1 /* 2 * Copyright 2014 Advanced Micro Devices, Inc. 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining a 5 * copy of this software and associated documentation files (the "Software"), 6 * to deal in the Software without restriction, including without limitation 7 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 * and/or sell copies of the Software, and to permit persons to whom the 9 * Software is furnished to do so, subject to the following conditions: 10 * 11 * The above copyright notice and this permission notice shall be included in 12 * all copies or substantial portions of the Software. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 18 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 20 * OTHER DEALINGS IN THE SOFTWARE. 21 */ 22 23 #include <linux/mm_types.h> 24 #include <linux/slab.h> 25 #include <linux/types.h> 26 #include <linux/sched/signal.h> 27 #include <linux/sched/mm.h> 28 #include <linux/uaccess.h> 29 #include <linux/mman.h> 30 #include <linux/memory.h> 31 #include "kfd_priv.h" 32 #include "kfd_events.h" 33 #include "kfd_iommu.h" 34 #include <linux/device.h> 35 36 /* 37 * Wrapper around wait_queue_entry_t 38 */ 39 struct kfd_event_waiter { 40 wait_queue_entry_t wait; 41 struct kfd_event *event; /* Event to wait for */ 42 bool activated; /* Becomes true when event is signaled */ 43 }; 44 45 /* 46 * Each signal event needs a 64-bit signal slot where the signaler will write 47 * a 1 before sending an interrupt. (This is needed because some interrupts 48 * do not contain enough spare data bits to identify an event.) 49 * We get whole pages and map them to the process VA. 50 * Individual signal events use their event_id as slot index. 51 */ 52 struct kfd_signal_page { 53 uint64_t *kernel_address; 54 uint64_t __user *user_address; 55 }; 56 57 58 static uint64_t *page_slots(struct kfd_signal_page *page) 59 { 60 return page->kernel_address; 61 } 62 63 static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p) 64 { 65 void *backing_store; 66 struct kfd_signal_page *page; 67 68 page = kzalloc(sizeof(*page), GFP_KERNEL); 69 if (!page) 70 return NULL; 71 72 backing_store = (void *) __get_free_pages(GFP_KERNEL, 73 get_order(KFD_SIGNAL_EVENT_LIMIT * 8)); 74 if (!backing_store) 75 goto fail_alloc_signal_store; 76 77 /* Initialize all events to unsignaled */ 78 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT, 79 KFD_SIGNAL_EVENT_LIMIT * 8); 80 81 page->kernel_address = backing_store; 82 pr_debug("Allocated new event signal page at %p, for process %p\n", 83 page, p); 84 85 return page; 86 87 fail_alloc_signal_store: 88 kfree(page); 89 return NULL; 90 } 91 92 static int allocate_event_notification_slot(struct kfd_process *p, 93 struct kfd_event *ev) 94 { 95 int id; 96 97 if (!p->signal_page) { 98 p->signal_page = allocate_signal_page(p); 99 if (!p->signal_page) 100 return -ENOMEM; 101 /* Oldest user mode expects 256 event slots */ 102 p->signal_mapped_size = 256*8; 103 } 104 105 /* 106 * Compatibility with old user mode: Only use signal slots 107 * user mode has mapped, may be less than 108 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase 109 * of the event limit without breaking user mode. 110 */ 111 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8, 112 GFP_KERNEL); 113 if (id < 0) 114 return id; 115 116 ev->event_id = id; 117 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT; 118 119 return 0; 120 } 121 122 /* 123 * Assumes that p->event_mutex is held and of course that p is not going 124 * away (current or locked). 