1 /* $NetBSD: kfd_events.c,v 1.3 2021/12/18 23:44:59 riastradh Exp $ */
2
3 /*
4 * Copyright 2014 Advanced Micro Devices, Inc.
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a
7 * copy of this software and associated documentation files (the "Software"),
8 * to deal in the Software without restriction, including without limitation
9 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
10 * and/or sell copies of the Software, and to permit persons to whom the
11 * Software is furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 * OTHER DEALINGS IN THE SOFTWARE.
23 */
24
25 #include <sys/cdefs.h>
26 __KERNEL_RCSID(0, "$NetBSD: kfd_events.c,v 1.3 2021/12/18 23:44:59 riastradh Exp $");
27
28 #include <linux/mm_types.h>
29 #include <linux/slab.h>
30 #include <linux/types.h>
31 #include <linux/sched/signal.h>
32 #include <linux/sched/mm.h>
33 #include <linux/uaccess.h>
34 #include <linux/mman.h>
35 #include <linux/memory.h>
36 #include "kfd_priv.h"
37 #include "kfd_events.h"
38 #include "kfd_iommu.h"
39 #include <linux/device.h>
40
41 /*
42 * Wrapper around wait_queue_entry_t
43 */
44 struct kfd_event_waiter {
45 wait_queue_entry_t wait;
46 struct kfd_event *event; /* Event to wait for */
47 bool activated; /* Becomes true when event is signaled */
48 };
49
50 /*
51 * Each signal event needs a 64-bit signal slot where the signaler will write
52 * a 1 before sending an interrupt. (This is needed because some interrupts
53 * do not contain enough spare data bits to identify an event.)
54 * We get whole pages and map them to the process VA.
55 * Individual signal events use their event_id as slot index.
56 */
57 struct kfd_signal_page {
58 uint64_t *kernel_address;
59 uint64_t __user *user_address;
60 bool need_to_free_pages;
61 };
62
63
page_slots(struct kfd_signal_page * page)64 static uint64_t *page_slots(struct kfd_signal_page *page)
65 {
66 return page->kernel_address;
67 }
68
allocate_signal_page(struct kfd_process * p)69 static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p)
70 {
71 void *backing_store;
72 struct kfd_signal_page *page;
73
74 page = kzalloc(sizeof(*page), GFP_KERNEL);
75 if (!page)
76 return NULL;
77
78 backing_store = (void *) __get_free_pages(GFP_KERNEL,
79 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
80 if (!backing_store)
81 goto fail_alloc_signal_store;
82
83 /* Initialize all events to unsignaled */
84 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT,
85 KFD_SIGNAL_EVENT_LIMIT * 8);
86
87 page->kernel_address = backing_store;
88 page->need_to_free_pages = true;
89 pr_debug("Allocated new event signal page at %p, for process %p\n",
90 page, p);
91
92 return page;
93
94 fail_alloc_signal_store:
95 kfree(page);
96 return NULL;
97 }
98
allocate_event_notification_slot(struct kfd_process * p,struct kfd_event * ev)99 static int allocate_event_notification_slot(struct kfd_process *p,
100 struct kfd_event *ev)
101 {
102 int id;
103
104 if (!p->signal_page) {
105 p->signal_page = allocate_signal_page(p);
106 if (!p->signal_page)
107 return -ENOMEM;
108 /* Oldest user mode expects 256 event slots */
109 p->signal_mapped_size = 256*8;
110 }
111
112 /*
113 * Compatibility with old user mode: Only use signal slots
114 * user mode has mapped, may be less than
115 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase
116 * of the event limit without breaking user mode.
117 */
118 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8,
119 GFP_KERNEL);
120 if (id < 0)
121 return id;
122
123 ev->event_id = id;
124 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT;
125
126 return 0;
127 }
128
129 /*
130 * Assumes that p->event_mutex is held and of course that p is not going
131 * away (current or locked).
132 */
lookup_event_by_id(struct kfd_process * p,uint32_t id)133 static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id)
134 {
135 return idr_find(&p->event_idr, id);
136 }
137
138 /**
139 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID
140 * @p: Pointer to struct kfd_process
141 * @id: ID to look up
142 * @bits: Number of valid bits in @id
143 *
144 * Finds the first signaled event with a matching partial ID. If no
145 * matching signaled event is found, returns NULL. In that case the
146 * caller should assume that the partial ID is invalid and do an
147 * exhaustive search of all siglaned events.
