drm/i915/gvt: Double check batch buffer size after copy

Submitted by Tina Zhang on July 29, 2019, 12:42 a.m.

Details

Message ID 20190729004220.3171-1-tina.zhang@intel.com
State New
Headers show
Series "drm/i915/gvt: Double check batch buffer size after copy" ( rev: 3 ) in Intel GVT devel

Not browsing as part of any series.

Commit Message

Tina Zhang July 29, 2019, 12:42 a.m.
Double check the size of the privilege buffer to make sure the size
remains unchanged after copy.

v3:
- To get the right offset of the batch buffer end cmd. (Yan)

v2:
- Use lightweight way to audit batch buffer end. (Yan)

Cc: Yan Zhao <yan.y.zhao@intel.com>
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
---
 drivers/gpu/drm/i915/gvt/cmd_parser.c | 39 +++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
index 6ea88270c818..a641e3ee1fe4 100644
--- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
+++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
@@ -1661,7 +1661,9 @@  static int batch_buffer_needs_scan(struct parser_exec_state *s)
 	return 1;
 }
 
-static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
+static int find_bb_size(struct parser_exec_state *s,
+			unsigned long *bb_size,
+			unsigned long *bb_end_cmd_offset)
 {
 	unsigned long gma = 0;
 	const struct cmd_info *info;
@@ -1673,6 +1675,7 @@  static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
 		s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm;
 
 	*bb_size = 0;
+	*bb_end_cmd_offset = 0;
 
 	/* get the start gm address of the batch buffer */
 	gma = get_gma_bb_from_cmd(s, 1);
@@ -1708,6 +1711,10 @@  static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
 				/* chained batch buffer */
 				bb_end = true;
 		}
+
+		if (bb_end)
+			*bb_end_cmd_offset = *bb_size;
+
 		cmd_len = get_cmd_length(info, cmd) << 2;
 		*bb_size += cmd_len;
 		gma += cmd_len;
@@ -1716,12 +1723,36 @@  static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
 	return 0;
 }
 
+static int audit_bb_end(struct parser_exec_state *s, void *va)
+{
+	struct intel_vgpu *vgpu = s->vgpu;
+	u32 cmd = *(u32 *)va;
+	const struct cmd_info *info;
+
+	info = get_cmd_info(s->vgpu->gvt, cmd, s->ring_id);
+	if (info == NULL) {
+		gvt_vgpu_err("unknown cmd 0x%x, opcode=0x%x, addr_type=%s, ring %d, workload=%p\n",
+			cmd, get_opcode(cmd, s->ring_id),
+			(s->buf_addr_type == PPGTT_BUFFER) ?
+			"ppgtt" : "ggtt", s->ring_id, s->workload);
+		return -EBADRQC;
+	}
+
+	if ((info->opcode == OP_MI_BATCH_BUFFER_END) ||
+	    ((info->opcode == OP_MI_BATCH_BUFFER_START) &&
+	     (BATCH_BUFFER_2ND_LEVEL_BIT(cmd) == 0)))
+		return 0;
+
+	return -EBADRQC;
+}
+
 static int perform_bb_shadow(struct parser_exec_state *s)
 {
 	struct intel_vgpu *vgpu = s->vgpu;
 	struct intel_vgpu_shadow_bb *bb;
 	unsigned long gma = 0;
 	unsigned long bb_size;
+	unsigned long bb_end_cmd_offset;
 	int ret = 0;
 	struct intel_vgpu_mm *mm = (s->buf_addr_type == GTT_BUFFER) ?
 		s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm;
@@ -1732,7 +1763,7 @@  static int perform_bb_shadow(struct parser_exec_state *s)
 	if (gma == INTEL_GVT_INVALID_ADDR)
 		return -EFAULT;
 
-	ret = find_bb_size(s, &bb_size);
+	ret = find_bb_size(s, &bb_size, &bb_end_cmd_offset);
 	if (ret)
 		return ret;
 
@@ -1788,6 +1819,10 @@  static int perform_bb_shadow(struct parser_exec_state *s)
 		goto err_unmap;
 	}
 
+	ret = audit_bb_end(s, bb->va + start_offset + bb_end_cmd_offset);
+	if (ret)
+		goto err_unmap;
+
 	INIT_LIST_HEAD(&bb->list);
 	list_add(&bb->list, &s->workload->shadow_bb);
 