125 */ 126 static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id) 127 { 128 return idr_find(&p->event_idr, id); 129 } 130 131 /** 132 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID 133 * @p: Pointer to struct kfd_process 134 * @id: ID to look up 135 * @bits: Number of valid bits in @id 136 * 137 * Finds the first signaled event with a matching partial ID. If no 138 * matching signaled event is found, returns NULL. In that case the 139 * caller should assume that the partial ID is invalid and do an 140 * exhaustive search of all siglaned events. 141 * 142 * If multiple events with the same partial ID signal at the same 143 * time, they will be found one interrupt at a time, not necessarily 144 * in the same order the interrupts occurred. As long as the number of 145 * interrupts is correct, all signaled events will be seen by the 146 * driver. 147 */ 148 static struct kfd_event *lookup_signaled_event_by_partial_id( 149 struct kfd_process *p, uint32_t id, uint32_t bits) 150 { 151 struct kfd_event *ev; 152 153 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT) 154 return NULL; 155 156 /* Fast path for the common case that @id is not a partial ID 157 * and we only need a single lookup. 158 */ 159 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) { 160 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT) 161 return NULL; 162 163 return idr_find(&p->event_idr, id); 164 } 165 166 /* General case for partial IDs: Iterate over all matching IDs 167 * and find the first one that has signaled. 168 */ 169 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) { 170 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT) 171 continue; 172 173 ev = idr_find(&p->event_idr, id); 174 } 175 176 return ev; 177 } 178 179 static int create_signal_event(struct file *devkfd, 180 struct kfd_process *p, 181 struct kfd_event *ev) 182 { 183 int ret; 184 185 if (p->signal_mapped_size && 186 p->signal_event_count == p->signal_mapped_size / 8) { 187 if (!p->signal_event_limit_reached) { 188 pr_warn("Signal event wasn't created because limit was reached\n"); 189 p->signal_event_limit_reached = true; 190 } 191 return -ENOSPC; 192 } 193 194 ret = allocate_event_notification_slot(p, ev); 195 if (ret) { 196 pr_warn("Signal event wasn't created because out of kernel memory\n"); 197 return ret; 198 } 199 200 p->signal_event_count++; 201 202 ev->user_signal_address = &p->signal_page->user_address[ev->event_id]; 203 pr_debug("Signal event number %zu created with id %d, address %p\n", 204 p->signal_event_count, ev->event_id, 205 ev->user_signal_address); 206 207 return 0; 208 } 209 210 static int create_other_event(struct kfd_process *p, struct kfd_event *ev) 211 { 212 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an 213 * intentional integer overflow to -1 without a compiler 214 * warning. idr_alloc treats a negative value as "maximum 215 * signed integer". 216 */ 217 int id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID, 218 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1, 219 GFP_KERNEL); 220 221 if (id < 0) 222 return id; 223 ev->event_id = id; 224 225 return 0; 226 } 227 228 void kfd_event_init_process(struct kfd_process *p) 229 { 230 mutex_init(&p->event_mutex); 231 idr_init(&p->event_idr); 232 p->signal_page = NULL; 233 p->signal_event_count = 0; 234 } 235 236 static void destroy_event(struct kfd_process *p, struct kfd_event *ev) 237 { 238 struct kfd_event_waiter *waiter; 239 240 /* Wake up pending waiters. They will return failure */ 241 list_for_each_entry(waiter, &ev->wq.head, wait.entry) 242 waiter->event = NULL; 243 wake_up_all(&ev->wq); 244 245 if (ev->type == KFD_EVENT_TYPE_SIGNAL || 246 ev->type == KFD_EVENT_TYPE_DEBUG) 247 p->signal_event_count--; 248 249 idr_remove(&p->event_idr, ev->event_id); 250 kfree(ev); 251 } 252 253 static void destroy_events(struct kfd_process *p) 254 { 255 struct kfd_event *ev; 256 uint32_t id; 257 258 idr_for_each_entry(&p->event_idr, ev, id) 259 destroy_event(p, ev); 260 idr_destroy(&p->event_idr); 261 } 262 263 /* 264 * We assume that the process is being destroyed and there is no need to 265 * unmap the pages or keep bookkeeping data in order. 