148 *
149 * If multiple events with the same partial ID signal at the same
150 * time, they will be found one interrupt at a time, not necessarily
151 * in the same order the interrupts occurred. As long as the number of
152 * interrupts is correct, all signaled events will be seen by the
153 * driver.
154 */
lookup_signaled_event_by_partial_id(struct kfd_process * p,uint32_t id,uint32_t bits)155 static struct kfd_event *lookup_signaled_event_by_partial_id(
156 struct kfd_process *p, uint32_t id, uint32_t bits)
157 {
158 struct kfd_event *ev;
159
160 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT)
161 return NULL;
162
163 /* Fast path for the common case that @id is not a partial ID
164 * and we only need a single lookup.
165 */
166 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) {
167 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
168 return NULL;
169
170 return idr_find(&p->event_idr, id);
171 }
172
173 /* General case for partial IDs: Iterate over all matching IDs
174 * and find the first one that has signaled.
175 */
176 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) {
177 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
178 continue;
179
180 ev = idr_find(&p->event_idr, id);
181 }
182
183 return ev;
184 }
185
create_signal_event(struct file * devkfd,struct kfd_process * p,struct kfd_event * ev)186 static int create_signal_event(struct file *devkfd,
187 struct kfd_process *p,
188 struct kfd_event *ev)
189 {
190 int ret;
191
192 if (p->signal_mapped_size &&
193 p->signal_event_count == p->signal_mapped_size / 8) {
194 if (!p->signal_event_limit_reached) {
195 pr_warn("Signal event wasn't created because limit was reached\n");
196 p->signal_event_limit_reached = true;
197 }
198 return -ENOSPC;
199 }
200
201 ret = allocate_event_notification_slot(p, ev);
202 if (ret) {
203 pr_warn("Signal event wasn't created because out of kernel memory\n");
204 return ret;
205 }
206
207 p->signal_event_count++;
208
209 ev->user_signal_address = &p->signal_page->user_address[ev->event_id];
210 pr_debug("Signal event number %zu created with id %d, address %p\n",
211 p->signal_event_count, ev->event_id,
212 ev->user_signal_address);
213
214 return 0;
215 }
216
create_other_event(struct kfd_process * p,struct kfd_event * ev)217 static int create_other_event(struct kfd_process *p, struct kfd_event *ev)
218 {
219 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an
220 * intentional integer overflow to -1 without a compiler
221 * warning. idr_alloc treats a negative value as "maximum
222 * signed integer".
223 */
224 int id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID,
225 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1,
226 GFP_KERNEL);
227
228 if (id < 0)
229 return id;
230 ev->event_id = id;
231
232 return 0;
233 }
234
kfd_event_init_process(struct kfd_process * p)235 void kfd_event_init_process(struct kfd_process *p)
236 {
237 mutex_init(&p->event_mutex);
238 idr_init(&p->event_idr);
239 p->signal_page = NULL;
240 p->signal_event_count = 0;
241 }
242
destroy_event(struct kfd_process * p,struct kfd_event * ev)243 static void destroy_event(struct kfd_process *p, struct kfd_event *ev)
244 {
245 struct kfd_event_waiter *waiter;
246
247 /* Wake up pending waiters. They will return failure */
248 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
249 waiter->event = NULL;
250 wake_up_all(&ev->wq);
251
252 if (ev->type == KFD_EVENT_TYPE_SIGNAL ||
253 ev->type == KFD_EVENT_TYPE_DEBUG)
254 p->signal_event_count--;
255
256 idr_remove(&p->event_idr, ev->event_id);
257 kfree(ev);
258 }
259
destroy_events(struct kfd_process * p)260 static void destroy_events(struct kfd_process *p)
261 {
262 struct kfd_event *ev;
263 uint32_t id;
264
265 idr_for_each_entry(&p->event_idr, ev, id)
266 destroy_event(p, ev);
267 idr_destroy(&p->event_idr);
268 }
269
270 /*
271 * We assume that the process is being destroyed and there is no need to
272 * unmap the pages or keep bookkeeping data in order.