Comments

Reviewed-by: Yan Zhao <yan.y.zhao@intel.com>

On Mon, Jul 29, 2019 at 08:42:20AM +0800, Tina Zhang wrote:
> Double check the size of the privilege buffer to make sure the size
> remains unchanged after copy.
> 
> v3:
> - To get the right offset of the batch buffer end cmd. (Yan)
> 
> v2:
> - Use lightweight way to audit batch buffer end. (Yan)
> 
> Cc: Yan Zhao <yan.y.zhao@intel.com>
> Signed-off-by: Tina Zhang <tina.zhang@intel.com>
> ---
>  drivers/gpu/drm/i915/gvt/cmd_parser.c | 39 +++++++++++++++++++++++++--
>  1 file changed, 37 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 6ea88270c818..a641e3ee1fe4 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -1661,7 +1661,9 @@ static int batch_buffer_needs_scan(struct parser_exec_state *s)
>  	return 1;
>  }
>  
> -static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
> +static int find_bb_size(struct parser_exec_state *s,
> +			unsigned long *bb_size,
> +			unsigned long *bb_end_cmd_offset)
>  {
>  	unsigned long gma = 0;
>  	const struct cmd_info *info;
> @@ -1673,6 +1675,7 @@ static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
>  		s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm;
>  
>  	*bb_size = 0;
> +	*bb_end_cmd_offset = 0;
>  
>  	/* get the start gm address of the batch buffer */
>  	gma = get_gma_bb_from_cmd(s, 1);
> @@ -1708,6 +1711,10 @@ static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
>  				/* chained batch buffer */
>  				bb_end = true;
>  		}
> +
> +		if (bb_end)
> +			*bb_end_cmd_offset = *bb_size;
> +
>  		cmd_len = get_cmd_length(info, cmd) << 2;
>  		*bb_size += cmd_len;
>  		gma += cmd_len;
> @@ -1716,12 +1723,36 @@ static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
>  	return 0;
>  }
>  
> +static int audit_bb_end(struct parser_exec_state *s, void *va)
> +{
> +	struct intel_vgpu *vgpu = s->vgpu;
> +	u32 cmd = *(u32 *)va;
> +	const struct cmd_info *info;
> +
> +	info = get_cmd_info(s->vgpu->gvt, cmd, s->ring_id);
> +	if (info == NULL) {
> +		gvt_vgpu_err("unknown cmd 0x%x, opcode=0x%x, addr_type=%s, ring %d, workload=%p\n",
> +			cmd, get_opcode(cmd, s->ring_id),
> +			(s->buf_addr_type == PPGTT_BUFFER) ?
> +			"ppgtt" : "ggtt", s->ring_id, s->workload);
> +		return -EBADRQC;
> +	}
> +
> +	if ((info->opcode == OP_MI_BATCH_BUFFER_END) ||
> +	    ((info->opcode == OP_MI_BATCH_BUFFER_START) &&
> +	     (BATCH_BUFFER_2ND_LEVEL_BIT(cmd) == 0)))
> +		return 0;
> +
> +	return -EBADRQC;
> +}
> +
>  static int perform_bb_shadow(struct parser_exec_state *s)
>  {
>  	struct intel_vgpu *vgpu = s->vgpu;
>  	struct intel_vgpu_shadow_bb *bb;
>  	unsigned long gma = 0;
>  	unsigned long bb_size;
> +	unsigned long bb_end_cmd_offset;
>  	int ret = 0;
>  	struct intel_vgpu_mm *mm = (s->buf_addr_type == GTT_BUFFER) ?
>  		s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm;
> @@ -1732,7 +1763,7 @@ static int perform_bb_shadow(struct parser_exec_state *s)
>  	if (gma == INTEL_GVT_INVALID_ADDR)
>  		return -EFAULT;
>  
> -	ret = find_bb_size(s, &bb_size);
> +	ret = find_bb_size(s, &bb_size, &bb_end_cmd_offset);
>  	if (ret)
>  		return ret;
>  
> @@ -1788,6 +1819,10 @@ static int perform_bb_shadow(struct parser_exec_state *s)
>  		goto err_unmap;
>  	}
>  
> +	ret = audit_bb_end(s, bb->va + start_offset + bb_end_cmd_offset);
> +	if (ret)
> +		goto err_unmap;
> +
>  	INIT_LIST_HEAD(&bb->list);
>  	list_add(&bb->list, &s->workload->shadow_bb);
>  
> -- 
> 2.17.1
> 
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev