1 /*
2  * Copyright 2014 Advanced Micro Devices, Inc.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining a
5  * copy of this software and associated documentation files (the "Software"),
6  * to deal in the Software without restriction, including without limitation
7  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8  * and/or sell copies of the Software, and to permit persons to whom the
9  * Software is furnished to do so, subject to the following conditions:
10  *
11  * The above copyright notice and this permission notice shall be included in
12  * all copies or substantial portions of the Software.
13  *
14  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
17  * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
18  * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20  * OTHER DEALINGS IN THE SOFTWARE.
21  */
22 
23 #include <linux/mm_types.h>
24 #include <linux/slab.h>
25 #include <linux/types.h>
26 #include <linux/sched/signal.h>
27 #include <linux/sched/mm.h>
28 #include <linux/uaccess.h>
29 #include <linux/mman.h>
30 #include <linux/memory.h>
31 #include "kfd_priv.h"
32 #include "kfd_events.h"
33 #include "kfd_iommu.h"
34 #include <linux/device.h>
35 
36 /*
37  * Wrapper around wait_queue_entry_t
38  */
39 struct kfd_event_waiter {
40 	wait_queue_entry_t wait;
41 	struct kfd_event *event; /* Event to wait for */
42 	bool activated;		 /* Becomes true when event is signaled */
43 };
44 
45 /*
46  * Each signal event needs a 64-bit signal slot where the signaler will write
47  * a 1 before sending an interrupt. (This is needed because some interrupts
48  * do not contain enough spare data bits to identify an event.)
49  * We get whole pages and map them to the process VA.
50  * Individual signal events use their event_id as slot index.
51  */
52 struct kfd_signal_page {
53 	uint64_t *kernel_address;
54 	uint64_t __user *user_address;
55 	bool need_to_free_pages;
56 };
57 
58 
59 static uint64_t *page_slots(struct kfd_signal_page *page)
60 {
61 	return page->kernel_address;
62 }
63 
64 static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p)
65 {
66 	void *backing_store;
67 	struct kfd_signal_page *page;
68 
69 	page = kzalloc(sizeof(*page), GFP_KERNEL);
70 	if (!page)
71 		return NULL;
72 
73 	backing_store = (void *) __get_free_pages(GFP_KERNEL,
74 					get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
75 	if (!backing_store)
76 		goto fail_alloc_signal_store;
77 
78 	/* Initialize all events to unsignaled */
79 	memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT,
80 	       KFD_SIGNAL_EVENT_LIMIT * 8);
81 
82 	page->kernel_address = backing_store;
83 	page->need_to_free_pages = true;
84 	pr_debug("Allocated new event signal page at %p, for process %p\n",
85 			page, p);
86 
87 	return page;
88 
89 fail_alloc_signal_store:
90 	kfree(page);
91 	return NULL;
92 }
93 
94 static int allocate_event_notification_slot(struct kfd_process *p,
95 					    struct kfd_event *ev)
96 {
97 	int id;
98 
99 	if (!p->signal_page) {
100 		p->signal_page = allocate_signal_page(p);
101 		if (!p->signal_page)
102 			return -ENOMEM;
103 		/* Oldest user mode expects 256 event slots */
104 		p->signal_mapped_size = 256*8;
105 	}
106 
107 	/*
108 	 * Compatibility with old user mode: Only use signal slots
109 	 * user mode has mapped, may be less than
110 	 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase
111 	 * of the event limit without breaking user mode.
112 	 */
113 	id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8,
114 		       GFP_KERNEL);
115 	if (id < 0)
116 		return id;
117 
118 	ev->event_id = id;
119 	page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT;
120 
121 	return 0;
122 }
123 
124 /*
125  * Assumes that p->event_mutex is held and of course that p is not going
126  * away (current or locked).
127  */
128 static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id)
129 {
130 	return idr_find(&p->event_idr, id);
131 }
132 
133 /**
134  * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID
135  * @p:     Pointer to struct kfd_process
136  * @id:    ID to look up
137  * @bits:  Number of valid bits in @id
138  *
139  * Finds the first signaled event with a matching partial ID. If no
140  * matching signaled event is found, returns NULL. In that case the
141  * caller should assume that the partial ID is invalid and do an
142  * exhaustive search of all siglaned events.
143  *
144  * If multiple events with the same partial ID signal at the same
145  * time, they will be found one interrupt at a time, not necessarily
146  * in the same order the interrupts occurred. As long as the number of
147  * interrupts is correct, all signaled events will be seen by the
148  * driver.