273 */
shutdown_signal_page(struct kfd_process * p)274 static void shutdown_signal_page(struct kfd_process *p)
275 {
276 struct kfd_signal_page *page = p->signal_page;
277
278 if (page) {
279 if (page->need_to_free_pages)
280 free_pages((unsigned long)page->kernel_address,
281 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
282 kfree(page);
283 }
284 }
285
kfd_event_free_process(struct kfd_process * p)286 void kfd_event_free_process(struct kfd_process *p)
287 {
288 destroy_events(p);
289 shutdown_signal_page(p);
290 }
291
event_can_be_gpu_signaled(const struct kfd_event * ev)292 static bool event_can_be_gpu_signaled(const struct kfd_event *ev)
293 {
294 return ev->type == KFD_EVENT_TYPE_SIGNAL ||
295 ev->type == KFD_EVENT_TYPE_DEBUG;
296 }
297
event_can_be_cpu_signaled(const struct kfd_event * ev)298 static bool event_can_be_cpu_signaled(const struct kfd_event *ev)
299 {
300 return ev->type == KFD_EVENT_TYPE_SIGNAL;
301 }
302
kfd_event_page_set(struct kfd_process * p,void * kernel_address,uint64_t size)303 int kfd_event_page_set(struct kfd_process *p, void *kernel_address,
304 uint64_t size)
305 {
306 struct kfd_signal_page *page;
307
308 if (p->signal_page)
309 return -EBUSY;
310
311 page = kzalloc(sizeof(*page), GFP_KERNEL);
312 if (!page)
313 return -ENOMEM;
314
315 /* Initialize all events to unsignaled */
316 memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT,
317 KFD_SIGNAL_EVENT_LIMIT * 8);
318
319 page->kernel_address = kernel_address;
320
321 p->signal_page = page;
322 p->signal_mapped_size = size;
323
324 return 0;
325 }
326
kfd_event_create(struct file * devkfd,struct kfd_process * p,uint32_t event_type,bool auto_reset,uint32_t node_id,uint32_t * event_id,uint32_t * event_trigger_data,uint64_t * event_page_offset,uint32_t * event_slot_index)327 int kfd_event_create(struct file *devkfd, struct kfd_process *p,
328 uint32_t event_type, bool auto_reset, uint32_t node_id,
329 uint32_t *event_id, uint32_t *event_trigger_data,
330 uint64_t *event_page_offset, uint32_t *event_slot_index)
331 {
332 int ret = 0;
333 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL);
334
335 if (!ev)
336 return -ENOMEM;
337
338 ev->type = event_type;
339 ev->auto_reset = auto_reset;
340 ev->signaled = false;
341
342 init_waitqueue_head(&ev->wq);
343
344 *event_page_offset = 0;
345
346 mutex_lock(&p->event_mutex);
347
348 switch (event_type) {
349 case KFD_EVENT_TYPE_SIGNAL:
350 case KFD_EVENT_TYPE_DEBUG:
351 ret = create_signal_event(devkfd, p, ev);
352 if (!ret) {
353 *event_page_offset = KFD_MMAP_TYPE_EVENTS;
354 *event_slot_index = ev->event_id;
355 }
356 break;
357 default:
358 ret = create_other_event(p, ev);
359 break;
360 }
361
362 if (!ret) {
363 *event_id = ev->event_id;
364 *event_trigger_data = ev->event_id;
365 } else {
366 kfree(ev);
367 }
368
369 mutex_unlock(&p->event_mutex);
370
371 return ret;
372 }
373
374 /* Assumes that p is current. */
kfd_event_destroy(struct kfd_process * p,uint32_t event_id)375 int kfd_event_destroy(struct kfd_process *p, uint32_t event_id)
376 {
377 struct kfd_event *ev;
378 int ret = 0;
379
380 mutex_lock(&p->event_mutex);
381
382 ev = lookup_event_by_id(p, event_id);
383
384 if (ev)
385 destroy_event(p, ev);
386 else
387 ret = -EINVAL;
388
389 mutex_unlock(&p->event_mutex);
390 return ret;
391 }
392
set_event(struct kfd_event * ev)393 static void set_event(struct kfd_event *ev)
394 {
395 struct kfd_event_waiter *waiter;
396
397 /* Auto reset if the list is non-empty and we're waking
398 * someone. waitqueue_active is safe here because we're
399 * protected by the p->event_mutex, which is also held when
400 * updating the wait queues in kfd_wait_on_events.
