Loading...
1// SPDX-License-Identifier: GPL-2.0 OR MIT
2/*
3 * Copyright 2014-2022 Advanced Micro Devices, Inc.
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
19 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
20 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
21 * OTHER DEALINGS IN THE SOFTWARE.
22 */
23
24#include <linux/mm_types.h>
25#include <linux/slab.h>
26#include <linux/types.h>
27#include <linux/sched/signal.h>
28#include <linux/sched/mm.h>
29#include <linux/uaccess.h>
30#include <linux/mman.h>
31#include <linux/memory.h>
32#include "kfd_priv.h"
33#include "kfd_events.h"
34#include <linux/device.h>
35
36/*
37 * Wrapper around wait_queue_entry_t
38 */
39struct kfd_event_waiter {
40 wait_queue_entry_t wait;
41 struct kfd_event *event; /* Event to wait for */
42 bool activated; /* Becomes true when event is signaled */
43 bool event_age_enabled; /* set to true when last_event_age is non-zero */
44};
45
46/*
47 * Each signal event needs a 64-bit signal slot where the signaler will write
48 * a 1 before sending an interrupt. (This is needed because some interrupts
49 * do not contain enough spare data bits to identify an event.)
50 * We get whole pages and map them to the process VA.
51 * Individual signal events use their event_id as slot index.
52 */
53struct kfd_signal_page {
54 uint64_t *kernel_address;
55 uint64_t __user *user_address;
56 bool need_to_free_pages;
57};
58
59static uint64_t *page_slots(struct kfd_signal_page *page)
60{
61 return page->kernel_address;
62}
63
64static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p)
65{
66 void *backing_store;
67 struct kfd_signal_page *page;
68
69 page = kzalloc(sizeof(*page), GFP_KERNEL);
70 if (!page)
71 return NULL;
72
73 backing_store = (void *) __get_free_pages(GFP_KERNEL,
74 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
75 if (!backing_store)
76 goto fail_alloc_signal_store;
77
78 /* Initialize all events to unsignaled */
79 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT,
80 KFD_SIGNAL_EVENT_LIMIT * 8);
81
82 page->kernel_address = backing_store;
83 page->need_to_free_pages = true;
84 pr_debug("Allocated new event signal page at %p, for process %p\n",
85 page, p);
86
87 return page;
88
89fail_alloc_signal_store:
90 kfree(page);
91 return NULL;
92}
93
94static int allocate_event_notification_slot(struct kfd_process *p,
95 struct kfd_event *ev,
96 const int *restore_id)
97{
98 int id;
99
100 if (!p->signal_page) {
101 p->signal_page = allocate_signal_page(p);
102 if (!p->signal_page)
103 return -ENOMEM;
104 /* Oldest user mode expects 256 event slots */
105 p->signal_mapped_size = 256*8;
106 }
107
108 if (restore_id) {
109 id = idr_alloc(&p->event_idr, ev, *restore_id, *restore_id + 1,
110 GFP_KERNEL);
111 } else {
112 /*
113 * Compatibility with old user mode: Only use signal slots
114 * user mode has mapped, may be less than
115 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase
116 * of the event limit without breaking user mode.
117 */
118 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8,
119 GFP_KERNEL);
120 }
121 if (id < 0)
122 return id;
123
124 ev->event_id = id;
125 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT;
126
127 return 0;
128}
129
130/*
131 * Assumes that p->event_mutex or rcu_readlock is held and of course that p is
132 * not going away.
133 */
134static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id)
135{
136 return idr_find(&p->event_idr, id);
137}
138
139/**
140 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID
141 * @p: Pointer to struct kfd_process
142 * @id: ID to look up
143 * @bits: Number of valid bits in @id
144 *
145 * Finds the first signaled event with a matching partial ID. If no
146 * matching signaled event is found, returns NULL. In that case the
147 * caller should assume that the partial ID is invalid and do an
148 * exhaustive search of all siglaned events.