149  */
150 static struct kfd_event *lookup_signaled_event_by_partial_id(
151 	struct kfd_process *p, uint32_t id, uint32_t bits)
152 {
153 	struct kfd_event *ev;
154 
155 	if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT)
156 		return NULL;
157 
158 	/* Fast path for the common case that @id is not a partial ID
159 	 * and we only need a single lookup.
160 	 */
161 	if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) {
162 		if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
163 			return NULL;
164 
165 		return idr_find(&p->event_idr, id);
166 	}
167 
168 	/* General case for partial IDs: Iterate over all matching IDs
169 	 * and find the first one that has signaled.
170 	 */
171 	for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) {
172 		if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
173 			continue;
174 
175 		ev = idr_find(&p->event_idr, id);
176 	}
177 
178 	return ev;
179 }
180 
181 static int create_signal_event(struct file *devkfd,
182 				struct kfd_process *p,
183 				struct kfd_event *ev)
184 {
185 	int ret;
186 
187 	if (p->signal_mapped_size &&
188 	    p->signal_event_count == p->signal_mapped_size / 8) {
189 		if (!p->signal_event_limit_reached) {
190 			pr_debug("Signal event wasn't created because limit was reached\n");
191 			p->signal_event_limit_reached = true;
192 		}
193 		return -ENOSPC;
194 	}
195 
196 	ret = allocate_event_notification_slot(p, ev);
197 	if (ret) {
198 		pr_warn("Signal event wasn't created because out of kernel memory\n");
199 		return ret;
200 	}
201 
202 	p->signal_event_count++;
203 
204 	ev->user_signal_address = &p->signal_page->user_address[ev->event_id];
205 	pr_debug("Signal event number %zu created with id %d, address %p\n",
206 			p->signal_event_count, ev->event_id,
207 			ev->user_signal_address);
208 
209 	return 0;
210 }
211 
212 static int create_other_event(struct kfd_process *p, struct kfd_event *ev)
213 {
214 	/* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an
215 	 * intentional integer overflow to -1 without a compiler
216 	 * warning. idr_alloc treats a negative value as "maximum
217 	 * signed integer".
218 	 */
219 	int id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID,
220 			   (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1,
221 			   GFP_KERNEL);
222 
223 	if (id < 0)
224 		return id;
225 	ev->event_id = id;
226 
227 	return 0;
228 }
229 
230 void kfd_event_init_process(struct kfd_process *p)
231 {
232 	mutex_init(&p->event_mutex);
233 	idr_init(&p->event_idr);
234 	p->signal_page = NULL;
235 	p->signal_event_count = 0;
236 }
237 
238 static void destroy_event(struct kfd_process *p, struct kfd_event *ev)
239 {
240 	struct kfd_event_waiter *waiter;
241 
242 	/* Wake up pending waiters. They will return failure */
243 	list_for_each_entry(waiter, &ev->wq.head, wait.entry)
244 		waiter->event = NULL;
245 	wake_up_all(&ev->wq);
246 
247 	if (ev->type == KFD_EVENT_TYPE_SIGNAL ||
248 	    ev->type == KFD_EVENT_TYPE_DEBUG)
249 		p->signal_event_count--;
250 
251 	idr_remove(&p->event_idr, ev->event_id);
252 	kfree(ev);
253 }
254 
255 static void destroy_events(struct kfd_process *p)
256 {
257 	struct kfd_event *ev;
258 	uint32_t id;
259 
260 	idr_for_each_entry(&p->event_idr, ev, id)
261 		destroy_event(p, ev);
262 	idr_destroy(&p->event_idr);
263 }
264 
265 /*
266  * We assume that the process is being destroyed and there is no need to
267  * unmap the pages or keep bookkeeping data in order.
268  */
269 static void shutdown_signal_page(struct kfd_process *p)
270 {
271 	struct kfd_signal_page *page = p->signal_page;
272 
273 	if (page) {
274 		if (page->need_to_free_pages)
275 			free_pages((unsigned long)page->kernel_address,
276 				   get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
277 		kfree(page);
278 	}
279 }
280 
281 void kfd_event_free_process(struct kfd_process *p)
282 {
283 	destroy_events(p);
284 	shutdown_signal_page(p);
285 }
286 
287 static bool event_can_be_gpu_signaled(const struct kfd_event *ev)
288 {
289 	return ev->type == KFD_EVENT_TYPE_SIGNAL ||
290 					ev->type == KFD_EVENT_TYPE_DEBUG;
291 }
292 
293 static bool event_can_be_cpu_signaled(const struct kfd_event *ev)
294 {
295 	return ev->type == KFD_EVENT_TYPE_SIGNAL;
296 }
297 
298 int kfd_event_page_set(struct kfd_process *p, void *kernel_address,
299 		       uint64_t size)
300 {
301 	struct kfd_signal_page *page;
302 
303 	if (p->signal_page)
304 		return -EBUSY;
305 
306 	page = kzalloc(sizeof(*page), GFP_KERNEL);
307 	if (!page)
308 		return -ENOMEM;
309 
310 	/* Initialize all events to unsignaled */
311 	memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT,
312 	       KFD_SIGNAL_EVENT_LIMIT * 8);
313 
314 	page->kernel_address = kernel_address;
315 
316 	p->signal_page = page;
317 	p->signal_mapped_size = size;
318 
319 	return 0;
320 }
321 
322 int kfd_event_create(struct file *devkfd, struct kfd_process *p,
323 		     uint32_t event_type, bool auto_reset, uint32_t node_id,
324 		     uint32_t *event_id, uint32_t *event_trigger_data,
325 		     uint64_t *event_page_offset, uint32_t *event_slot_index)
326 {
327 	int ret = 0;
328 	struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL);
329 
330 	if (!ev)
331 		return -ENOMEM;
332 
333 	ev->type = event_type;
334 	ev->auto_reset = auto_reset;
335 	ev->signaled = false;
336 
337 	init_waitqueue_head(&ev->wq);
338 
339 	*event_page_offset = 0;
340 
341 	mutex_lock(&p->event_mutex);
342 
343 	switch (event_type) {
344 	case KFD_EVENT_TYPE_SIGNAL:
345 	case KFD_EVENT_TYPE_DEBUG:
346 		ret = create_signal_event(devkfd, p, ev);
347 		if (!ret) {
348 			*event_page_offset = KFD_MMAP_TYPE_EVENTS;
349 			*event_slot_index = ev->event_id;
350 		}
351 		break;
352 	default:
353 		ret = create_other_event(p, ev);
354 		break;
355 	}
356 
357 	if (!ret) {
358 		*event_id = ev->event_id;
359 		*event_trigger_data = ev->event_id;
360 	} else {
361 		kfree(ev);
362 	}
363 
364 	mutex_unlock(&p->event_mutex);
365 
366 	return ret;
367 }
368 
369 /* Assumes that p is current. */
370 int kfd_event_destroy(struct kfd_process *p, uint32_t event_id)
371 {
372 	struct kfd_event *ev;
373 	int ret = 0;
374 
375 	mutex_lock(&p->event_mutex);
376 
377 	ev = lookup_event_by_id(p, event_id);
378 
379 	if (ev)
380 		destroy_event(p, ev);
381 	else
382 		ret = -EINVAL;
383 
384 	mutex_unlock(&p->event_mutex);
385 	return ret;
386 }
387 
388 static void set_event(struct kfd_event *ev)
389 {
390 	struct kfd_event_waiter *waiter;
391 
392 	/* Auto reset if the list is non-empty and we're waking
393 	 * someone. waitqueue_active is safe here because we're
394 	 * protected by the p->event_mutex, which is also held when
395 	 * updating the wait queues in kfd_wait_on_events.