266 */ 267 static void shutdown_signal_page(struct kfd_process *p) 268 { 269 struct kfd_signal_page *page = p->signal_page; 270 271 if (page) { 272 free_pages((unsigned long)page->kernel_address, 273 get_order(KFD_SIGNAL_EVENT_LIMIT * 8)); 274 kfree(page); 275 } 276 } 277 278 void kfd_event_free_process(struct kfd_process *p) 279 { 280 destroy_events(p); 281 shutdown_signal_page(p); 282 } 283 284 static bool event_can_be_gpu_signaled(const struct kfd_event *ev) 285 { 286 return ev->type == KFD_EVENT_TYPE_SIGNAL || 287 ev->type == KFD_EVENT_TYPE_DEBUG; 288 } 289 290 static bool event_can_be_cpu_signaled(const struct kfd_event *ev) 291 { 292 return ev->type == KFD_EVENT_TYPE_SIGNAL; 293 } 294 295 int kfd_event_create(struct file *devkfd, struct kfd_process *p, 296 uint32_t event_type, bool auto_reset, uint32_t node_id, 297 uint32_t *event_id, uint32_t *event_trigger_data, 298 uint64_t *event_page_offset, uint32_t *event_slot_index) 299 { 300 int ret = 0; 301 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL); 302 303 if (!ev) 304 return -ENOMEM; 305 306 ev->type = event_type; 307 ev->auto_reset = auto_reset; 308 ev->signaled = false; 309 310 init_waitqueue_head(&ev->wq); 311 312 *event_page_offset = 0; 313 314 mutex_lock(&p->event_mutex); 315 316 switch (event_type) { 317 case KFD_EVENT_TYPE_SIGNAL: 318 case KFD_EVENT_TYPE_DEBUG: 319 ret = create_signal_event(devkfd, p, ev); 320 if (!ret) { 321 *event_page_offset = KFD_MMAP_EVENTS_MASK; 322 *event_page_offset <<= PAGE_SHIFT; 323 *event_slot_index = ev->event_id; 324 } 325 break; 326 default: 327 ret = create_other_event(p, ev); 328 break; 329 } 330 331 if (!ret) { 332 *event_id = ev->event_id; 333 *event_trigger_data = ev->event_id; 334 } else { 335 kfree(ev); 336 } 337 338 mutex_unlock(&p->event_mutex); 339 340 return ret; 341 } 342 343 /* Assumes that p is current. */ 344 int kfd_event_destroy(struct kfd_process *p, uint32_t event_id) 345 { 346 struct kfd_event *ev; 347 int ret = 0; 348 349 mutex_lock(&p->event_mutex); 350 351 ev = lookup_event_by_id(p, event_id); 352 353 if (ev) 354 destroy_event(p, ev); 355 else 356 ret = -EINVAL; 357 358 mutex_unlock(&p->event_mutex); 359 return ret; 360 } 361 362 static void set_event(struct kfd_event *ev) 363 { 364 struct kfd_event_waiter *waiter; 365 366 /* Auto reset if the list is non-empty and we're waking 367 * someone. waitqueue_active is safe here because we're 368 * protected by the p->event_mutex, which is also held when 369 * updating the wait queues in kfd_wait_on_events. 370 */ 371 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq); 372 373 list_for_each_entry(waiter, &ev->wq.head, wait.entry) 374 waiter->activated = true; 375 376 wake_up_all(&ev->wq); 377 } 378 379 /* Assumes that p is current. */ 380 int kfd_set_event(struct kfd_process *p, uint32_t event_id) 381 { 382 int ret = 0; 383 struct kfd_event *ev; 384 385 mutex_lock(&p->event_mutex); 386 387 ev = lookup_event_by_id(p, event_id); 388 389 if (ev && event_can_be_cpu_signaled(ev)) 390 set_event(ev); 391 else 392 ret = -EINVAL; 393 394 mutex_unlock(&p->event_mutex); 395 return ret; 396 } 397 398 static void reset_event(struct kfd_event *ev) 399 { 400 ev->signaled = false; 401 } 402 403 /* Assumes that p is current. */ 404 int kfd_reset_event(struct kfd_process *p, uint32_t event_id) 405 { 406 int ret = 0; 407 struct kfd_event *ev; 408 409 mutex_lock(&p->event_mutex); 410 411 ev = lookup_event_by_id(p, event_id); 412 413 if (ev && event_can_be_cpu_signaled(ev)) 414 reset_event(ev); 415 else 416 ret = -EINVAL; 417 418 mutex_unlock(&p->event_mutex); 419 return ret; 420 421 } 422 423 static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev) 424 { 425 page_slots(p->signal_page)[ev->event_id] = UNSIGNALED_EVENT_SLOT; 426 } 427 428 static void set_event_from_interrupt(struct kfd_process *p, 429 struct kfd_event *ev) 430 { 431 if (ev && event_can_be_gpu_signaled(ev)) { 432 acknowledge_signal(p, ev); 433 set_event(ev); 434 } 435 } 436 437 void kfd_signal_event_interrupt(unsigned int pasid, uint32_t partial_id, 438 uint32_t valid_id_bits) 439 { 440 struct kfd_event *ev = NULL; 441 442 /* 443 * Because we are called from arbitrary context (workqueue) as opposed 444 * to process context, kfd_process could attempt to exit while we are 445 * running so the lookup function increments the process ref count. 446 */ 447 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 448 449 if (!p) 450 return; /* Presumably process exited. */ 451 452 mutex_lock(&p->event_mutex); 453 454 if (valid_id_bits) 455 ev = lookup_signaled_event_by_partial_id(p, partial_id, 456 valid_id_bits); 457 if (ev) { 458 set_event_from_interrupt(p, ev); 459 } else if (p->signal_page) { 460 /* 461 * Partial ID lookup failed. Assume that the event ID 462 * in the interrupt payload was invalid and do an 463 * exhaustive search of signaled events. 464 */ 465 uint64_t *slots = page_slots(p->signal_page); 466 uint32_t id; 467 468 if (valid_id_bits) 469 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n", 470 partial_id, valid_id_bits); 471 472 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT/2) { 473 /* With relatively few events, it's faster to 474 * iterate over the event IDR 475 */ 476 idr_for_each_entry(&p->event_idr, ev, id) { 477 if (id >= KFD_SIGNAL_EVENT_LIMIT) 478 break; 479 480 if (slots[id] != UNSIGNALED_EVENT_SLOT) 481 set_event_from_interrupt(p, ev); 482 } 483 } else { 484 /* With relatively many events, it's faster to 485 * iterate over the signal slots and lookup 486 * only signaled events from the IDR. 487 */ 488 for (id = 0; id < KFD_SIGNAL_EVENT_LIMIT; id++) 489 if (slots[id] != UNSIGNALED_EVENT_SLOT) { 490 ev = lookup_event_by_id(p, id); 491 set_event_from_interrupt(p, ev); 492 } 493 } 494 } 495 496 mutex_unlock(&p->event_mutex); 497 kfd_unref_process(p); 498 } 499 500 static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events) 501 { 502 struct kfd_event_waiter *event_waiters; 503 uint32_t i; 504 505 event_waiters = kmalloc_array(num_events, 506 sizeof(struct kfd_event_waiter), 507 GFP_KERNEL); 508 509 for (i = 0; (event_waiters) && (i < num_events) ; i++) { 510 init_wait(&event_waiters[i].wait); 511 event_waiters[i].activated = false; 512 } 513 514 return event_waiters; 515 } 516 517 static int init_event_waiter_get_status(struct kfd_process *p, 518 struct kfd_event_waiter *waiter, 519 uint32_t event_id) 520 { 521 struct kfd_event *ev = lookup_event_by_id(p, event_id); 522 523 if (!ev) 524 return -EINVAL; 525 526 waiter->event = ev; 527 waiter->activated = ev->signaled; 528 ev->signaled = ev->signaled && !ev->auto_reset; 529 530 return 0; 531 } 532 533 static void init_event_waiter_add_to_waitlist(struct kfd_event_waiter *waiter) 534 { 535 struct kfd_event *ev = waiter->event; 536 537 /* Only add to the wait list if we actually need to 538 * wait on this event. 539 */ 540 if (!waiter->activated) 541 add_wait_queue(&ev->wq, &waiter->wait); 542 } 543 544 /* test_event_condition - Test condition of events being waited for 545 * @all: Return completion only if all events have signaled 546 * @num_events: Number of events to wait for 547 * @event_waiters: Array of event waiters, one per event 548 * 549 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have 550 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all) 551 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of 552 * the events have been destroyed. 