1 // SPDX-License-Identifier: GPL-2.0 OR MIT 2 /* 3 * Copyright 2014-2022 Advanced Micro Devices, Inc. 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be included in 13 * all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 19 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 20 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 21 * OTHER DEALINGS IN THE SOFTWARE. 22 */ 23 24 #include <linux/mm_types.h> 25 #include <linux/slab.h> 26 #include <linux/types.h> 27 #include <linux/sched/signal.h> 28 #include <linux/sched/mm.h> 29 #include <linux/uaccess.h> 30 #include <linux/mman.h> 31 #include <linux/memory.h> 32 #include "kfd_priv.h" 33 #include "kfd_events.h" 34 #include "kfd_iommu.h" 35 #include <linux/device.h> 36 37 /* 38 * Wrapper around wait_queue_entry_t 39 */ 40 struct kfd_event_waiter { 41 wait_queue_entry_t wait; 42 struct kfd_event *event; /* Event to wait for */ 43 bool activated; /* Becomes true when event is signaled */ 44 }; 45 46 /* 47 * Each signal event needs a 64-bit signal slot where the signaler will write 48 * a 1 before sending an interrupt. (This is needed because some interrupts 49 * do not contain enough spare data bits to identify an event.) 50 * We get whole pages and map them to the process VA. 51 * Individual signal events use their event_id as slot index. 52 */ 53 struct kfd_signal_page { 54 uint64_t *kernel_address; 55 uint64_t __user *user_address; 56 bool need_to_free_pages; 57 }; 58 59 static uint64_t *page_slots(struct kfd_signal_page *page) 60 { 61 return page->kernel_address; 62 } 63 64 static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p) 65 { 66 void *backing_store; 67 struct kfd_signal_page *page; 68 69 page = kzalloc(sizeof(*page), GFP_KERNEL); 70 if (!page) 71 return NULL; 72 73 backing_store = (void *) __get_free_pages(GFP_KERNEL, 74 get_order(KFD_SIGNAL_EVENT_LIMIT * 8)); 75 if (!backing_store) 76 goto fail_alloc_signal_store; 77 78 /* Initialize all events to unsignaled */ 79 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT, 80 KFD_SIGNAL_EVENT_LIMIT * 8); 81 82 page->kernel_address = backing_store; 83 page->need_to_free_pages = true; 84 pr_debug("Allocated new event signal page at %p, for process %p\n", 85 page, p); 86 87 return page; 88 89 fail_alloc_signal_store: 90 kfree(page); 91 return NULL; 92 } 93 94 static int allocate_event_notification_slot(struct kfd_process *p, 95 struct kfd_event *ev, 96 const int *restore_id) 97 { 98 int id; 99 100 if (!p->signal_page) { 101 p->signal_page = allocate_signal_page(p); 102 if (!p->signal_page) 103 return -ENOMEM; 104 /* Oldest user mode expects 256 event slots */ 105 p->signal_mapped_size = 256*8; 106 } 107 108 if (restore_id) { 109 id = idr_alloc(&p->event_idr, ev, *restore_id, *restore_id + 1, 110 GFP_KERNEL); 111 } else { 112 /* 113 * Compatibility with old user mode: Only use signal slots 114 * user mode has mapped, may be less than 115 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase 116 * of the event limit without breaking user mode. 117 */ 118 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8, 119 GFP_KERNEL); 120 } 121 if (id < 0) 122 return id; 123 124 ev->event_id = id; 125 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT; 126 127 return 0; 128 } 129 130 /* 131 * Assumes that p->event_mutex is held and of course that p is not going 132 * away (current or locked). 133 */ 134 static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id) 135 { 136 return idr_find(&p->event_idr, id); 137 } 138 139 /** 140 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID 141 * @p: Pointer to struct kfd_process 142 * @id: ID to look up 143 * @bits: Number of valid bits in @id 144 * 145 * Finds the first signaled event with a matching partial ID. If no 146 * matching signaled event is found, returns NULL. In that case the 147 * caller should assume that the partial ID is invalid and do an 148 * exhaustive search of all siglaned events. 149 * 150 * If multiple events with the same partial ID signal at the same 151 * time, they will be found one interrupt at a time, not necessarily 152 * in the same order the interrupts occurred. As long as the number of 153 * interrupts is correct, all signaled events will be seen by the 154 * driver. 155 */ 156 static struct kfd_event *lookup_signaled_event_by_partial_id( 157 struct kfd_process *p, uint32_t id, uint32_t bits) 158 { 159 struct kfd_event *ev; 160 161 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT) 162 return NULL; 163 164 /* Fast path for the common case that @id is not a partial ID 165 * and we only need a single lookup. 166 */ 167 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) { 168 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT) 169 return NULL; 170 171 return idr_find(&p->event_idr, id); 172 } 173 174 /* General case for partial IDs: Iterate over all matching IDs 175 * and find the first one that has signaled. 