149 *
150 * If multiple events with the same partial ID signal at the same
151 * time, they will be found one interrupt at a time, not necessarily
152 * in the same order the interrupts occurred. As long as the number of
153 * interrupts is correct, all signaled events will be seen by the
154 * driver.
155 */
156static struct kfd_event *lookup_signaled_event_by_partial_id(
157 struct kfd_process *p, uint32_t id, uint32_t bits)
158{
159 struct kfd_event *ev;
160
161 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT)
162 return NULL;
163
164 /* Fast path for the common case that @id is not a partial ID
165 * and we only need a single lookup.
166 */
167 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) {
168 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
169 return NULL;
170
171 return idr_find(&p->event_idr, id);
172 }
173
174 /* General case for partial IDs: Iterate over all matching IDs
175 * and find the first one that has signaled.
176 */
177 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) {
178 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
179 continue;
180
181 ev = idr_find(&p->event_idr, id);
182 }
183
184 return ev;
185}
186
187static int create_signal_event(struct file *devkfd, struct kfd_process *p,
188 struct kfd_event *ev, const int *restore_id)
189{
190 int ret;
191
192 if (p->signal_mapped_size &&
193 p->signal_event_count == p->signal_mapped_size / 8) {
194 if (!p->signal_event_limit_reached) {
195 pr_debug("Signal event wasn't created because limit was reached\n");
196 p->signal_event_limit_reached = true;
197 }
198 return -ENOSPC;
199 }
200
201 ret = allocate_event_notification_slot(p, ev, restore_id);
202 if (ret) {
203 pr_warn("Signal event wasn't created because out of kernel memory\n");
204 return ret;
205 }
206
207 p->signal_event_count++;
208
209 ev->user_signal_address = &p->signal_page->user_address[ev->event_id];
210 pr_debug("Signal event number %zu created with id %d, address %p\n",
211 p->signal_event_count, ev->event_id,
212 ev->user_signal_address);
213
214 return 0;
215}
216
217static int create_other_event(struct kfd_process *p, struct kfd_event *ev, const int *restore_id)
218{
219 int id;
220
221 if (restore_id)
222 id = idr_alloc(&p->event_idr, ev, *restore_id, *restore_id + 1,
223 GFP_KERNEL);
224 else
225 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an
226 * intentional integer overflow to -1 without a compiler
227 * warning. idr_alloc treats a negative value as "maximum
228 * signed integer".
229 */
230 id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID,
231 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1,
232 GFP_KERNEL);
233
234 if (id < 0)
235 return id;
236 ev->event_id = id;
237
238 return 0;
239}
240
241int kfd_event_init_process(struct kfd_process *p)
242{
243 int id;
244
245 mutex_init(&p->event_mutex);
246 idr_init(&p->event_idr);
247 p->signal_page = NULL;
248 p->signal_event_count = 1;
249 /* Allocate event ID 0. It is used for a fast path to ignore bogus events
250 * that are sent by the CP without a context ID
251 */
252 id = idr_alloc(&p->event_idr, NULL, 0, 1, GFP_KERNEL);
253 if (id < 0) {
254 idr_destroy(&p->event_idr);
255 mutex_destroy(&p->event_mutex);
256 return id;
257 }
258 return 0;
259}
260
261static void destroy_event(struct kfd_process *p, struct kfd_event *ev)
262{
263 struct kfd_event_waiter *waiter;
264
265 /* Wake up pending waiters. They will return failure */
266 spin_lock(&ev->lock);
267 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
268 WRITE_ONCE(waiter->event, NULL);
269 wake_up_all(&ev->wq);
270 spin_unlock(&ev->lock);
271
272 if (ev->type == KFD_EVENT_TYPE_SIGNAL ||
273 ev->type == KFD_EVENT_TYPE_DEBUG)
274 p->signal_event_count--;
275
276 idr_remove(&p->event_idr, ev->event_id);
277 kfree_rcu(ev, rcu);
278}
279
280static void destroy_events(struct kfd_process *p)
281{
282 struct kfd_event *ev;
283 uint32_t id;
284
285 idr_for_each_entry(&p->event_idr, ev, id)
286 if (ev)
287 destroy_event(p, ev);
288 idr_destroy(&p->event_idr);
289 mutex_destroy(&p->event_mutex);
290}
291
292/*
293 * We assume that the process is being destroyed and there is no need to
294 * unmap the pages or keep bookkeeping data in order.