553 */ 554 static uint32_t test_event_condition(bool all, uint32_t num_events, 555 struct kfd_event_waiter *event_waiters) 556 { 557 uint32_t i; 558 uint32_t activated_count = 0; 559 560 for (i = 0; i < num_events; i++) { 561 if (!event_waiters[i].event) 562 return KFD_IOC_WAIT_RESULT_FAIL; 563 564 if (event_waiters[i].activated) { 565 if (!all) 566 return KFD_IOC_WAIT_RESULT_COMPLETE; 567 568 activated_count++; 569 } 570 } 571 572 return activated_count == num_events ? 573 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT; 574 } 575 576 /* 577 * Copy event specific data, if defined. 578 * Currently only memory exception events have additional data to copy to user 579 */ 580 static int copy_signaled_event_data(uint32_t num_events, 581 struct kfd_event_waiter *event_waiters, 582 struct kfd_event_data __user *data) 583 { 584 struct kfd_hsa_memory_exception_data *src; 585 struct kfd_hsa_memory_exception_data __user *dst; 586 struct kfd_event_waiter *waiter; 587 struct kfd_event *event; 588 uint32_t i; 589 590 for (i = 0; i < num_events; i++) { 591 waiter = &event_waiters[i]; 592 event = waiter->event; 593 if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) { 594 dst = &data[i].memory_exception_data; 595 src = &event->memory_exception_data; 596 if (copy_to_user(dst, src, 597 sizeof(struct kfd_hsa_memory_exception_data))) 598 return -EFAULT; 599 } 600 } 601 602 return 0; 603 604 } 605 606 607 608 static long user_timeout_to_jiffies(uint32_t user_timeout_ms) 609 { 610 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE) 611 return 0; 612 613 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE) 614 return MAX_SCHEDULE_TIMEOUT; 615 616 /* 617 * msecs_to_jiffies interprets all values above 2^31-1 as infinite, 618 * but we consider them finite. 619 * This hack is wrong, but nobody is likely to notice. 620 */ 621 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF); 622 623 return msecs_to_jiffies(user_timeout_ms) + 1; 624 } 625 626 static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters) 627 { 628 uint32_t i; 629 630 for (i = 0; i < num_events; i++) 631 if (waiters[i].event) 632 remove_wait_queue(&waiters[i].event->wq, 633 &waiters[i].wait); 634 635 kfree(waiters); 636 } 637 638 int kfd_wait_on_events(struct kfd_process *p, 639 uint32_t num_events, void __user *data, 640 bool all, uint32_t user_timeout_ms, 641 uint32_t *wait_result) 642 { 643 struct kfd_event_data __user *events = 644 (struct kfd_event_data __user *) data; 645 uint32_t i; 646 int ret = 0; 647 648 struct kfd_event_waiter *event_waiters = NULL; 649 long timeout = user_timeout_to_jiffies(user_timeout_ms); 650 651 event_waiters = alloc_event_waiters(num_events); 652 if (!event_waiters) { 653 ret = -ENOMEM; 654 goto out; 655 } 656 657 mutex_lock(&p->event_mutex); 658 659 for (i = 0; i < num_events; i++) { 660 struct kfd_event_data event_data; 661 662 if (copy_from_user(&event_data, &events[i], 663 sizeof(struct kfd_event_data))) { 664 ret = -EFAULT; 665 goto out_unlock; 666 } 667 668 ret = init_event_waiter_get_status(p, &event_waiters[i], 669 event_data.event_id); 670 if (ret) 671 goto out_unlock; 672 } 673 674 /* Check condition once. */ 675 *wait_result = test_event_condition(all, num_events, event_waiters); 676 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) { 677 ret = copy_signaled_event_data(num_events, 678 event_waiters, events); 679 goto out_unlock; 680 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) { 681 /* This should not happen. Events shouldn't be 682 * destroyed while we're holding the event_mutex 683 */ 684 goto out_unlock; 