176 */ 177 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) { 178 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT) 179 continue; 180 181 ev = idr_find(&p->event_idr, id); 182 } 183 184 return ev; 185 } 186 187 static int create_signal_event(struct file *devkfd, struct kfd_process *p, 188 struct kfd_event *ev, const int *restore_id) 189 { 190 int ret; 191 192 if (p->signal_mapped_size && 193 p->signal_event_count == p->signal_mapped_size / 8) { 194 if (!p->signal_event_limit_reached) { 195 pr_debug("Signal event wasn't created because limit was reached\n"); 196 p->signal_event_limit_reached = true; 197 } 198 return -ENOSPC; 199 } 200 201 ret = allocate_event_notification_slot(p, ev, restore_id); 202 if (ret) { 203 pr_warn("Signal event wasn't created because out of kernel memory\n"); 204 return ret; 205 } 206 207 p->signal_event_count++; 208 209 ev->user_signal_address = &p->signal_page->user_address[ev->event_id]; 210 pr_debug("Signal event number %zu created with id %d, address %p\n", 211 p->signal_event_count, ev->event_id, 212 ev->user_signal_address); 213 214 return 0; 215 } 216 217 static int create_other_event(struct kfd_process *p, struct kfd_event *ev, const int *restore_id) 218 { 219 int id; 220 221 if (restore_id) 222 id = idr_alloc(&p->event_idr, ev, *restore_id, *restore_id + 1, 223 GFP_KERNEL); 224 else 225 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an 226 * intentional integer overflow to -1 without a compiler 227 * warning. idr_alloc treats a negative value as "maximum 228 * signed integer". 229 */ 230 id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID, 231 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1, 232 GFP_KERNEL); 233 234 if (id < 0) 235 return id; 236 ev->event_id = id; 237 238 return 0; 239 } 240 241 void kfd_event_init_process(struct kfd_process *p) 242 { 243 mutex_init(&p->event_mutex); 244 idr_init(&p->event_idr); 245 p->signal_page = NULL; 246 p->signal_event_count = 0; 247 } 248 249 static void destroy_event(struct kfd_process *p, struct kfd_event *ev) 250 { 251 struct kfd_event_waiter *waiter; 252 253 /* Wake up pending waiters. They will return failure */ 254 list_for_each_entry(waiter, &ev->wq.head, wait.entry) 255 waiter->event = NULL; 256 wake_up_all(&ev->wq); 257 258 if (ev->type == KFD_EVENT_TYPE_SIGNAL || 259 ev->type == KFD_EVENT_TYPE_DEBUG) 260 p->signal_event_count--; 261 262 idr_remove(&p->event_idr, ev->event_id); 263 kfree(ev); 264 } 265 266 static void destroy_events(struct kfd_process *p) 267 { 268 struct kfd_event *ev; 269 uint32_t id; 270 271 idr_for_each_entry(&p->event_idr, ev, id) 272 destroy_event(p, ev); 273 idr_destroy(&p->event_idr); 274 } 275 276 /* 277 * We assume that the process is being destroyed and there is no need to 278 * unmap the pages or keep bookkeeping data in order. 279 */ 280 static void shutdown_signal_page(struct kfd_process *p) 281 { 282 struct kfd_signal_page *page = p->signal_page; 283 284 if (page) { 285 if (page->need_to_free_pages) 286 free_pages((unsigned long)page->kernel_address, 287 get_order(KFD_SIGNAL_EVENT_LIMIT * 8)); 288 kfree(page); 289 } 290 } 291 292 void kfd_event_free_process(struct kfd_process *p) 293 { 294 destroy_events(p); 295 shutdown_signal_page(p); 296 } 297 298 static bool event_can_be_gpu_signaled(const struct kfd_event *ev) 299 { 300 return ev->type == KFD_EVENT_TYPE_SIGNAL || 301 ev->type == KFD_EVENT_TYPE_DEBUG; 302 } 303 304 static bool event_can_be_cpu_signaled(const struct kfd_event *ev) 305 { 306 return ev->type == KFD_EVENT_TYPE_SIGNAL; 307 } 308 309 static int kfd_event_page_set(struct kfd_process *p, void *kernel_address, 310 uint64_t size, uint64_t user_handle) 311 { 312 struct kfd_signal_page *page; 313 314 if (p->signal_page) 315 return -EBUSY; 316 317 page = kzalloc(sizeof(*page), GFP_KERNEL); 318 if (!page) 319 return -ENOMEM; 320 321 /* Initialize all events to unsignaled */ 322 memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT, 323 KFD_SIGNAL_EVENT_LIMIT * 8); 324 325 page->kernel_address = kernel_address; 326 327 p->signal_page = page; 328 p->signal_mapped_size = size; 329 p->signal_handle = user_handle; 330 return 0; 331 } 332 333 int kfd_kmap_event_page(struct kfd_process *p, uint64_t event_page_offset) 334 { 335 struct kfd_dev *kfd; 336 struct kfd_process_device *pdd; 337 void *mem, *kern_addr; 338 uint64_t size; 339 int err = 0; 340 341 if (p->signal_page) { 342 pr_err("Event page is already set\n"); 343 return -EINVAL; 344 } 345 346 pdd = kfd_process_device_data_by_id(p, GET_GPU_ID(event_page_offset)); 347 if (!pdd) { 348 pr_err("Getting device by id failed in %s\n", __func__); 349 return -EINVAL; 350 } 351 kfd = pdd->dev; 352 353 pdd = kfd_bind_process_to_device(kfd, p); 354 if (IS_ERR(pdd)) 355 return PTR_ERR(pdd); 356 357 mem = kfd_process_device_translate_handle(pdd, 358 GET_IDR_HANDLE(event_page_offset)); 359 if (!mem) { 360 pr_err("Can't find BO, offset is 0x%llx\n", event_page_offset); 361 return -EINVAL; 362 } 363 364 err = amdgpu_amdkfd_gpuvm_map_gtt_bo_to_kernel(kfd->adev, 365 mem, &kern_addr, &size); 366 if (err) { 367 pr_err("Failed to map event page to kernel\n"); 368 return err; 369 } 370 371 err = kfd_event_page_set(p, kern_addr, size, event_page_offset); 372 if (err) { 373 pr_err("Failed to set event page\n"); 374 amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel(kfd->adev, mem); 375 return err; 376 } 377 return err; 378 } 379 380 int kfd_event_create(struct file *devkfd, struct kfd_process *p, 381 uint32_t event_type, bool auto_reset, uint32_t node_id, 382 uint32_t *event_id, uint32_t *event_trigger_data, 383 uint64_t *event_page_offset, uint32_t *event_slot_index) 384 { 385 int ret = 0; 386 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL); 387 388 if (!ev) 389 return -ENOMEM; 390 391 ev->type = event_type; 392 ev->auto_reset = auto_reset; 393 ev->signaled = false; 394 395 init_waitqueue_head(&ev->wq); 396 397 *event_page_offset = 0; 398 399 mutex_lock(&p->event_mutex); 400 401 switch (event_type) { 402 case KFD_EVENT_TYPE_SIGNAL: 403 case KFD_EVENT_TYPE_DEBUG: 404 ret = create_signal_event(devkfd, p, ev, NULL); 405 if (!ret) { 406 *event_page_offset = KFD_MMAP_TYPE_EVENTS; 407 *event_slot_index = ev->event_id; 408 } 409 break; 410 default: 411 ret = create_other_event(p, ev, NULL); 412 break; 413 } 414 415 if (!ret) { 416 *event_id = ev->event_id; 417 *event_trigger_data = ev->event_id; 418 } else { 419 kfree(ev); 420 } 421 422 mutex_unlock(&p->event_mutex); 423 424 return ret; 425 } 426 427 int kfd_criu_restore_event(struct file *devkfd, 428 struct kfd_process *p, 429 uint8_t __user *user_priv_ptr, 430 uint64_t *priv_data_offset, 431 uint64_t max_priv_data_size) 432 { 433 struct kfd_criu_event_priv_data *ev_priv; 434 struct kfd_event *ev = NULL; 435 int ret = 0; 436 437 ev_priv = kmalloc(sizeof(*ev_priv), GFP_KERNEL); 438 if (!ev_priv) 439 return -ENOMEM; 440 441 ev = kzalloc(sizeof(*ev), GFP_KERNEL); 442 if (!ev) { 443 ret = -ENOMEM; 444 goto exit; 445 } 446 447 if (*priv_data_offset + sizeof(*ev_priv) > max_priv_data_size) { 448 ret = -EINVAL; 449 goto exit; 450 } 451 452 ret = copy_from_user(ev_priv, user_priv_ptr + *priv_data_offset, sizeof(*ev_priv)); 453 if (ret) { 454 ret = -EFAULT; 455 goto exit; 456 } 457 *priv_data_offset += sizeof(*ev_priv); 458 459 if (ev_priv->user_handle) { 460 ret = kfd_kmap_event_page(p, ev_priv->user_handle); 461 if (ret) 462 goto exit; 463 } 464 465 ev->type = ev_priv->type; 466 ev->auto_reset = ev_priv->auto_reset; 467 ev->signaled = ev_priv->signaled; 468 469 init_waitqueue_head(&ev->wq); 470 471 mutex_lock(&p->event_mutex); 472 switch (ev->type) { 473 case KFD_EVENT_TYPE_SIGNAL: 474 case KFD_EVENT_TYPE_DEBUG: 475 ret = create_signal_event(devkfd, p, ev, &ev_priv->event_id); 476 break; 477 case KFD_EVENT_TYPE_MEMORY: 478 memcpy(&ev->memory_exception_data, 479 &ev_priv->memory_exception_data, 480 sizeof(struct kfd_hsa_memory_exception_data)); 481 482 ret = create_other_event(p, ev, &ev_priv->event_id); 483 break; 484 case KFD_EVENT_TYPE_HW_EXCEPTION: 485 memcpy(&ev->hw_exception_data, 486 &ev_priv->hw_exception_data, 487 sizeof(struct kfd_hsa_hw_exception_data)); 488 489 ret = create_other_event(p, ev, &ev_priv->event_id); 490 break; 491 } 492 493 exit: 494 if (ret) 495 kfree(ev); 496 497 kfree(ev_priv); 498 499 mutex_unlock(&p->event_mutex); 500 501 return ret; 502 } 503 504 int kfd_criu_checkpoint_events(struct kfd_process *p, 505 uint8_t __user *user_priv_data, 506 uint64_t *priv_data_offset) 507 { 508 struct kfd_criu_event_priv_data *ev_privs; 509 int i = 0; 510 int ret = 0; 511 struct kfd_event *ev; 512 uint32_t ev_id; 513 514 uint32_t num_events = kfd_get_num_events(p); 515 516 if (!num_events) 517 return 0; 518 519 ev_privs = kvzalloc(num_events * sizeof(*ev_privs), GFP_KERNEL); 520 if (!ev_privs) 521 return -ENOMEM; 522 523 524 idr_for_each_entry(&p->event_idr, ev, ev_id) { 525 struct kfd_criu_event_priv_data *ev_priv; 526 527 /* 528 * Currently, all events have same size of private_data, but the current ioctl's 529 * and CRIU plugin supports private_data of variable sizes 530 */ 531 ev_priv = &ev_privs[i]; 532 533 ev_priv->object_type = KFD_CRIU_OBJECT_TYPE_EVENT; 534 535 /* We store the user_handle with the first event */ 536 if (i == 0 && p->signal_page) 537 ev_priv->user_handle = p->signal_handle; 538 539 ev_priv->event_id = ev->event_id; 540 ev_priv->auto_reset = ev->auto_reset; 541 ev_priv->type = ev->type; 542 ev_priv->signaled = ev->signaled; 543 544 if (ev_priv->type == KFD_EVENT_TYPE_MEMORY) 545 memcpy(&ev_priv->memory_exception_data, 546 &ev->memory_exception_data, 547 sizeof(struct kfd_hsa_memory_exception_data)); 548 else if (ev_priv->type == KFD_EVENT_TYPE_HW_EXCEPTION) 549 memcpy(&ev_priv->hw_exception_data, 550 &ev->hw_exception_data, 551 sizeof(struct kfd_hsa_hw_exception_data)); 552 553 pr_debug("Checkpointed event[%d] id = 0x%08x auto_reset = %x type = %x signaled = %x\n", 554 i, 555 ev_priv->event_id, 556 ev_priv->auto_reset, 557 ev_priv->type, 558 ev_priv->signaled); 559 i++; 560 } 561 562 ret = copy_to_user(user_priv_data + *priv_data_offset, 563 ev_privs, num_events * sizeof(*ev_privs)); 564 if (ret) { 565 pr_err("Failed to copy events priv to user\n"); 566 ret = -EFAULT; 567 } 568 569 *priv_data_offset += num_events * sizeof(*ev_privs); 570 571 kvfree(ev_privs); 572 return ret; 573 } 574 575 int kfd_get_num_events(struct kfd_process *p) 576 { 577 struct kfd_event *ev; 578 uint32_t id; 579 u32 num_events = 0; 580 581 idr_for_each_entry(&p->event_idr, ev, id) 582 num_events++; 583 584 return num_events; 585 } 586 587 /* Assumes that p is current. */ 588 int kfd_event_destroy(struct kfd_process *p, uint32_t event_id) 589 { 590 struct kfd_event *ev; 591 int ret = 0; 592 593 mutex_lock(&p->event_mutex); 594 595 ev = lookup_event_by_id(p, event_id); 596 597 if (ev) 598 destroy_event(p, ev); 599 else 600 ret = -EINVAL; 601 602 mutex_unlock(&p->event_mutex); 603 return ret; 604 } 605 606 static void set_event(struct kfd_event *ev) 607 { 608 struct kfd_event_waiter *waiter; 609 610 /* Auto reset if the list is non-empty and we're waking 611 * someone. waitqueue_active is safe here because we're 612 * protected by the p->event_mutex, which is also held when 613 * updating the wait queues in kfd_wait_on_events. 614 */ 615 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq); 616 617 list_for_each_entry(waiter, &ev->wq.head, wait.entry) 618 waiter->activated = true; 619 620 wake_up_all(&ev->wq); 621 } 622 623 /* Assumes that p is current. */ 624 int kfd_set_event(struct kfd_process *p, uint32_t event_id) 625 { 626 int ret = 0; 627 struct kfd_event *ev; 628 629 mutex_lock(&p->event_mutex); 630 631 ev = lookup_event_by_id(p, event_id); 632 633 if (ev && event_can_be_cpu_signaled(ev)) 634 set_event(ev); 635 else 636 ret = -EINVAL; 637 638 mutex_unlock(&p->event_mutex); 639 return ret; 640 } 641 642 static void reset_event(struct kfd_event *ev) 643 { 644 ev->signaled = false; 645 } 646 647 /* Assumes that p is current. */ 648 int kfd_reset_event(struct kfd_process *p, uint32_t event_id) 649 { 650 int ret = 0; 651 struct kfd_event *ev; 652 653 mutex_lock(&p->event_mutex); 654 655 ev = lookup_event_by_id(p, event_id); 656 657 if (ev && event_can_be_cpu_signaled(ev)) 658 reset_event(ev); 659 else 660 ret = -EINVAL; 661 662 mutex_unlock(&p->event_mutex); 663 return ret; 664 665 } 666 667 static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev) 668 { 669 page_slots(p->signal_page)[ev->event_id] = UNSIGNALED_EVENT_SLOT; 670 } 671 672 static void set_event_from_interrupt(struct kfd_process *p, 673 struct kfd_event *ev) 674 { 675 if (ev && event_can_be_gpu_signaled(ev)) { 676 acknowledge_signal(p, ev); 677 set_event(ev); 678 } 679 } 680 681 void kfd_signal_event_interrupt(u32 pasid, uint32_t partial_id, 682 uint32_t valid_id_bits) 683 { 684 struct kfd_event *ev = NULL; 685 686 /* 687 * Because we are called from arbitrary context (workqueue) as opposed 688 * to process context, kfd_process could attempt to exit while we are 689 * running so the lookup function increments the process ref count. 690 */ 691 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 692 693 if (!p) 694 return; /* Presumably process exited. */ 695 696 mutex_lock(&p->event_mutex); 697 698 if (valid_id_bits) 699 ev = lookup_signaled_event_by_partial_id(p, partial_id, 700 valid_id_bits); 701 if (ev) { 702 set_event_from_interrupt(p, ev); 703 } else if (p->signal_page) { 704 /* 705 * Partial ID lookup failed. Assume that the event ID 706 * in the interrupt payload was invalid and do an 707 * exhaustive search of signaled events. 