295 */
296static void shutdown_signal_page(struct kfd_process *p)
297{
298 struct kfd_signal_page *page = p->signal_page;
299
300 if (page) {
301 if (page->need_to_free_pages)
302 free_pages((unsigned long)page->kernel_address,
303 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
304 kfree(page);
305 }
306}
307
308void kfd_event_free_process(struct kfd_process *p)
309{
310 destroy_events(p);
311 shutdown_signal_page(p);
312}
313
314static bool event_can_be_gpu_signaled(const struct kfd_event *ev)
315{
316 return ev->type == KFD_EVENT_TYPE_SIGNAL ||
317 ev->type == KFD_EVENT_TYPE_DEBUG;
318}
319
320static bool event_can_be_cpu_signaled(const struct kfd_event *ev)
321{
322 return ev->type == KFD_EVENT_TYPE_SIGNAL;
323}
324
325static int kfd_event_page_set(struct kfd_process *p, void *kernel_address,
326 uint64_t size, uint64_t user_handle)
327{
328 struct kfd_signal_page *page;
329
330 if (p->signal_page)
331 return -EBUSY;
332
333 page = kzalloc(sizeof(*page), GFP_KERNEL);
334 if (!page)
335 return -ENOMEM;
336
337 /* Initialize all events to unsignaled */
338 memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT,
339 KFD_SIGNAL_EVENT_LIMIT * 8);
340
341 page->kernel_address = kernel_address;
342
343 p->signal_page = page;
344 p->signal_mapped_size = size;
345 p->signal_handle = user_handle;
346 return 0;
347}
348
349int kfd_kmap_event_page(struct kfd_process *p, uint64_t event_page_offset)
350{
351 struct kfd_node *kfd;
352 struct kfd_process_device *pdd;
353 void *mem, *kern_addr;
354 uint64_t size;
355 int err = 0;
356
357 if (p->signal_page) {
358 pr_err("Event page is already set\n");
359 return -EINVAL;
360 }
361
362 pdd = kfd_process_device_data_by_id(p, GET_GPU_ID(event_page_offset));
363 if (!pdd) {
364 pr_err("Getting device by id failed in %s\n", __func__);
365 return -EINVAL;
366 }
367 kfd = pdd->dev;
368
369 pdd = kfd_bind_process_to_device(kfd, p);
370 if (IS_ERR(pdd))
371 return PTR_ERR(pdd);
372
373 mem = kfd_process_device_translate_handle(pdd,
374 GET_IDR_HANDLE(event_page_offset));
375 if (!mem) {
376 pr_err("Can't find BO, offset is 0x%llx\n", event_page_offset);
377 return -EINVAL;
378 }
379
380 err = amdgpu_amdkfd_gpuvm_map_gtt_bo_to_kernel(mem, &kern_addr, &size);
381 if (err) {
382 pr_err("Failed to map event page to kernel\n");
383 return err;
384 }
385
386 err = kfd_event_page_set(p, kern_addr, size, event_page_offset);
387 if (err) {
388 pr_err("Failed to set event page\n");
389 amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel(mem);
390 return err;
391 }
392 return err;
393}
394
395int kfd_event_create(struct file *devkfd, struct kfd_process *p,
396 uint32_t event_type, bool auto_reset, uint32_t node_id,
397 uint32_t *event_id, uint32_t *event_trigger_data,
398 uint64_t *event_page_offset, uint32_t *event_slot_index)
399{
400 int ret = 0;
401 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL);
402
403 if (!ev)
404 return -ENOMEM;
405
406 ev->type = event_type;
407 ev->auto_reset = auto_reset;
408 ev->signaled = false;
409
410 spin_lock_init(&ev->lock);
411 init_waitqueue_head(&ev->wq);
412
413 *event_page_offset = 0;
414
415 mutex_lock(&p->event_mutex);
416
417 switch (event_type) {
418 case KFD_EVENT_TYPE_SIGNAL:
419 case KFD_EVENT_TYPE_DEBUG:
420 ret = create_signal_event(devkfd, p, ev, NULL);
421 if (!ret) {
422 *event_page_offset = KFD_MMAP_TYPE_EVENTS;
423 *event_slot_index = ev->event_id;
424 }
425 break;
426 default:
427 ret = create_other_event(p, ev, NULL);
428 break;
429 }
430
431 if (!ret) {
432 *event_id = ev->event_id;
433 *event_trigger_data = ev->event_id;
434 ev->event_age = 1;
435 } else {
436 kfree(ev);
437 }
438
439 mutex_unlock(&p->event_mutex);
440
441 return ret;
442}
443
444int kfd_criu_restore_event(struct file *devkfd,
445 struct kfd_process *p,
446 uint8_t __user *user_priv_ptr,
447 uint64_t *priv_data_offset,
448 uint64_t max_priv_data_size)
449{
450 struct kfd_criu_event_priv_data *ev_priv;
451 struct kfd_event *ev = NULL;
452 int ret = 0;
453
454 ev_priv = kmalloc(sizeof(*ev_priv), GFP_KERNEL);
455 if (!ev_priv)
456 return -ENOMEM;
457
458 ev = kzalloc(sizeof(*ev), GFP_KERNEL);
459 if (!ev) {
460 ret = -ENOMEM;
461 goto exit;
462 }
463
464 if (*priv_data_offset + sizeof(*ev_priv) > max_priv_data_size) {
465 ret = -EINVAL;
466 goto exit;
467 }
468
469 ret = copy_from_user(ev_priv, user_priv_ptr + *priv_data_offset, sizeof(*ev_priv));
470 if (ret) {
471 ret = -EFAULT;
472 goto exit;
473 }
474 *priv_data_offset += sizeof(*ev_priv);
475
476 if (ev_priv->user_handle) {
477 ret = kfd_kmap_event_page(p, ev_priv->user_handle);
478 if (ret)
479 goto exit;
480 }
481
482 ev->type = ev_priv->type;
483 ev->auto_reset = ev_priv->auto_reset;
484 ev->signaled = ev_priv->signaled;
485
486 spin_lock_init(&ev->lock);
487 init_waitqueue_head(&ev->wq);
488
489 mutex_lock(&p->event_mutex);
490 switch (ev->type) {
491 case KFD_EVENT_TYPE_SIGNAL:
492 case KFD_EVENT_TYPE_DEBUG:
493 ret = create_signal_event(devkfd, p, ev, &ev_priv->event_id);
494 break;
495 case KFD_EVENT_TYPE_MEMORY:
496 memcpy(&ev->memory_exception_data,
497 &ev_priv->memory_exception_data,
498 sizeof(struct kfd_hsa_memory_exception_data));
499
500 ret = create_other_event(p, ev, &ev_priv->event_id);
501 break;
502 case KFD_EVENT_TYPE_HW_EXCEPTION:
503 memcpy(&ev->hw_exception_data,
504 &ev_priv->hw_exception_data,
505 sizeof(struct kfd_hsa_hw_exception_data));
506
507 ret = create_other_event(p, ev, &ev_priv->event_id);
508 break;
509 }
510 mutex_unlock(&p->event_mutex);
511
512exit:
513 if (ret)
514 kfree(ev);
515
516 kfree(ev_priv);
517
518 return ret;
519}
520
521int kfd_criu_checkpoint_events(struct kfd_process *p,
522 uint8_t __user *user_priv_data,
523 uint64_t *priv_data_offset)
524{
525 struct kfd_criu_event_priv_data *ev_privs;
526 int i = 0;
527 int ret = 0;
528 struct kfd_event *ev;
529 uint32_t ev_id;
530
531 uint32_t num_events = kfd_get_num_events(p);
532
533 if (!num_events)
534 return 0;
535
536 ev_privs = kvzalloc(num_events * sizeof(*ev_privs), GFP_KERNEL);
537 if (!ev_privs)
538 return -ENOMEM;
539
540
541 idr_for_each_entry(&p->event_idr, ev, ev_id) {
542 struct kfd_criu_event_priv_data *ev_priv;
543
544 /*
545 * Currently, all events have same size of private_data, but the current ioctl's
546 * and CRIU plugin supports private_data of variable sizes
547 */
548 ev_priv = &ev_privs[i];
549
550 ev_priv->object_type = KFD_CRIU_OBJECT_TYPE_EVENT;
551
552 /* We store the user_handle with the first event */
553 if (i == 0 && p->signal_page)
554 ev_priv->user_handle = p->signal_handle;
555
556 ev_priv->event_id = ev->event_id;
557 ev_priv->auto_reset = ev->auto_reset;
558 ev_priv->type = ev->type;
559 ev_priv->signaled = ev->signaled;
560
561 if (ev_priv->type == KFD_EVENT_TYPE_MEMORY)
562 memcpy(&ev_priv->memory_exception_data,
563 &ev->memory_exception_data,
564 sizeof(struct kfd_hsa_memory_exception_data));
565 else if (ev_priv->type == KFD_EVENT_TYPE_HW_EXCEPTION)
566 memcpy(&ev_priv->hw_exception_data,
567 &ev->hw_exception_data,
568 sizeof(struct kfd_hsa_hw_exception_data));
569
570 pr_debug("Checkpointed event[%d] id = 0x%08x auto_reset = %x type = %x signaled = %x\n",
571 i,
572 ev_priv->event_id,
573 ev_priv->auto_reset,
574 ev_priv->type,
575 ev_priv->signaled);
576 i++;
577 }
578
579 ret = copy_to_user(user_priv_data + *priv_data_offset,
580 ev_privs, num_events * sizeof(*ev_privs));
581 if (ret) {
582 pr_err("Failed to copy events priv to user\n");
583 ret = -EFAULT;
584 }
585
586 *priv_data_offset += num_events * sizeof(*ev_privs);
587
588 kvfree(ev_privs);
589 return ret;
590}
591
592int kfd_get_num_events(struct kfd_process *p)
593{
594 struct kfd_event *ev;
595 uint32_t id;
596 u32 num_events = 0;
597
598 idr_for_each_entry(&p->event_idr, ev, id)
599 num_events++;
600
601 return num_events;
602}
603
604/* Assumes that p is current. */
605int kfd_event_destroy(struct kfd_process *p, uint32_t event_id)
606{
607 struct kfd_event *ev;
608 int ret = 0;
609
610 mutex_lock(&p->event_mutex);
611
612 ev = lookup_event_by_id(p, event_id);
613
614 if (ev)
615 destroy_event(p, ev);
616 else
617 ret = -EINVAL;
618
619 mutex_unlock(&p->event_mutex);
620 return ret;
621}
622
623static void set_event(struct kfd_event *ev)
624{
625 struct kfd_event_waiter *waiter;
626
627 /* Auto reset if the list is non-empty and we're waking
628 * someone. waitqueue_active is safe here because we're
629 * protected by the ev->lock, which is also held when
630 * updating the wait queues in kfd_wait_on_events.