396 	 */
397 	ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq);
398 
399 	list_for_each_entry(waiter, &ev->wq.head, wait.entry)
400 		waiter->activated = true;
401 
402 	wake_up_all(&ev->wq);
403 }
404 
405 /* Assumes that p is current. */
406 int kfd_set_event(struct kfd_process *p, uint32_t event_id)
407 {
408 	int ret = 0;
409 	struct kfd_event *ev;
410 
411 	mutex_lock(&p->event_mutex);
412 
413 	ev = lookup_event_by_id(p, event_id);
414 
415 	if (ev && event_can_be_cpu_signaled(ev))
416 		set_event(ev);
417 	else
418 		ret = -EINVAL;
419 
420 	mutex_unlock(&p->event_mutex);
421 	return ret;
422 }
423 
424 static void reset_event(struct kfd_event *ev)
425 {
426 	ev->signaled = false;
427 }
428 
429 /* Assumes that p is current. */
430 int kfd_reset_event(struct kfd_process *p, uint32_t event_id)
431 {
432 	int ret = 0;
433 	struct kfd_event *ev;
434 
435 	mutex_lock(&p->event_mutex);
436 
437 	ev = lookup_event_by_id(p, event_id);
438 
439 	if (ev && event_can_be_cpu_signaled(ev))
440 		reset_event(ev);
441 	else
442 		ret = -EINVAL;
443 
444 	mutex_unlock(&p->event_mutex);
445 	return ret;
446 
447 }
448 
449 static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev)
450 {
451 	page_slots(p->signal_page)[ev->event_id] = UNSIGNALED_EVENT_SLOT;
452 }
453 
454 static void set_event_from_interrupt(struct kfd_process *p,
455 					struct kfd_event *ev)
456 {
457 	if (ev && event_can_be_gpu_signaled(ev)) {
458 		acknowledge_signal(p, ev);
459 		set_event(ev);
460 	}
461 }
462 
463 void kfd_signal_event_interrupt(u32 pasid, uint32_t partial_id,
464 				uint32_t valid_id_bits)
465 {
466 	struct kfd_event *ev = NULL;
467 
468 	/*
469 	 * Because we are called from arbitrary context (workqueue) as opposed
470 	 * to process context, kfd_process could attempt to exit while we are
471 	 * running so the lookup function increments the process ref count.
472 	 */
473 	struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
474 
475 	if (!p)
476 		return; /* Presumably process exited. */
477 
478 	mutex_lock(&p->event_mutex);
479 
480 	if (valid_id_bits)
481 		ev = lookup_signaled_event_by_partial_id(p, partial_id,
482 							 valid_id_bits);
483 	if (ev) {
484 		set_event_from_interrupt(p, ev);
485 	} else if (p->signal_page) {
486 		/*
487 		 * Partial ID lookup failed. Assume that the event ID
488 		 * in the interrupt payload was invalid and do an
489 		 * exhaustive search of signaled events.
490 		 */
491 		uint64_t *slots = page_slots(p->signal_page);
492 		uint32_t id;
493 
494 		if (valid_id_bits)
495 			pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n",
496 					     partial_id, valid_id_bits);
497 
498 		if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT / 64) {
499 			/* With relatively few events, it's faster to
500 			 * iterate over the event IDR
501 			 */
502 			idr_for_each_entry(&p->event_idr, ev, id) {
503 				if (id >= KFD_SIGNAL_EVENT_LIMIT)
504 					break;
505 
506 				if (slots[id] != UNSIGNALED_EVENT_SLOT)
507 					set_event_from_interrupt(p, ev);
508 			}
509 		} else {
510 			/* With relatively many events, it's faster to
511 			 * iterate over the signal slots and lookup
512 			 * only signaled events from the IDR.
513 			 */
514 			for (id = 0; id < KFD_SIGNAL_EVENT_LIMIT; id++)
515 				if (slots[id] != UNSIGNALED_EVENT_SLOT) {
516 					ev = lookup_event_by_id(p, id);
517 					set_event_from_interrupt(p, ev);
518 				}
519 		}
520 	}
521 
522 	mutex_unlock(&p->event_mutex);
523 	kfd_unref_process(p);
524 }
525 
526 static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events)
527 {
528 	struct kfd_event_waiter *event_waiters;
529 	uint32_t i;
530 
531 	event_waiters = kmalloc_array(num_events,
532 					sizeof(struct kfd_event_waiter),
533 					GFP_KERNEL);
534 
535 	for (i = 0; (event_waiters) && (i < num_events) ; i++) {
536 		init_wait(&event_waiters[i].wait);
537 		event_waiters[i].activated = false;
538 	}
539 
540 	return event_waiters;
541 }
542 
543 static int init_event_waiter_get_status(struct kfd_process *p,
544 		struct kfd_event_waiter *waiter,
545 		uint32_t event_id)
546 {
547 	struct kfd_event *ev = lookup_event_by_id(p, event_id);
548 
549 	if (!ev)
550 		return -EINVAL;
551 
552 	waiter->event = ev;
553 	waiter->activated = ev->signaled;
554 	ev->signaled = ev->signaled && !ev->auto_reset;
555 
556 	return 0;
557 }
558 
559 static void init_event_waiter_add_to_waitlist(struct kfd_event_waiter *waiter)
560 {
561 	struct kfd_event *ev = waiter->event;
562 
563 	/* Only add to the wait list if we actually need to
564 	 * wait on this event.