685 } 686 687 /* Add to wait lists if we need to wait. */ 688 for (i = 0; i < num_events; i++) 689 init_event_waiter_add_to_waitlist(&event_waiters[i]); 690 691 mutex_unlock(&p->event_mutex); 692 693 while (true) { 694 if (fatal_signal_pending(current)) { 695 ret = -EINTR; 696 break; 697 } 698 699 if (signal_pending(current)) { 700 /* 701 * This is wrong when a nonzero, non-infinite timeout 702 * is specified. We need to use 703 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block 704 * contains a union with data for each user and it's 705 * in generic kernel code that I don't want to 706 * touch yet. 707 */ 708 ret = -ERESTARTSYS; 709 break; 710 } 711 712 /* Set task state to interruptible sleep before 713 * checking wake-up conditions. A concurrent wake-up 714 * will put the task back into runnable state. In that 715 * case schedule_timeout will not put the task to 716 * sleep and we'll get a chance to re-check the 717 * updated conditions almost immediately. Otherwise, 718 * this race condition would lead to a soft hang or a 719 * very long sleep. 720 */ 721 set_current_state(TASK_INTERRUPTIBLE); 722 723 *wait_result = test_event_condition(all, num_events, 724 event_waiters); 725 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT) 726 break; 727 728 if (timeout <= 0) 729 break; 730 731 timeout = schedule_timeout(timeout); 732 } 733 __set_current_state(TASK_RUNNING); 734 735 /* copy_signaled_event_data may sleep. So this has to happen 736 * after the task state is set back to RUNNING. 737 */ 738 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) 739 ret = copy_signaled_event_data(num_events, 740 event_waiters, events); 741 742 mutex_lock(&p->event_mutex); 743 out_unlock: 744 free_waiters(num_events, event_waiters); 745 mutex_unlock(&p->event_mutex); 746 out: 747 if (ret) 748 *wait_result = KFD_IOC_WAIT_RESULT_FAIL; 749 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL) 750 ret = -EIO; 751 752 return ret; 753 } 754 755 int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma) 756 { 757 unsigned long pfn; 758 struct kfd_signal_page *page; 759 int ret; 760 761 /* check required size doesn't exceed the allocated size */ 762 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) < 763 get_order(vma->vm_end - vma->vm_start)) { 764 pr_err("Event page mmap requested illegal size\n"); 765 return -EINVAL; 766 } 767 768 page = p->signal_page; 769 if (!page) { 770 /* Probably KFD bug, but mmap is user-accessible. */ 771 pr_debug("Signal page could not be found\n"); 772 return -EINVAL; 773 } 774 775 pfn = __pa(page->kernel_address); 776 pfn >>= PAGE_SHIFT; 777 778 vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE 779 | VM_DONTDUMP | VM_PFNMAP; 780 781 pr_debug("Mapping signal page\n"); 782 pr_debug(" start user address == 0x%08lx\n", vma->vm_start); 783 pr_debug(" end user address == 0x%08lx\n", vma->vm_end); 784 pr_debug(" pfn == 0x%016lX\n", pfn); 785 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags); 786 pr_debug(" size == 0x%08lX\n", 787 vma->vm_end - vma->vm_start); 788 789 page->user_address = (uint64_t __user *)vma->vm_start; 790 791 /* mapping the page to user process */ 792 ret = remap_pfn_range(vma, vma->vm_start, pfn, 793 vma->vm_end - vma->vm_start, vma->vm_page_prot); 794 if (!ret) 795 p->signal_mapped_size = vma->vm_end - vma->vm_start; 796 797 return ret; 798 } 799 800 /* 801 * Assumes that p->event_mutex is held and of course 802 * that p is not going away (current or locked). 