631 */
632 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq);
633 if (!(++ev->event_age)) {
634 /* Never wrap back to reserved/default event age 0/1 */
635 ev->event_age = 2;
636 WARN_ONCE(1, "event_age wrap back!");
637 }
638
639 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
640 WRITE_ONCE(waiter->activated, true);
641
642 wake_up_all(&ev->wq);
643}
644
645/* Assumes that p is current. */
646int kfd_set_event(struct kfd_process *p, uint32_t event_id)
647{
648 int ret = 0;
649 struct kfd_event *ev;
650
651 rcu_read_lock();
652
653 ev = lookup_event_by_id(p, event_id);
654 if (!ev) {
655 ret = -EINVAL;
656 goto unlock_rcu;
657 }
658 spin_lock(&ev->lock);
659
660 if (event_can_be_cpu_signaled(ev))
661 set_event(ev);
662 else
663 ret = -EINVAL;
664
665 spin_unlock(&ev->lock);
666unlock_rcu:
667 rcu_read_unlock();
668 return ret;
669}
670
671static void reset_event(struct kfd_event *ev)
672{
673 ev->signaled = false;
674}
675
676/* Assumes that p is current. */
677int kfd_reset_event(struct kfd_process *p, uint32_t event_id)
678{
679 int ret = 0;
680 struct kfd_event *ev;
681
682 rcu_read_lock();
683
684 ev = lookup_event_by_id(p, event_id);
685 if (!ev) {
686 ret = -EINVAL;
687 goto unlock_rcu;
688 }
689 spin_lock(&ev->lock);
690
691 if (event_can_be_cpu_signaled(ev))
692 reset_event(ev);
693 else
694 ret = -EINVAL;
695
696 spin_unlock(&ev->lock);
697unlock_rcu:
698 rcu_read_unlock();
699 return ret;
700
701}
702
703static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev)
704{
705 WRITE_ONCE(page_slots(p->signal_page)[ev->event_id], UNSIGNALED_EVENT_SLOT);
706}
707
708static void set_event_from_interrupt(struct kfd_process *p,
709 struct kfd_event *ev)
710{
711 if (ev && event_can_be_gpu_signaled(ev)) {
712 acknowledge_signal(p, ev);
713 spin_lock(&ev->lock);
714 set_event(ev);
715 spin_unlock(&ev->lock);
716 }
717}
718
719void kfd_signal_event_interrupt(u32 pasid, uint32_t partial_id,
720 uint32_t valid_id_bits)
721{
722 struct kfd_event *ev = NULL;
723
724 /*
725 * Because we are called from arbitrary context (workqueue) as opposed
726 * to process context, kfd_process could attempt to exit while we are
727 * running so the lookup function increments the process ref count.
728 */
729 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
730
731 if (!p)
732 return; /* Presumably process exited. */
733
734 rcu_read_lock();
735
736 if (valid_id_bits)
737 ev = lookup_signaled_event_by_partial_id(p, partial_id,
738 valid_id_bits);
739 if (ev) {
740 set_event_from_interrupt(p, ev);
741 } else if (p->signal_page) {
742 /*
743 * Partial ID lookup failed. Assume that the event ID
744 * in the interrupt payload was invalid and do an
745 * exhaustive search of signaled events.
746 */
747 uint64_t *slots = page_slots(p->signal_page);
748 uint32_t id;
749
750 if (valid_id_bits)
751 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n",
752 partial_id, valid_id_bits);
753
754 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT / 64) {
755 /* With relatively few events, it's faster to
756 * iterate over the event IDR
757 */
758 idr_for_each_entry(&p->event_idr, ev, id) {
759 if (id >= KFD_SIGNAL_EVENT_LIMIT)
760 break;
761
762 if (READ_ONCE(slots[id]) != UNSIGNALED_EVENT_SLOT)
763 set_event_from_interrupt(p, ev);
764 }
765 } else {
766 /* With relatively many events, it's faster to
767 * iterate over the signal slots and lookup
768 * only signaled events from the IDR.