565 	 */
566 	if (!waiter->activated)
567 		add_wait_queue(&ev->wq, &waiter->wait);
568 }
569 
570 /* test_event_condition - Test condition of events being waited for
571  * @all:           Return completion only if all events have signaled
572  * @num_events:    Number of events to wait for
573  * @event_waiters: Array of event waiters, one per event
574  *
575  * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have
576  * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all)
577  * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of
578  * the events have been destroyed.
579  */
580 static uint32_t test_event_condition(bool all, uint32_t num_events,
581 				struct kfd_event_waiter *event_waiters)
582 {
583 	uint32_t i;
584 	uint32_t activated_count = 0;
585 
586 	for (i = 0; i < num_events; i++) {
587 		if (!event_waiters[i].event)
588 			return KFD_IOC_WAIT_RESULT_FAIL;
589 
590 		if (event_waiters[i].activated) {
591 			if (!all)
592 				return KFD_IOC_WAIT_RESULT_COMPLETE;
593 
594 			activated_count++;
595 		}
596 	}
597 
598 	return activated_count == num_events ?
599 		KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT;
600 }
601 
602 /*
603  * Copy event specific data, if defined.
604  * Currently only memory exception events have additional data to copy to user
605  */
606 static int copy_signaled_event_data(uint32_t num_events,
607 		struct kfd_event_waiter *event_waiters,
608 		struct kfd_event_data __user *data)
609 {
610 	struct kfd_hsa_memory_exception_data *src;
611 	struct kfd_hsa_memory_exception_data __user *dst;
612 	struct kfd_event_waiter *waiter;
613 	struct kfd_event *event;
614 	uint32_t i;
615 
616 	for (i = 0; i < num_events; i++) {
617 		waiter = &event_waiters[i];
618 		event = waiter->event;
619 		if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) {
620 			dst = &data[i].memory_exception_data;
621 			src = &event->memory_exception_data;
622 			if (copy_to_user(dst, src,
623 				sizeof(struct kfd_hsa_memory_exception_data)))
624 				return -EFAULT;
625 		}
626 	}
627 
628 	return 0;
629 
630 }
631 
632 
633 
634 static long user_timeout_to_jiffies(uint32_t user_timeout_ms)
635 {
636 	if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE)
637 		return 0;
638 
639 	if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE)
640 		return MAX_SCHEDULE_TIMEOUT;
641 
642 	/*
643 	 * msecs_to_jiffies interprets all values above 2^31-1 as infinite,
644 	 * but we consider them finite.
645 	 * This hack is wrong, but nobody is likely to notice.
646 	 */
647 	user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF);
648 
649 	return msecs_to_jiffies(user_timeout_ms) + 1;
650 }
651 
652 static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters)
653 {
654 	uint32_t i;
655 
656 	for (i = 0; i < num_events; i++)
657 		if (waiters[i].event)
658 			remove_wait_queue(&waiters[i].event->wq,
659 					  &waiters[i].wait);
660 
661 	kfree(waiters);
662 }
663 
664 int kfd_wait_on_events(struct kfd_process *p,
665 		       uint32_t num_events, void __user *data,
666 		       bool all, uint32_t user_timeout_ms,
667 		       uint32_t *wait_result)
668 {
669 	struct kfd_event_data __user *events =
670 			(struct kfd_event_data __user *) data;
671 	uint32_t i;
672 	int ret = 0;
673 
674 	struct kfd_event_waiter *event_waiters = NULL;
675 	long timeout = user_timeout_to_jiffies(user_timeout_ms);
676 
677 	event_waiters = alloc_event_waiters(num_events);
678 	if (!event_waiters) {
679 		ret = -ENOMEM;
680 		goto out;
681 	}
682 
683 	mutex_lock(&p->event_mutex);
684 
685 	for (i = 0; i < num_events; i++) {
686 		struct kfd_event_data event_data;
687 
688 		if (copy_from_user(&event_data, &events[i],
689 				sizeof(struct kfd_event_data))) {
690 			ret = -EFAULT;
691 			goto out_unlock;
692 		}
693 
694 		ret = init_event_waiter_get_status(p, &event_waiters[i],
695 				event_data.event_id);
696 		if (ret)
697 			goto out_unlock;
698 	}
699 
700 	/* Check condition once. */
701 	*wait_result = test_event_condition(all, num_events, event_waiters);
702 	if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) {
703 		ret = copy_signaled_event_data(num_events,
704 					       event_waiters, events);
705 		goto out_unlock;
706 	} else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) {
707 		/* This should not happen. Events shouldn't be
708 		 * destroyed while we're holding the event_mutex
709 		 */
710 		goto out_unlock;
711 	}
712 
713 	/* Add to wait lists if we need to wait. */
714 	for (i = 0; i < num_events; i++)
715 		init_event_waiter_add_to_waitlist(&event_waiters[i]);
716 
717 	mutex_unlock(&p->event_mutex);
718 
719 	while (true) {
720 		if (fatal_signal_pending(current)) {
721 			ret = -EINTR;
722 			break;
723 		}
724 
725 		if (signal_pending(current)) {
726 			/*
727 			 * This is wrong when a nonzero, non-infinite timeout
728 			 * is specified. We need to use
729 			 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block
730 			 * contains a union with data for each user and it's
731 			 * in generic kernel code that I don't want to
732 			 * touch yet.