708 */ 709 uint64_t *slots = page_slots(p->signal_page); 710 uint32_t id; 711 712 if (valid_id_bits) 713 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n", 714 partial_id, valid_id_bits); 715 716 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT / 64) { 717 /* With relatively few events, it's faster to 718 * iterate over the event IDR 719 */ 720 idr_for_each_entry(&p->event_idr, ev, id) { 721 if (id >= KFD_SIGNAL_EVENT_LIMIT) 722 break; 723 724 if (slots[id] != UNSIGNALED_EVENT_SLOT) 725 set_event_from_interrupt(p, ev); 726 } 727 } else { 728 /* With relatively many events, it's faster to 729 * iterate over the signal slots and lookup 730 * only signaled events from the IDR. 731 */ 732 for (id = 0; id < KFD_SIGNAL_EVENT_LIMIT; id++) 733 if (slots[id] != UNSIGNALED_EVENT_SLOT) { 734 ev = lookup_event_by_id(p, id); 735 set_event_from_interrupt(p, ev); 736 } 737 } 738 } 739 740 mutex_unlock(&p->event_mutex); 741 kfd_unref_process(p); 742 } 743 744 static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events) 745 { 746 struct kfd_event_waiter *event_waiters; 747 uint32_t i; 748 749 event_waiters = kmalloc_array(num_events, 750 sizeof(struct kfd_event_waiter), 751 GFP_KERNEL); 752 if (!event_waiters) 753 return NULL; 754 755 for (i = 0; (event_waiters) && (i < num_events) ; i++) { 756 init_wait(&event_waiters[i].wait); 757 event_waiters[i].activated = false; 758 } 759 760 return event_waiters; 761 } 762 763 static int init_event_waiter_get_status(struct kfd_process *p, 764 struct kfd_event_waiter *waiter, 765 uint32_t event_id) 766 { 767 struct kfd_event *ev = lookup_event_by_id(p, event_id); 768 769 if (!ev) 770 return -EINVAL; 771 772 waiter->event = ev; 773 waiter->activated = ev->signaled; 774 ev->signaled = ev->signaled && !ev->auto_reset; 775 776 return 0; 777 } 778 779 static void init_event_waiter_add_to_waitlist(struct kfd_event_waiter *waiter) 780 { 781 struct kfd_event *ev = waiter->event; 782 783 /* Only add to the wait list if we actually need to 784 * wait on this event. 785 */ 786 if (!waiter->activated) 787 add_wait_queue(&ev->wq, &waiter->wait); 788 } 789 790 /* test_event_condition - Test condition of events being waited for 791 * @all: Return completion only if all events have signaled 792 * @num_events: Number of events to wait for 793 * @event_waiters: Array of event waiters, one per event 794 * 795 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have 796 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all) 797 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of 798 * the events have been destroyed. 799 */ 800 static uint32_t test_event_condition(bool all, uint32_t num_events, 801 struct kfd_event_waiter *event_waiters) 802 { 803 uint32_t i; 804 uint32_t activated_count = 0; 805 806 for (i = 0; i < num_events; i++) { 807 if (!event_waiters[i].event) 808 return KFD_IOC_WAIT_RESULT_FAIL; 809 810 if (event_waiters[i].activated) { 811 if (!all) 812 return KFD_IOC_WAIT_RESULT_COMPLETE; 813 814 activated_count++; 815 } 816 } 817 818 return activated_count == num_events ? 819 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT; 820 } 821 822 /* 823 * Copy event specific data, if defined. 824 * Currently only memory exception events have additional data to copy to user 825 */ 826 static int copy_signaled_event_data(uint32_t num_events, 827 struct kfd_event_waiter *event_waiters, 828 struct kfd_event_data __user *data) 829 { 830 struct kfd_hsa_memory_exception_data *src; 831 struct kfd_hsa_memory_exception_data __user *dst; 832 struct kfd_event_waiter *waiter; 833 struct kfd_event *event; 834 uint32_t i; 835 836 for (i = 0; i < num_events; i++) { 837 waiter = &event_waiters[i]; 838 event = waiter->event; 839 if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) { 840 dst = &data[i].memory_exception_data; 841 src = &event->memory_exception_data; 842 if (copy_to_user(dst, src, 843 sizeof(struct kfd_hsa_memory_exception_data))) 844 return -EFAULT; 845 } 846 } 847 848 return 0; 849 850 } 851 852 853 854 static long user_timeout_to_jiffies(uint32_t user_timeout_ms) 855 { 856 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE) 857 return 0; 858 859 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE) 860 return MAX_SCHEDULE_TIMEOUT; 861 862 /* 863 * msecs_to_jiffies interprets all values above 2^31-1 as infinite, 864 * but we consider them finite. 865 * This hack is wrong, but nobody is likely to notice. 866 */ 867 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF); 868 869 return msecs_to_jiffies(user_timeout_ms) + 1; 870 } 871 872 static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters) 873 { 874 uint32_t i; 875 876 for (i = 0; i < num_events; i++) 877 if (waiters[i].event) 878 remove_wait_queue(&waiters[i].event->wq, 879 &waiters[i].wait); 880 881 kfree(waiters); 882 } 883 884 int kfd_wait_on_events(struct kfd_process *p, 885 uint32_t num_events, void __user *data, 886 bool all, uint32_t user_timeout_ms, 887 uint32_t *wait_result) 888 { 889 struct kfd_event_data __user *events = 890 (struct kfd_event_data __user *) data; 891 uint32_t i; 892 int ret = 0; 893 894 struct kfd_event_waiter *event_waiters = NULL; 895 long timeout = user_timeout_to_jiffies(user_timeout_ms); 896 897 event_waiters = alloc_event_waiters(num_events); 898 if (!event_waiters) { 899 ret = -ENOMEM; 900 goto out; 901 } 902 903 mutex_lock(&p->event_mutex); 904 905 for (i = 0; i < num_events; i++) { 906 struct kfd_event_data event_data; 907 908 if (copy_from_user(&event_data, &events[i], 909 sizeof(struct kfd_event_data))) { 910 ret = -EFAULT; 911 goto out_unlock; 912 } 913 914 ret = init_event_waiter_get_status(p, &event_waiters[i], 915 event_data.event_id); 916 if (ret) 917 goto out_unlock; 918 } 919 920 /* Check condition once. */ 921 *wait_result = test_event_condition(all, num_events, event_waiters); 922 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) { 923 ret = copy_signaled_event_data(num_events, 924 event_waiters, events); 925 goto out_unlock; 926 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) { 927 /* This should not happen. Events shouldn't be 928 * destroyed while we're holding the event_mutex 929 */ 930 goto out_unlock; 931 } 932 933 /* Add to wait lists if we need to wait. */ 934 for (i = 0; i < num_events; i++) 935 init_event_waiter_add_to_waitlist(&event_waiters[i]); 936 937 mutex_unlock(&p->event_mutex); 938 939 while (true) { 940 if (fatal_signal_pending(current)) { 941 ret = -EINTR; 942 break; 943 } 944 945 if (signal_pending(current)) { 946 /* 947 * This is wrong when a nonzero, non-infinite timeout 948 * is specified. We need to use 949 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block 950 * contains a union with data for each user and it's 951 * in generic kernel code that I don't want to 952 * touch yet. 953 */ 954 ret = -ERESTARTSYS; 955 break; 956 } 957 958 /* Set task state to interruptible sleep before 959 * checking wake-up conditions. A concurrent wake-up 960 * will put the task back into runnable state. In that 961 * case schedule_timeout will not put the task to 962 * sleep and we'll get a chance to re-check the 963 * updated conditions almost immediately. Otherwise, 964 * this race condition would lead to a soft hang or a 965 * very long sleep. 966 */ 967 set_current_state(TASK_INTERRUPTIBLE); 968 969 *wait_result = test_event_condition(all, num_events, 970 event_waiters); 971 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT) 972 break; 973 974 if (timeout <= 0) 975 break; 976 977 timeout = schedule_timeout(timeout); 978 } 979 __set_current_state(TASK_RUNNING); 980 981 /* copy_signaled_event_data may sleep. So this has to happen 982 * after the task state is set back to RUNNING. 983 */ 984 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) 985 ret = copy_signaled_event_data(num_events, 986 event_waiters, events); 987 988 mutex_lock(&p->event_mutex); 989 out_unlock: 990 free_waiters(num_events, event_waiters); 991 mutex_unlock(&p->event_mutex); 992 out: 993 if (ret) 994 *wait_result = KFD_IOC_WAIT_RESULT_FAIL; 995 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL) 996 ret = -EIO; 997 998 return ret; 999 } 1000 1001 int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma) 1002 { 1003 unsigned long pfn; 1004 struct kfd_signal_page *page; 1005 int ret; 1006 1007 /* check required size doesn't exceed the allocated size */ 1008 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) < 1009 get_order(vma->vm_end - vma->vm_start)) { 1010 pr_err("Event page mmap requested illegal size\n"); 1011 return -EINVAL; 1012 } 1013 1014 page = p->signal_page; 1015 if (!page) { 1016 /* Probably KFD bug, but mmap is user-accessible. */ 1017 pr_debug("Signal page could not be found\n"); 1018 return -EINVAL; 1019 } 1020 1021 pfn = __pa(page->kernel_address); 1022 pfn >>= PAGE_SHIFT; 1023 1024 vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE 1025 | VM_DONTDUMP | VM_PFNMAP; 1026 1027 pr_debug("Mapping signal page\n"); 1028 pr_debug(" start user address == 0x%08lx\n", vma->vm_start); 1029 pr_debug(" end user address == 0x%08lx\n", vma->vm_end); 1030 pr_debug(" pfn == 0x%016lX\n", pfn); 1031 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags); 1032 pr_debug(" size == 0x%08lX\n", 1033 vma->vm_end - vma->vm_start); 1034 1035 page->user_address = (uint64_t __user *)vma->vm_start; 1036 1037 /* mapping the page to user process */ 1038 ret = remap_pfn_range(vma, vma->vm_start, pfn, 1039 vma->vm_end - vma->vm_start, vma->vm_page_prot); 1040 if (!ret) 1041 p->signal_mapped_size = vma->vm_end - vma->vm_start; 1042 1043 return ret; 1044 } 1045 1046 /* 1047 * Assumes that p->event_mutex is held and of course 1048 * that p is not going away (current or locked). 1049 */ 1050 static void lookup_events_by_type_and_signal(struct kfd_process *p, 1051 int type, void *event_data) 1052 { 1053 struct kfd_hsa_memory_exception_data *ev_data; 1054 struct kfd_event *ev; 1055 uint32_t id; 1056 bool send_signal = true; 1057 1058 ev_data = (struct kfd_hsa_memory_exception_data *) event_data; 1059 1060 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1061 idr_for_each_entry_continue(&p->event_idr, ev, id) 1062 if (ev->type == type) { 1063 send_signal = false; 1064 dev_dbg(kfd_device, 1065 "Event found: id %X type %d", 1066 ev->event_id, ev->type); 1067 set_event(ev); 1068 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data) 1069 ev->memory_exception_data = *ev_data; 1070 } 1071 1072 if (type == KFD_EVENT_TYPE_MEMORY) { 1073 dev_warn(kfd_device, 1074 "Sending SIGSEGV to process %d (pasid 0x%x)", 1075 p->lead_thread->pid, p->pasid); 1076 send_sig(SIGSEGV, p->lead_thread, 0); 1077 } 1078 1079 /* Send SIGTERM no event of type "type" has been found*/ 1080 if (send_signal) { 1081 if (send_sigterm) { 1082 dev_warn(kfd_device, 1083 "Sending SIGTERM to process %d (pasid 0x%x)", 1084 p->lead_thread->pid, p->pasid); 1085 send_sig(SIGTERM, p->lead_thread, 0); 1086 } else { 1087 dev_err(kfd_device, 1088 "Process %d (pasid 0x%x) got unhandled exception", 1089 p->lead_thread->pid, p->pasid); 1090 } 1091 } 1092 } 1093 1094 #ifdef KFD_SUPPORT_IOMMU_V2 1095 void kfd_signal_iommu_event(struct kfd_dev *dev, u32 pasid, 1096 unsigned long address, bool is_write_requested, 1097 bool is_execute_requested) 1098 { 1099 struct kfd_hsa_memory_exception_data memory_exception_data; 1100 struct vm_area_struct *vma; 1101 int user_gpu_id; 1102 1103 /* 1104 * Because we are called from arbitrary context (workqueue) as opposed 1105 * to process context, kfd_process could attempt to exit while we are 1106 * running so the lookup function increments the process ref count. 1107 */ 1108 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1109 struct mm_struct *mm; 1110 1111 if (!p) 1112 return; /* Presumably process exited. */ 1113 1114 /* Take a safe reference to the mm_struct, which may otherwise 1115 * disappear even while the kfd_process is still referenced. 1116 */ 1117 mm = get_task_mm(p->lead_thread); 1118 if (!mm) { 1119 kfd_unref_process(p); 1120 return; /* Process is exiting */ 1121 } 1122 1123 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1124 if (unlikely(user_gpu_id == -EINVAL)) { 1125 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1126 return; 1127 } 1128 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1129 1130 mmap_read_lock(mm); 1131 vma = find_vma(mm, address); 1132 1133 memory_exception_data.gpu_id = user_gpu_id; 1134 memory_exception_data.va = address; 1135 /* Set failure reason */ 1136 memory_exception_data.failure.NotPresent = 1; 1137 memory_exception_data.failure.NoExecute = 0; 1138 memory_exception_data.failure.ReadOnly = 0; 1139 if (vma && address >= vma->vm_start) { 1140 memory_exception_data.failure.NotPresent = 0; 1141 1142 if (is_write_requested && !(vma->vm_flags & VM_WRITE)) 1143 memory_exception_data.failure.ReadOnly = 1; 1144 else 1145 memory_exception_data.failure.ReadOnly = 0; 1146 1147 if (is_execute_requested && !(vma->vm_flags & VM_EXEC)) 1148 memory_exception_data.failure.NoExecute = 1; 1149 else 1150 memory_exception_data.failure.NoExecute = 0; 1151 } 1152 1153 mmap_read_unlock(mm); 1154 mmput(mm); 1155 1156 pr_debug("notpresent %d, noexecute %d, readonly %d\n", 1157 memory_exception_data.failure.NotPresent, 1158 memory_exception_data.failure.NoExecute, 1159 memory_exception_data.failure.ReadOnly); 1160 1161 /* Workaround on Raven to not kill the process when memory is freed 1162 * before IOMMU is able to finish processing all the excessive PPRs 1163 */ 1164 1165 if (KFD_GC_VERSION(dev) != IP_VERSION(9, 1, 0) && 1166 KFD_GC_VERSION(dev) != IP_VERSION(9, 2, 2) && 1167 KFD_GC_VERSION(dev) != IP_VERSION(9, 3, 0)) { 1168 mutex_lock(&p->event_mutex); 1169 1170 /* Lookup events by type and signal them */ 1171 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY, 1172 &memory_exception_data); 1173 1174 mutex_unlock(&p->event_mutex); 1175 } 1176 1177 kfd_unref_process(p); 1178 } 1179 #endif /* KFD_SUPPORT_IOMMU_V2 */ 1180 1181 void kfd_signal_hw_exception_event(u32 pasid) 1182 { 1183 /* 1184 * Because we are called from arbitrary context (workqueue) as opposed 1185 * to process context, kfd_process could attempt to exit while we are 1186 * running so the lookup function increments the process ref count. 