_event(struct kfd_dev *dev)
1014 {
1015 struct kfd_hsa_hw_exception_data hw_exception_data;
1016 struct kfd_hsa_memory_exception_data memory_exception_data;
1017 struct kfd_process *p;
1018 struct kfd_event *ev;
1019 unsigned int temp;
1020 uint32_t id, idx;
1021 int reset_cause = atomic_read(&dev->sram_ecc_flag) ?
1022 KFD_HW_EXCEPTION_ECC :
1023 KFD_HW_EXCEPTION_GPU_HANG;
1024
1025 /* Whole gpu reset caused by GPU hang and memory is lost */
1026 memset(&hw_exception_data, 0, sizeof(hw_exception_data));
1027 hw_exception_data.gpu_id = dev->id;
1028 hw_exception_data.memory_lost = 1;
1029 hw_exception_data.reset_cause = reset_cause;
1030
1031 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
1032 memory_exception_data.ErrorType = KFD_MEM_ERR_SRAM_ECC;
1033 memory_exception_data.gpu_id = dev->id;
1034 memory_exception_data.failure.imprecise = true;
1035
1036 idx = srcu_read_lock(&kfd_processes_srcu);
1037 hash_for_each_rcu(kfd_processes_table, temp, p, kfd_processes) {
1038 mutex_lock(&p->event_mutex);
1039 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1040 idr_for_each_entry_continue(&p->event_idr, ev, id) {
1041 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) {
1042 ev->hw_exception_data = hw_exception_data;
1043 set_event(ev);
1044 }
1045 if (ev->type == KFD_EVENT_TYPE_MEMORY &&
1046 reset_cause == KFD_HW_EXCEPTION_ECC) {
1047 ev->memory_exception_data = memory_exception_data;
1048 set_event(ev);
1049 }
1050 }
1051 mutex_unlock(&p->event_mutex);
1052 }
1053 srcu_read_unlock(&kfd_processes_srcu, idx);
1054 }
1055