733 			 */
734 			ret = -ERESTARTSYS;
735 			break;
736 		}
737 
738 		/* Set task state to interruptible sleep before
739 		 * checking wake-up conditions. A concurrent wake-up
740 		 * will put the task back into runnable state. In that
741 		 * case schedule_timeout will not put the task to
742 		 * sleep and we'll get a chance to re-check the
743 		 * updated conditions almost immediately. Otherwise,
744 		 * this race condition would lead to a soft hang or a
745 		 * very long sleep.
746 		 */
747 		set_current_state(TASK_INTERRUPTIBLE);
748 
749 		*wait_result = test_event_condition(all, num_events,
750 						    event_waiters);
751 		if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT)
752 			break;
753 
754 		if (timeout <= 0)
755 			break;
756 
757 		timeout = schedule_timeout(timeout);
758 	}
759 	__set_current_state(TASK_RUNNING);
760 
761 	/* copy_signaled_event_data may sleep. So this has to happen
762 	 * after the task state is set back to RUNNING.
763 	 */
764 	if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE)
765 		ret = copy_signaled_event_data(num_events,
766 					       event_waiters, events);
767 
768 	mutex_lock(&p->event_mutex);
769 out_unlock:
770 	free_waiters(num_events, event_waiters);
771 	mutex_unlock(&p->event_mutex);
772 out:
773 	if (ret)
774 		*wait_result = KFD_IOC_WAIT_RESULT_FAIL;
775 	else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL)
776 		ret = -EIO;
777 
778 	return ret;
779 }
780 
781 int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma)
782 {
783 	unsigned long pfn;
784 	struct kfd_signal_page *page;
785 	int ret;
786 
787 	/* check required size doesn't exceed the allocated size */
788 	if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) <
789 			get_order(vma->vm_end - vma->vm_start)) {
790 		pr_err("Event page mmap requested illegal size\n");
791 		return -EINVAL;
792 	}
793 
794 	page = p->signal_page;
795 	if (!page) {
796 		/* Probably KFD bug, but mmap is user-accessible. */
797 		pr_debug("Signal page could not be found\n");
798 		return -EINVAL;
799 	}
800 
801 	pfn = __pa(page->kernel_address);
802 	pfn >>= PAGE_SHIFT;
803 
804 	vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE
805 		       | VM_DONTDUMP | VM_PFNMAP;
806 
807 	pr_debug("Mapping signal page\n");
808 	pr_debug("     start user address  == 0x%08lx\n", vma->vm_start);
809 	pr_debug("     end user address    == 0x%08lx\n", vma->vm_end);
810 	pr_debug("     pfn                 == 0x%016lX\n", pfn);
811 	pr_debug("     vm_flags            == 0x%08lX\n", vma->vm_flags);
812 	pr_debug("     size                == 0x%08lX\n",
813 			vma->vm_end - vma->vm_start);
814 
815 	page->user_address = (uint64_t __user *)vma->vm_start;
816 
817 	/* mapping the page to user process */
818 	ret = remap_pfn_range(vma, vma->vm_start, pfn,
819 			vma->vm_end - vma->vm_start, vma->vm_page_prot);
820 	if (!ret)
821 		p->signal_mapped_size = vma->vm_end - vma->vm_start;
822 
823 	return ret;
824 }
825 
826 /*
827  * Assumes that p->event_mutex is held and of course
828  * that p is not going away (current or locked).