401 */
402 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq);
403
404 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
405 waiter->activated = true;
406
407 wake_up_all(&ev->wq);
408 }
409
410 /* Assumes that p is current. */
kfd_set_event(struct kfd_process * p,uint32_t event_id)411 int kfd_set_event(struct kfd_process *p, uint32_t event_id)
412 {
413 int ret = 0;
414 struct kfd_event *ev;
415
416 mutex_lock(&p->event_mutex);
417
418 ev = lookup_event_by_id(p, event_id);
419
420 if (ev && event_can_be_cpu_signaled(ev))
421 set_event(ev);
422 else
423 ret = -EINVAL;
424
425 mutex_unlock(&p->event_mutex);
426 return ret;
427 }
428
reset_event(struct kfd_event * ev)429 static void reset_event(struct kfd_event *ev)
430 {
431 ev->signaled = false;
432 }
433
434 /* Assumes that p is current. */
kfd_reset_event(struct kfd_process * p,uint32_t event_id)435 int kfd_reset_event(struct kfd_process *p, uint32_t event_id)
436 {
437 int ret = 0;
438 struct kfd_event *ev;
439
440 mutex_lock(&p->event_mutex);
441
442 ev = lookup_event_by_id(p, event_id);
443
444 if (ev && event_can_be_cpu_signaled(ev))
445 reset_event(ev);
446 else
447 ret = -EINVAL;
448
449 mutex_unlock(&p->event_mutex);
450 return ret;
451
452 }
453
acknowledge_signal(struct kfd_process * p,struct kfd_event * ev)454 static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev)
455 {
456 page_slots(p->signal_page)[ev->event_id] = UNSIGNALED_EVENT_SLOT;
457 }
458
set_event_from_interrupt(struct kfd_process * p,struct kfd_event * ev)459 static void set_event_from_interrupt(struct kfd_process *p,
460 struct kfd_event *ev)
461 {
462 if (ev && event_can_be_gpu_signaled(ev)) {
463 acknowledge_signal(p, ev);
464 set_event(ev);
465 }
466 }
467
kfd_signal_event_interrupt(unsigned int pasid,uint32_t partial_id,uint32_t valid_id_bits)468 void kfd_signal_event_interrupt(unsigned int pasid, uint32_t partial_id,
469 uint32_t valid_id_bits)
470 {
471 struct kfd_event *ev = NULL;
472
473 /*
474 * Because we are called from arbitrary context (workqueue) as opposed
475 * to process context, kfd_process could attempt to exit while we are
476 * running so the lookup function increments the process ref count.
477 */
478 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
479
480 if (!p)
481 return; /* Presumably process exited. */
482
483 mutex_lock(&p->event_mutex);
484
485 if (valid_id_bits)
486 ev = lookup_signaled_event_by_partial_id(p, partial_id,
487 valid_id_bits);
488 if (ev) {
489 set_event_from_interrupt(p, ev);
490 } else if (p->signal_page) {
491 /*
492 * Partial ID lookup failed. Assume that the event ID
493 * in the interrupt payload was invalid and do an
494 * exhaustive search of signaled events.
495 */
496 uint64_t *slots = page_slots(p->signal_page);
497 uint32_t id;
498
499 if (valid_id_bits)
500 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n",
501 partial_id, valid_id_bits);
502
503 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT / 64) {
504 /* With relatively few events, it's faster to
505 * iterate over the event IDR
506 */
507 idr_for_each_entry(&p->event_idr, ev, id) {
508 if (id >= KFD_SIGNAL_EVENT_LIMIT)
509 break;
510
511 if (slots[id] != UNSIGNALED_EVENT_SLOT)
512 set_event_from_interrupt(p, ev);
513 }
514 } else {
515 /* With relatively many events, it's faster to
516 * iterate over the signal slots and lookup
517 * only signaled events from the IDR.
518 */
519 for (id = 0; id < KFD_SIGNAL_EVENT_LIMIT; id++)
520 if (slots[id] != UNSIGNALED_EVENT_SLOT) {
521 ev = lookup_event_by_id(p, id);
522 set_event_from_interrupt(p, ev);
523 }
524 }
525 }
526
527 mutex_unlock(&p->event_mutex);
528 kfd_unref_process(p);
529 }
530
alloc_event_waiters(uint32_t num_events)531 static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events)
532 {
533 struct kfd_event_waiter *event_waiters;
534 uint32_t i;
535
536 event_waiters = kmalloc_array(num_events,
537 sizeof(struct kfd_event_waiter),
538 GFP_KERNEL);
539
540 for (i = 0; (event_waiters) && (i < num_events) ; i++) {
541 init_wait(&event_waiters[i].wait);
542 event_waiters[i].activated = false;
543 }
544
545 return event_waiters;
546 }
547
init_event_waiter_get_status(struct kfd_process * p,struct kfd_event_waiter * waiter,uint32_t event_id)548 static int init_event_waiter_get_status(struct kfd_process *p,
549 struct kfd_event_waiter *waiter,
550 uint32_t event_id)
551 {
552 struct kfd_event *ev = lookup_event_by_id(p, event_id);
553
554 if (!ev)
555 return -EINVAL;
556
557 waiter->event = ev;
558 waiter->activated = ev->signaled;
559 ev->signaled = ev->signaled && !ev->auto_reset;
560
561 return 0;
562 }
563
init_event_waiter_add_to_waitlist(struct kfd_event_waiter * waiter)564 static void init_event_waiter_add_to_waitlist(struct kfd_event_waiter *waiter)
565 {
566 struct kfd_event *ev = waiter->event;
567
568 /* Only add to the wait list if we actually need to
569 * wait on this event.