769 */
770 for (id = 1; id < KFD_SIGNAL_EVENT_LIMIT; id++)
771 if (READ_ONCE(slots[id]) != UNSIGNALED_EVENT_SLOT) {
772 ev = lookup_event_by_id(p, id);
773 set_event_from_interrupt(p, ev);
774 }
775 }
776 }
777
778 rcu_read_unlock();
779 kfd_unref_process(p);
780}
781
782static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events)
783{
784 struct kfd_event_waiter *event_waiters;
785 uint32_t i;
786
787 event_waiters = kcalloc(num_events, sizeof(struct kfd_event_waiter),
788 GFP_KERNEL);
789 if (!event_waiters)
790 return NULL;
791
792 for (i = 0; i < num_events; i++)
793 init_wait(&event_waiters[i].wait);
794
795 return event_waiters;
796}
797
798static int init_event_waiter(struct kfd_process *p,
799 struct kfd_event_waiter *waiter,
800 struct kfd_event_data *event_data)
801{
802 struct kfd_event *ev = lookup_event_by_id(p, event_data->event_id);
803
804 if (!ev)
805 return -EINVAL;
806
807 spin_lock(&ev->lock);
808 waiter->event = ev;
809 waiter->activated = ev->signaled;
810 ev->signaled = ev->signaled && !ev->auto_reset;
811
812 /* last_event_age = 0 reserved for backward compatible */
813 if (waiter->event->type == KFD_EVENT_TYPE_SIGNAL &&
814 event_data->signal_event_data.last_event_age) {
815 waiter->event_age_enabled = true;
816 if (ev->event_age != event_data->signal_event_data.last_event_age)
817 waiter->activated = true;
818 }
819
820 if (!waiter->activated)
821 add_wait_queue(&ev->wq, &waiter->wait);
822 spin_unlock(&ev->lock);
823
824 return 0;
825}
826
827/* test_event_condition - Test condition of events being waited for
828 * @all: Return completion only if all events have signaled
829 * @num_events: Number of events to wait for
830 * @event_waiters: Array of event waiters, one per event
831 *
832 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have
833 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all)
834 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of
835 * the events have been destroyed.
836 */
837static uint32_t test_event_condition(bool all, uint32_t num_events,
838 struct kfd_event_waiter *event_waiters)
839{
840 uint32_t i;
841 uint32_t activated_count = 0;
842
843 for (i = 0; i < num_events; i++) {
844 if (!READ_ONCE(event_waiters[i].event))
845 return KFD_IOC_WAIT_RESULT_FAIL;
846
847 if (READ_ONCE(event_waiters[i].activated)) {
848 if (!all)
849 return KFD_IOC_WAIT_RESULT_COMPLETE;
850
851 activated_count++;
852 }
853 }
854
855 return activated_count == num_events ?
856 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT;
857}
858
859/*
860 * Copy event specific data, if defined.
861 * Currently only memory exception events have additional data to copy to user
862 */
863static int copy_signaled_event_data(uint32_t num_events,
864 struct kfd_event_waiter *event_waiters,
865 struct kfd_event_data __user *data)
866{
867 void *src;
868 void __user *dst;
869 struct kfd_event_waiter *waiter;
870 struct kfd_event *event;
871 uint32_t i, size = 0;
872
873 for (i = 0; i < num_events; i++) {
874 waiter = &event_waiters[i];
875 event = waiter->event;
876 if (!event)
877 return -EINVAL; /* event was destroyed */
878 if (waiter->activated) {
879 if (event->type == KFD_EVENT_TYPE_MEMORY) {
880 dst = &data[i].memory_exception_data;
881 src = &event->memory_exception_data;
882 size = sizeof(struct kfd_hsa_memory_exception_data);
883 } else if (event->type == KFD_EVENT_TYPE_HW_EXCEPTION) {
884 dst = &data[i].memory_exception_data;
885 src = &event->hw_exception_data;
886 size = sizeof(struct kfd_hsa_hw_exception_data);
887 } else if (event->type == KFD_EVENT_TYPE_SIGNAL &&
888 waiter->event_age_enabled) {
889 dst = &data[i].signal_event_data.last_event_age;
890 src = &event->event_age;
891 size = sizeof(u64);
892 }
893 if (size && copy_to_user(dst, src, size))
894 return -EFAULT;
895 }
896 }
897
898 return 0;
899}
900
901static long user_timeout_to_jiffies(uint32_t user_timeout_ms)
902{
903 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE)
904 return 0;
905
906 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE)
907 return MAX_SCHEDULE_TIMEOUT;
908
909 /*
910 * msecs_to_jiffies interprets all values above 2^31-1 as infinite,
911 * but we consider them finite.