829  */
830 static void lookup_events_by_type_and_signal(struct kfd_process *p,
831 		int type, void *event_data)
832 {
833 	struct kfd_hsa_memory_exception_data *ev_data;
834 	struct kfd_event *ev;
835 	uint32_t id;
836 	bool send_signal = true;
837 
838 	ev_data = (struct kfd_hsa_memory_exception_data *) event_data;
839 
840 	id = KFD_FIRST_NONSIGNAL_EVENT_ID;
841 	idr_for_each_entry_continue(&p->event_idr, ev, id)
842 		if (ev->type == type) {
843 			send_signal = false;
844 			dev_dbg(kfd_device,
845 					"Event found: id %X type %d",
846 					ev->event_id, ev->type);
847 			set_event(ev);
848 			if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data)
849 				ev->memory_exception_data = *ev_data;
850 		}
851 
852 	if (type == KFD_EVENT_TYPE_MEMORY) {
853 		dev_warn(kfd_device,
854 			"Sending SIGSEGV to process %d (pasid 0x%x)",
855 				p->lead_thread->pid, p->pasid);
856 		send_sig(SIGSEGV, p->lead_thread, 0);
857 	}
858 
859 	/* Send SIGTERM no event of type "type" has been found*/
860 	if (send_signal) {
861 		if (send_sigterm) {
862 			dev_warn(kfd_device,
863 				"Sending SIGTERM to process %d (pasid 0x%x)",
864 					p->lead_thread->pid, p->pasid);
865 			send_sig(SIGTERM, p->lead_thread, 0);
866 		} else {
867 			dev_err(kfd_device,
868 				"Process %d (pasid 0x%x) got unhandled exception",
869 				p->lead_thread->pid, p->pasid);
870 		}
871 	}
872 }
873 
874 #ifdef KFD_SUPPORT_IOMMU_V2
875 void kfd_signal_iommu_event(struct kfd_dev *dev, u32 pasid,
876 		unsigned long address, bool is_write_requested,
877 		bool is_execute_requested)
878 {
879 	struct kfd_hsa_memory_exception_data memory_exception_data;
880 	struct vm_area_struct *vma;
881 
882 	/*
883 	 * Because we are called from arbitrary context (workqueue) as opposed
884 	 * to process context, kfd_process could attempt to exit while we are
885 	 * running so the lookup function increments the process ref count.
886 	 */
887 	struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
888 	struct mm_struct *mm;
889 
890 	if (!p)
891 		return; /* Presumably process exited. */
892 
893 	/* Take a safe reference to the mm_struct, which may otherwise
894 	 * disappear even while the kfd_process is still referenced.
895 	 */
896 	mm = get_task_mm(p->lead_thread);
897 	if (!mm) {
898 		kfd_unref_process(p);
899 		return; /* Process is exiting */
900 	}
901 
902 	memset(&memory_exception_data, 0, sizeof(memory_exception_data));
903 
904 	mmap_read_lock(mm);
905 	vma = find_vma(mm, address);
906 
907 	memory_exception_data.gpu_id = dev->id;
908 	memory_exception_data.va = address;
909 	/* Set failure reason */
910 	memory_exception_data.failure.NotPresent = 1;
911 	memory_exception_data.failure.NoExecute = 0;
912 	memory_exception_data.failure.ReadOnly = 0;
913 	if (vma && address >= vma->vm_start) {
914 		memory_exception_data.failure.NotPresent = 0;
915 
916 		if (is_write_requested && !(vma->vm_flags & VM_WRITE))
917 			memory_exception_data.failure.ReadOnly = 1;
918 		else
919 			memory_exception_data.failure.ReadOnly = 0;
920 
921 		if (is_execute_requested && !(vma->vm_flags & VM_EXEC))
922 			memory_exception_data.failure.NoExecute = 1;
923 		else
924 			memory_exception_data.failure.NoExecute = 0;
925 	}
926 
927 	mmap_read_unlock(mm);
928 	mmput(mm);
929 
930 	pr_debug("notpresent %d, noexecute %d, readonly %d\n",
931 			memory_exception_data.failure.NotPresent,
932 			memory_exception_data.failure.NoExecute,
933 			memory_exception_data.failure.ReadOnly);
934 
935 	/* Workaround on Raven to not kill the process when memory is freed
936 	 * before IOMMU is able to finish processing all the excessive PPRs
937 	 */
938 	if (dev->device_info->asic_family != CHIP_RAVEN &&
939 	    dev->device_info->asic_family != CHIP_RENOIR) {
940 		mutex_lock(&p->event_mutex);
941 
942 		/* Lookup events by type and signal them */
943 		lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY,
944 				&memory_exception_data);
945 
946 		mutex_unlock(&p->event_mutex);
947 	}
948 
949 	kfd_unref_process(p);
950 }
951 #endif /* KFD_SUPPORT_IOMMU_V2 */
952 
953 void kfd_signal_hw_exception_event(u32 pasid)
954 {
955 	/*
956 	 * Because we are called from arbitrary context (workqueue) as opposed
957 	 * to process context, kfd_process could attempt to exit while we are
958 	 * running so the lookup function increments the process ref count.