570 */
571 if (!waiter->activated)
572 add_wait_queue(&ev->wq, &waiter->wait);
573 }
574
575 /* test_event_condition - Test condition of events being waited for
576 * @all: Return completion only if all events have signaled
577 * @num_events: Number of events to wait for
578 * @event_waiters: Array of event waiters, one per event
579 *
580 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have
581 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all)
582 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of
583 * the events have been destroyed.
584 */
test_event_condition(bool all,uint32_t num_events,struct kfd_event_waiter * event_waiters)585 static uint32_t test_event_condition(bool all, uint32_t num_events,
586 struct kfd_event_waiter *event_waiters)
587 {
588 uint32_t i;
589 uint32_t activated_count = 0;
590
591 for (i = 0; i < num_events; i++) {
592 if (!event_waiters[i].event)
593 return KFD_IOC_WAIT_RESULT_FAIL;
594
595 if (event_waiters[i].activated) {
596 if (!all)
597 return KFD_IOC_WAIT_RESULT_COMPLETE;
598
599 activated_count++;
600 }
601 }
602
603 return activated_count == num_events ?
604 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT;
605 }
606
607 /*
608 * Copy event specific data, if defined.
609 * Currently only memory exception events have additional data to copy to user
610 */
copy_signaled_event_data(uint32_t num_events,struct kfd_event_waiter * event_waiters,struct kfd_event_data __user * data)611 static int copy_signaled_event_data(uint32_t num_events,
612 struct kfd_event_waiter *event_waiters,
613 struct kfd_event_data __user *data)
614 {
615 struct kfd_hsa_memory_exception_data *src;
616 struct kfd_hsa_memory_exception_data __user *dst;
617 struct kfd_event_waiter *waiter;
618 struct kfd_event *event;
619 uint32_t i;
620
621 for (i = 0; i < num_events; i++) {
622 waiter = &event_waiters[i];
623 event = waiter->event;
624 if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) {
625 dst = &data[i].memory_exception_data;
626 src = &event->memory_exception_data;
627 if (copy_to_user(dst, src,
628 sizeof(struct kfd_hsa_memory_exception_data)))
629 return -EFAULT;
630 }
631 }
632
633 return 0;
634
635 }
636
637
638
user_timeout_to_jiffies(uint32_t user_timeout_ms)639 static long user_timeout_to_jiffies(uint32_t user_timeout_ms)
640 {
641 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE)
642 return 0;
643
644 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE)
645 return MAX_SCHEDULE_TIMEOUT;
646
647 /*
648 * msecs_to_jiffies interprets all values above 2^31-1 as infinite,
649 * but we consider them finite.
650 * This hack is wrong, but nobody is likely to notice.