1187 */ 1188 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1189 1190 if (!p) 1191 return; /* Presumably process exited. */ 1192 1193 mutex_lock(&p->event_mutex); 1194 1195 /* Lookup events by type and signal them */ 1196 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL); 1197 1198 mutex_unlock(&p->event_mutex); 1199 kfd_unref_process(p); 1200 } 1201 1202 void kfd_signal_vm_fault_event(struct kfd_dev *dev, u32 pasid, 1203 struct kfd_vm_fault_info *info) 1204 { 1205 struct kfd_event *ev; 1206 uint32_t id; 1207 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1208 struct kfd_hsa_memory_exception_data memory_exception_data; 1209 int user_gpu_id; 1210 1211 if (!p) 1212 return; /* Presumably process exited. */ 1213 1214 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1215 if (unlikely(user_gpu_id == -EINVAL)) { 1216 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1217 return; 1218 } 1219 1220 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1221 memory_exception_data.gpu_id = user_gpu_id; 1222 memory_exception_data.failure.imprecise = true; 1223 /* Set failure reason */ 1224 if (info) { 1225 memory_exception_data.va = (info->page_addr) << PAGE_SHIFT; 1226 memory_exception_data.failure.NotPresent = 1227 info->prot_valid ? 1 : 0; 1228 memory_exception_data.failure.NoExecute = 1229 info->prot_exec ? 1 : 0; 1230 memory_exception_data.failure.ReadOnly = 1231 info->prot_write ? 1 : 0; 1232 memory_exception_data.failure.imprecise = 0; 1233 } 1234 mutex_lock(&p->event_mutex); 1235 1236 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1237 idr_for_each_entry_continue(&p->event_idr, ev, id) 1238 if (ev->type == KFD_EVENT_TYPE_MEMORY) { 1239 ev->memory_exception_data = memory_exception_data; 1240 set_event(ev); 1241 } 1242 1243 mutex_unlock(&p->event_mutex); 1244 kfd_unref_process(p); 1245 } 1246 1247 void kfd_signal_reset_event(struct kfd_dev *dev) 1248 { 1249 struct kfd_hsa_hw_exception_data hw_exception_data; 1250 struct kfd_hsa_memory_exception_data memory_exception_data; 1251 struct kfd_process *p; 1252 struct kfd_event *ev; 1253 unsigned int temp; 1254 uint32_t id, idx; 1255 int reset_cause = atomic_read(&dev->sram_ecc_flag) ? 1256 KFD_HW_EXCEPTION_ECC : 1257 KFD_HW_EXCEPTION_GPU_HANG; 1258 1259 /* Whole gpu reset caused by GPU hang and memory is lost */ 1260 memset(&hw_exception_data, 0, sizeof(hw_exception_data)); 1261 hw_exception_data.memory_lost = 1; 1262 hw_exception_data.reset_cause = reset_cause; 1263 1264 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1265 memory_exception_data.ErrorType = KFD_MEM_ERR_SRAM_ECC; 1266 memory_exception_data.failure.imprecise = true; 1267 1268 idx = srcu_read_lock(&kfd_processes_srcu); 1269 hash_for_each_rcu(kfd_processes_table, temp, p, kfd_processes) { 1270 int user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1271 1272 if (unlikely(user_gpu_id == -EINVAL)) { 1273 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1274 continue; 1275 } 1276 1277 mutex_lock(&p->event_mutex); 1278 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1279 idr_for_each_entry_continue(&p->event_idr, ev, id) { 1280 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) { 1281 ev->hw_exception_data = hw_exception_data; 1282 ev->hw_exception_data.gpu_id = user_gpu_id; 1283 set_event(ev); 1284 } 1285 if (ev->type == KFD_EVENT_TYPE_MEMORY && 1286 reset_cause == KFD_HW_EXCEPTION_ECC) { 1287 ev->memory_exception_data = memory_exception_data; 1288 ev->memory_exception_data.gpu_id = user_gpu_id; 1289 set_event(ev); 1290 } 1291 } 1292 mutex_unlock(&p->event_mutex); 1293 } 1294 srcu_read_unlock(&kfd_processes_srcu, idx); 1295 } 1296 1297 void kfd_signal_poison_consumed_event(struct kfd_dev *dev, u32 pasid) 1298 { 1299 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1300 struct kfd_hsa_memory_exception_data memory_exception_data; 1301 struct kfd_hsa_hw_exception_data hw_exception_data; 1302 struct kfd_event *ev; 1303 uint32_t id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1304 int user_gpu_id; 1305 1306 if (!p) 1307 return; /* Presumably process exited. */ 1308 1309 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1310 if (unlikely(user_gpu_id == -EINVAL)) { 1311 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1312 return; 1313 } 1314 1315 memset(&hw_exception_data, 0, sizeof(hw_exception_data)); 1316 hw_exception_data.gpu_id = user_gpu_id; 1317 hw_exception_data.memory_lost = 1; 1318 hw_exception_data.reset_cause = KFD_HW_EXCEPTION_ECC; 1319 1320 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1321 memory_exception_data.ErrorType = KFD_MEM_ERR_POISON_CONSUMED; 1322 memory_exception_data.gpu_id = user_gpu_id; 1323 memory_exception_data.failure.imprecise = true; 1324 1325 mutex_lock(&p->event_mutex); 1326 idr_for_each_entry_continue(&p->event_idr, ev, id) { 1327 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) { 1328 ev->hw_exception_data = hw_exception_data; 1329 set_event(ev); 1330 } 1331 1332 if (ev->type == KFD_EVENT_TYPE_MEMORY) { 1333 ev->memory_exception_data = memory_exception_data; 1334 set_event(ev); 1335 } 1336 } 1337 mutex_unlock(&p->event_mutex); 1338 1339 /* user application will handle SIGBUS signal */ 1340 send_sig(SIGBUS, p->lead_thread, 0); 1341 1342 kfd_unref_process(p); 1343 } 1344