959 	 */
960 	struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
961 
962 	if (!p)
963 		return; /* Presumably process exited. */
964 
965 	mutex_lock(&p->event_mutex);
966 
967 	/* Lookup events by type and signal them */
968 	lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL);
969 
970 	mutex_unlock(&p->event_mutex);
971 	kfd_unref_process(p);
972 }
973 
974 void kfd_signal_vm_fault_event(struct kfd_dev *dev, u32 pasid,
975 				struct kfd_vm_fault_info *info)
976 {
977 	struct kfd_event *ev;
978 	uint32_t id;
979 	struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
980 	struct kfd_hsa_memory_exception_data memory_exception_data;
981 
982 	if (!p)
983 		return; /* Presumably process exited. */
984 	memset(&memory_exception_data, 0, sizeof(memory_exception_data));
985 	memory_exception_data.gpu_id = dev->id;
986 	memory_exception_data.failure.imprecise = true;
987 	/* Set failure reason */
988 	if (info) {
989 		memory_exception_data.va = (info->page_addr) << PAGE_SHIFT;
990 		memory_exception_data.failure.NotPresent =
991 			info->prot_valid ? 1 : 0;
992 		memory_exception_data.failure.NoExecute =
993 			info->prot_exec ? 1 : 0;
994 		memory_exception_data.failure.ReadOnly =
995 			info->prot_write ? 1 : 0;
996 		memory_exception_data.failure.imprecise = 0;
997 	}
998 	mutex_lock(&p->event_mutex);
999 
1000 	id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1001 	idr_for_each_entry_continue(&p->event_idr, ev, id)
1002 		if (ev->type == KFD_EVENT_TYPE_MEMORY) {
1003 			ev->memory_exception_data = memory_exception_data;
1004 			set_event(ev);
1005 		}
1006 
1007 	mutex_unlock(&p->event_mutex);
1008 	kfd_unref_process(p);
1009 }
1010 
1011 void kfd_signal_reset_event(struct kfd_dev *dev)
1012 {
1013 	struct kfd_hsa_hw_exception_data hw_exception_data;
1014 	struct kfd_hsa_memory_exception_data memory_exception_data;
1015 	struct kfd_process *p;
1016 	struct kfd_event *ev;
1017 	unsigned int temp;
1018 	uint32_t id, idx;
1019 	int reset_cause = atomic_read(&dev->sram_ecc_flag) ?
1020 			KFD_HW_EXCEPTION_ECC :
1021 			KFD_HW_EXCEPTION_GPU_HANG;
1022 
1023 	/* Whole gpu reset caused by GPU hang and memory is lost */
1024 	memset(&hw_exception_data, 0, sizeof(hw_exception_data));
1025 	hw_exception_data.gpu_id = dev->id;
1026 	hw_exception_data.memory_lost = 1;
1027 	hw_exception_data.reset_cause = reset_cause;
1028 
1029 	memset(&memory_exception_data, 0, sizeof(memory_exception_data));
1030 	memory_exception_data.ErrorType = KFD_MEM_ERR_SRAM_ECC;
1031 	memory_exception_data.gpu_id = dev->id;
1032 	memory_exception_data.failure.imprecise = true;
1033 
1034 	idx = srcu_read_lock(&kfd_processes_srcu);
1035 	hash_for_each_rcu(kfd_processes_table, temp, p, kfd_processes) {
1036 		mutex_lock(&p->event_mutex);
1037 		id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1038 		idr_for_each_entry_continue(&p->event_idr, ev, id) {
1039 			if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) {
1040 				ev->hw_exception_data = hw_exception_data;
1041 				set_event(ev);
1042 			}
1043 			if (ev->type == KFD_EVENT_TYPE_MEMORY &&
1044 			    reset_cause == KFD_HW_EXCEPTION_ECC) {
1045 				ev->memory_exception_data = memory_exception_data;
1046 				set_event(ev);
1047 			}
1048 		}
1049 		mutex_unlock(&p->event_mutex);
1050 	}
1051 	srcu_read_unlock(&kfd_processes_srcu, idx);
1052 }
1053