651 */
652 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF);
653
654 return msecs_to_jiffies(user_timeout_ms) + 1;
655 }
656
free_waiters(uint32_t num_events,struct kfd_event_waiter * waiters)657 static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters)
658 {
659 uint32_t i;
660
661 for (i = 0; i < num_events; i++)
662 if (waiters[i].event)
663 remove_wait_queue(&waiters[i].event->wq,
664 &waiters[i].wait);
665
666 kfree(waiters);
667 }
668
kfd_wait_on_events(struct kfd_process * p,uint32_t num_events,void __user * data,bool all,uint32_t user_timeout_ms,uint32_t * wait_result)669 int kfd_wait_on_events(struct kfd_process *p,
670 uint32_t num_events, void __user *data,
671 bool all, uint32_t user_timeout_ms,
672 uint32_t *wait_result)
673 {
674 struct kfd_event_data __user *events =
675 (struct kfd_event_data __user *) data;
676 uint32_t i;
677 int ret = 0;
678
679 struct kfd_event_waiter *event_waiters = NULL;
680 long timeout = user_timeout_to_jiffies(user_timeout_ms);
681
682 event_waiters = alloc_event_waiters(num_events);
683 if (!event_waiters) {
684 ret = -ENOMEM;
685 goto out;
686 }
687
688 mutex_lock(&p->event_mutex);
689
690 for (i = 0; i < num_events; i++) {
691 struct kfd_event_data event_data;
692
693 if (copy_from_user(&event_data, &events[i],
694 sizeof(struct kfd_event_data))) {
695 ret = -EFAULT;
696 goto out_unlock;
697 }
698
699 ret = init_event_waiter_get_status(p, &event_waiters[i],
700 event_data.event_id);
701 if (ret)
702 goto out_unlock;
703 }
704
705 /* Check condition once. */
706 *wait_result = test_event_condition(all, num_events, event_waiters);
707 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) {
708 ret = copy_signaled_event_data(num_events,
709 event_waiters, events);
710 goto out_unlock;
711 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) {
712 /* This should not happen. Events shouldn't be
713 * destroyed while we're holding the event_mutex
714 */
715 goto out_unlock;
716 }
717
718 /* Add to wait lists if we need to wait. */
719 for (i = 0; i < num_events; i++)
720 init_event_waiter_add_to_waitlist(&event_waiters[i]);
721
722 mutex_unlock(&p->event_mutex);
723
724 while (true) {
725 if (fatal_signal_pending(current)) {
726 ret = -EINTR;
727 break;
728 }
729
730 if (signal_pending(current)) {
731 /*
732 * This is wrong when a nonzero, non-infinite timeout
733 * is specified. We need to use
734 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block
735 * contains a union with data for each user and it's
736 * in generic kernel code that I don't want to
737 * touch yet.
738 */
739 ret = -ERESTARTSYS;
740 break;
741 }
742
743 /* Set task state to interruptible sleep before
744 * checking wake-up conditions. A concurrent wake-up
745 * will put the task back into runnable state. In that
746 * case schedule_timeout will not put the task to
747 * sleep and we'll get a chance to re-check the
748 * updated conditions almost immediately. Otherwise,
749 * this race condition would lead to a soft hang or a
750 * very long sleep.
751 */
752 set_current_state(TASK_INTERRUPTIBLE);
753
754 *wait_result = test_event_condition(all, num_events,
755 event_waiters);
756 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT)
757 break;
758
759 if (timeout <= 0)
760 break;
761
762 timeout = schedule_timeout(timeout);
763 }
764 __set_current_state(TASK_RUNNING);
765
766 /* copy_signaled_event_data may sleep. So this has to happen
767 * after the task state is set back to RUNNING.
768 */
769 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE)
770 ret = copy_signaled_event_data(num_events,
771 event_waiters, events);
772
773 mutex_lock(&p->event_mutex);
774 out_unlock:
775 free_waiters(num_events, event_waiters);
776 mutex_unlock(&p->event_mutex);
777 out:
778 if (ret)
779 *wait_result = KFD_IOC_WAIT_RESULT_FAIL;
780 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL)
781 ret = -EIO;
782
783 return ret;
784 }
785
kfd_event_mmap(struct kfd_process * p,struct vm_area_struct * vma)786 int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma)
787 {
788 unsigned long pfn;
789 struct kfd_signal_page *page;
790 int ret;
791
792 /* check required size doesn't exceed the allocated size */
793 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) <
794 get_order(vma->vm_end - vma->vm_start)) {
795 pr_err("Event page mmap requested illegal size\n");
796 return -EINVAL;
797 }
798
799 page = p->signal_page;
800 if (!page) {
801 /* Probably KFD bug, but mmap is user-accessible. */
802 pr_debug("Signal page could not be found\n");
803 return -EINVAL;
804 }
805
806 pfn = __pa(page->kernel_address);
807 pfn >>= PAGE_SHIFT;
808
809 vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE
810 | VM_DONTDUMP | VM_PFNMAP;
811
812 pr_debug("Mapping signal page\n");
813 pr_debug(" start user address == 0x%08lx\n", vma->vm_start);
814 pr_debug(" end user address == 0x%08lx\n", vma->vm_end);
815 pr_debug(" pfn == 0x%016lX\n", pfn);
816 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags);
817 pr_debug(" size == 0x%08lX\n",
818 vma->vm_end - vma->vm_start);
819
820 page->user_address = (uint64_t __user *)vma->vm_start;
821
822 /* mapping the page to user process */
823 ret = remap_pfn_range(vma, vma->vm_start, pfn,
824 vma->vm_end - vma->vm_start, vma->vm_page_prot);
825 if (!ret)
826 p->signal_mapped_size = vma->vm_end - vma->vm_start;
827
828 return ret;
829 }
830
831 /*
832 * Assumes that p->event_mutex is held and of course
833 * that p is not going away (current or locked).