803 */ 804 static void lookup_events_by_type_and_signal(struct kfd_process *p, 805 int type, void *event_data) 806 { 807 struct kfd_hsa_memory_exception_data *ev_data; 808 struct kfd_event *ev; 809 uint32_t id; 810 bool send_signal = true; 811 812 ev_data = (struct kfd_hsa_memory_exception_data *) event_data; 813 814 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 815 idr_for_each_entry_continue(&p->event_idr, ev, id) 816 if (ev->type == type) { 817 send_signal = false; 818 dev_dbg(kfd_device, 819 "Event found: id %X type %d", 820 ev->event_id, ev->type); 821 set_event(ev); 822 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data) 823 ev->memory_exception_data = *ev_data; 824 } 825 826 /* Send SIGTERM no event of type "type" has been found*/ 827 if (send_signal) { 828 if (send_sigterm) { 829 dev_warn(kfd_device, 830 "Sending SIGTERM to HSA Process with PID %d ", 831 p->lead_thread->pid); 832 send_sig(SIGTERM, p->lead_thread, 0); 833 } else { 834 dev_err(kfd_device, 835 "HSA Process (PID %d) got unhandled exception", 836 p->lead_thread->pid); 837 } 838 } 839 } 840 841 #ifdef KFD_SUPPORT_IOMMU_V2 842 void kfd_signal_iommu_event(struct kfd_dev *dev, unsigned int pasid, 843 unsigned long address, bool is_write_requested, 844 bool is_execute_requested) 845 { 846 struct kfd_hsa_memory_exception_data memory_exception_data; 847 struct vm_area_struct *vma; 848 849 /* 850 * Because we are called from arbitrary context (workqueue) as opposed 851 * to process context, kfd_process could attempt to exit while we are 852 * running so the lookup function increments the process ref count. 853 */ 854 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 855 struct mm_struct *mm; 856 857 if (!p) 858 return; /* Presumably process exited. */ 859 860 /* Take a safe reference to the mm_struct, which may otherwise 861 * disappear even while the kfd_process is still referenced. 862 */ 863 mm = get_task_mm(p->lead_thread); 864 if (!mm) { 865 kfd_unref_process(p); 866 return; /* Process is exiting */ 867 } 868 869 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 870 871 down_read(&mm->mmap_sem); 872 vma = find_vma(mm, address); 873 874 memory_exception_data.gpu_id = dev->id; 875 memory_exception_data.va = address; 876 /* Set failure reason */ 877 memory_exception_data.failure.NotPresent = 1; 878 memory_exception_data.failure.NoExecute = 0; 879 memory_exception_data.failure.ReadOnly = 0; 880 if (vma) { 881 if (vma->vm_start > address) { 882 memory_exception_data.failure.NotPresent = 1; 883 memory_exception_data.failure.NoExecute = 0; 884 memory_exception_data.failure.ReadOnly = 0; 885 } else { 886 memory_exception_data.failure.NotPresent = 0; 887 if (is_write_requested && !(vma->vm_flags & VM_WRITE)) 888 memory_exception_data.failure.ReadOnly = 1; 889 else 890 memory_exception_data.failure.ReadOnly = 0; 891 if (is_execute_requested && !(vma->vm_flags & VM_EXEC)) 892 memory_exception_data.failure.NoExecute = 1; 893 else 894 memory_exception_data.failure.NoExecute = 0; 895 } 896 } 897 898 up_read(&mm->mmap_sem); 899 mmput(mm); 900 901 mutex_lock(&p->event_mutex); 902 903 /* Lookup events by type and signal them */ 904 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY, 905 &memory_exception_data); 906 907 mutex_unlock(&p->event_mutex); 908 kfd_unref_process(p); 909 } 910 #endif /* KFD_SUPPORT_IOMMU_V2 */ 911 912 void kfd_signal_hw_exception_event(unsigned int pasid) 913 { 914 /* 915 * Because we are called from arbitrary context (workqueue) as opposed 916 * to process context, kfd_process could attempt to exit while we are 917 * running so the lookup function increments the process ref count. 918 */ 919 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 920 921 if (!p) 922 return; /* Presumably process exited. */ 923 924 mutex_lock(&p->event_mutex); 925 926 /* Lookup events by type and signal them */ 927 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL); 928 929 mutex_unlock(&p->event_mutex); 930 kfd_unref_process(p); 931 } 932