834 */
lookup_events_by_type_and_signal(struct kfd_process * p,int type,void * event_data)835 static void lookup_events_by_type_and_signal(struct kfd_process *p,
836 int type, void *event_data)
837 {
838 struct kfd_hsa_memory_exception_data *ev_data;
839 struct kfd_event *ev;
840 uint32_t id;
841 bool send_signal = true;
842
843 ev_data = (struct kfd_hsa_memory_exception_data *) event_data;
844
845 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
846 idr_for_each_entry_continue(&p->event_idr, ev, id)
847 if (ev->type == type) {
848 send_signal = false;
849 dev_dbg(kfd_device,
850 "Event found: id %X type %d",
851 ev->event_id, ev->type);
852 set_event(ev);
853 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data)
854 ev->memory_exception_data = *ev_data;
855 }
856
857 if (type == KFD_EVENT_TYPE_MEMORY) {
858 dev_warn(kfd_device,
859 "Sending SIGSEGV to process %d (pasid 0x%x)",
860 p->lead_thread->pid, p->pasid);
861 send_sig(SIGSEGV, p->lead_thread, 0);
862 }
863
864 /* Send SIGTERM no event of type "type" has been found*/
865 if (send_signal) {
866 if (send_sigterm) {
867 dev_warn(kfd_device,
868 "Sending SIGTERM to process %d (pasid 0x%x)",
869 p->lead_thread->pid, p->pasid);
870 send_sig(SIGTERM, p->lead_thread, 0);
871 } else {
872 dev_err(kfd_device,
873 "Process %d (pasid 0x%x) got unhandled exception",
874 p->lead_thread->pid, p->pasid);
875 }
876 }
877 }
878
879 #ifdef KFD_SUPPORT_IOMMU_V2
kfd_signal_iommu_event(struct kfd_dev * dev,unsigned int pasid,unsigned long address,bool is_write_requested,bool is_execute_requested)880 void kfd_signal_iommu_event(struct kfd_dev *dev, unsigned int pasid,
881 unsigned long address, bool is_write_requested,
882 bool is_execute_requested)
883 {
884 struct kfd_hsa_memory_exception_data memory_exception_data;
885 struct vm_area_struct *vma;
886
887 /*
888 * Because we are called from arbitrary context (workqueue) as opposed
889 * to process context, kfd_process could attempt to exit while we are
890 * running so the lookup function increments the process ref count.
891 */
892 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
893 struct mm_struct *mm;
894
895 if (!p)
896 return; /* Presumably process exited. */
897
898 /* Take a safe reference to the mm_struct, which may otherwise
899 * disappear even while the kfd_process is still referenced.
900 */
901 mm = get_task_mm(p->lead_thread);
902 if (!mm) {
903 kfd_unref_process(p);
904 return; /* Process is exiting */
905 }
906
907 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
908
909 down_read(&mm->mmap_sem);
910 vma = find_vma(mm, address);
911
912 memory_exception_data.gpu_id = dev->id;
913 memory_exception_data.va = address;
914 /* Set failure reason */
915 memory_exception_data.failure.NotPresent = 1;
916 memory_exception_data.failure.NoExecute = 0;
917 memory_exception_data.failure.ReadOnly = 0;
918 if (vma && address >= vma->vm_start) {
919 memory_exception_data.failure.NotPresent = 0;
920
921 if (is_write_requested && !(vma->vm_flags & VM_WRITE))
922 memory_exception_data.failure.ReadOnly = 1;
923 else
924 memory_exception_data.failure.ReadOnly = 0;
925
926 if (is_execute_requested && !(vma->vm_flags & VM_EXEC))
927 memory_exception_data.failure.NoExecute = 1;
928 else
929 memory_exception_data.failure.NoExecute = 0;
930 }
931
932 up_read(&mm->mmap_sem);
933 mmput(mm);
934
935 pr_debug("notpresent %d, noexecute %d, readonly %d\n",
936 memory_exception_data.failure.NotPresent,
937 memory_exception_data.failure.NoExecute,
938 memory_exception_data.failure.ReadOnly);
939
940 /* Workaround on Raven to not kill the process when memory is freed
941 * before IOMMU is able to finish processing all the excessive PPRs
942 */
943 if (dev->device_info->asic_family != CHIP_RAVEN &&
944 dev->device_info->asic_family != CHIP_RENOIR) {
945 mutex_lock(&p->event_mutex);
946
947 /* Lookup events by type and signal them */
948 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY,
949 &memory_exception_data);
950
951 mutex_unlock(&p->event_mutex);
952 }
953
954 kfd_unref_process(p);
955 }
956 #endif /* KFD_SUPPORT_IOMMU_V2 */
957
kfd_signal_hw_exception_event(unsigned int pasid)958 void kfd_signal_hw_exception_event(unsigned int pasid)
959 {
960 /*
961 * Because we are called from arbitrary context (workqueue) as opposed
962 * to process context, kfd_process could attempt to exit while we are
963 * running so the lookup function increments the process ref count.
964 */
965 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
966
967 if (!p)
968 return; /* Presumably process exited. */
969
970 mutex_lock(&p->event_mutex);
971
972 /* Lookup events by type and signal them */
973 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL);
974
975 mutex_unlock(&p->event_mutex);
976 kfd_unref_process(p);
977 }
978
kfd_signal_vm_fault_event(struct kfd_dev * dev,unsigned int pasid,struct kfd_vm_fault_info * info)979 void kfd_signal_vm_fault_event(struct kfd_dev *dev, unsigned int pasid,
980 struct kfd_vm_fault_info *info)
981 {
982 struct kfd_event *ev;
983 uint32_t id;
984 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
985 struct kfd_hsa_memory_exception_data memory_exception_data;
986
987 if (!p)
988 return; /* Presumably process exited. */
989 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
990 memory_exception_data.gpu_id = dev->id;
991 memory_exception_data.failure.imprecise = true;
992 /* Set failure reason */
993 if (info) {
994 memory_exception_data.va = (info->page_addr) << PAGE_SHIFT;
995 memory_exception_data.failure.NotPresent =
996 info->prot_valid ? 1 : 0;
997 memory_exception_data.failure.NoExecute =
998 info->prot_exec ? 1 : 0;
999 memory_exception_data.failure.ReadOnly =
1000 info->prot_write ? 1 : 0;
1001 memory_exception_data.failure.imprecise = 0;
1002 }
1003 mutex_lock(&p->event_mutex);
1004
1005 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1006 idr_for_each_entry_continue(&p->event_idr, ev, id)
1007 if (ev->type == KFD_EVENT_TYPE_MEMORY) {
1008 ev->memory_exception_data = memory_exception_data;
1009 set_event(ev);
1010 }
1011
1012 mutex_unlock(&p->event_mutex);
1013 kfd_unref_process(p);
1014 }
1015
kfd_signal_reset_event(struct kfd_dev * dev)1016 void kfd_signal_reset_event(struct kfd_dev *dev)
1017 {
1018 struct kfd_hsa_hw_exception_data hw_exception_data;
1019 struct kfd_hsa_memory_exception_data memory_exception_data;
1020 struct kfd_process *p;
1021 struct kfd_event *ev;
1022 unsigned int temp;
1023 uint32_t id, idx;
1024 int reset_cause = atomic_read(&dev->sram_ecc_flag) ?
1025 KFD_HW_EXCEPTION_ECC :
1026 KFD_HW_EXCEPTION_GPU_HANG;
1027
1028 /* Whole gpu reset caused by GPU hang and memory is lost */
1029 memset(&hw_exception_data, 0, sizeof(hw_exception_data));
1030 hw_exception_data.gpu_id = dev->id;
1031 hw_exception_data.memory_lost = 1;
1032 hw_exception_data.reset_cause = reset_cause;
1033
1034 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
1035 memory_exception_data.ErrorType = KFD_MEM_ERR_SRAM_ECC;
1036 memory_exception_data.gpu_id = dev->id;
1037 memory_exception_data.failure.imprecise = true;
1038
1039 idx = srcu_read_lock(&kfd_processes_srcu);
1040 hash_for_each_rcu(kfd_processes_table, temp, p, kfd_processes) {
1041 mutex_lock(&p->event_mutex);
1042 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1043 idr_for_each_entry_continue(&p->event_idr, ev, id) {
1044 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) {
1045 ev->hw_exception_data = hw_exception_data;
1046 set_event(ev);
1047 }
1048 if (ev->type == KFD_EVENT_TYPE_MEMORY &&
1049 reset_cause == KFD_HW_EXCEPTION_ECC) {
1050 ev->memory_exception_data = memory_exception_data;
1051 set_event(ev);
1052 }
1053 }
1054 mutex_unlock(&p->event_mutex);
1055 }
1056 srcu_read_unlock(&kfd_processes_srcu, idx);
1057 }
1058