912 * This hack is wrong, but nobody is likely to notice.
913 */
914 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF);
915
916 return msecs_to_jiffies(user_timeout_ms) + 1;
917}
918
919static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters,
920 bool undo_auto_reset)
921{
922 uint32_t i;
923
924 for (i = 0; i < num_events; i++)
925 if (waiters[i].event) {
926 spin_lock(&waiters[i].event->lock);
927 remove_wait_queue(&waiters[i].event->wq,
928 &waiters[i].wait);
929 if (undo_auto_reset && waiters[i].activated &&
930 waiters[i].event && waiters[i].event->auto_reset)
931 set_event(waiters[i].event);
932 spin_unlock(&waiters[i].event->lock);
933 }
934
935 kfree(waiters);
936}
937
938int kfd_wait_on_events(struct kfd_process *p,
939 uint32_t num_events, void __user *data,
940 bool all, uint32_t *user_timeout_ms,
941 uint32_t *wait_result)
942{
943 struct kfd_event_data __user *events =
944 (struct kfd_event_data __user *) data;
945 uint32_t i;
946 int ret = 0;
947
948 struct kfd_event_waiter *event_waiters = NULL;
949 long timeout = user_timeout_to_jiffies(*user_timeout_ms);
950
951 event_waiters = alloc_event_waiters(num_events);
952 if (!event_waiters) {
953 ret = -ENOMEM;
954 goto out;
955 }
956
957 /* Use p->event_mutex here to protect against concurrent creation and
958 * destruction of events while we initialize event_waiters.
959 */
960 mutex_lock(&p->event_mutex);
961
962 for (i = 0; i < num_events; i++) {
963 struct kfd_event_data event_data;
964
965 if (copy_from_user(&event_data, &events[i],
966 sizeof(struct kfd_event_data))) {
967 ret = -EFAULT;
968 goto out_unlock;
969 }
970
971 ret = init_event_waiter(p, &event_waiters[i], &event_data);
972 if (ret)
973 goto out_unlock;
974 }
975
976 /* Check condition once. */
977 *wait_result = test_event_condition(all, num_events, event_waiters);
978 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) {
979 ret = copy_signaled_event_data(num_events,
980 event_waiters, events);
981 goto out_unlock;
982 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) {
983 /* This should not happen. Events shouldn't be
984 * destroyed while we're holding the event_mutex
985 */
986 goto out_unlock;
987 }
988
989 mutex_unlock(&p->event_mutex);
990
991 while (true) {
992 if (fatal_signal_pending(current)) {
993 ret = -EINTR;
994 break;
995 }
996
997 if (signal_pending(current)) {
998 ret = -ERESTARTSYS;
999 if (*user_timeout_ms != KFD_EVENT_TIMEOUT_IMMEDIATE &&
1000 *user_timeout_ms != KFD_EVENT_TIMEOUT_INFINITE)
1001 *user_timeout_ms = jiffies_to_msecs(
1002 max(0l, timeout-1));
1003 break;
1004 }
1005
1006 /* Set task state to interruptible sleep before
1007 * checking wake-up conditions. A concurrent wake-up
1008 * will put the task back into runnable state. In that
1009 * case schedule_timeout will not put the task to
1010 * sleep and we'll get a chance to re-check the
1011 * updated conditions almost immediately. Otherwise,
1012 * this race condition would lead to a soft hang or a
1013 * very long sleep.
1014 */
1015 set_current_state(TASK_INTERRUPTIBLE);
1016
1017 *wait_result = test_event_condition(all, num_events,
1018 event_waiters);
1019 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT)
1020 break;
1021
1022 if (timeout <= 0)
1023 break;
1024
1025 timeout = schedule_timeout(timeout);
1026 }
1027 __set_current_state(TASK_RUNNING);
1028
1029 mutex_lock(&p->event_mutex);
1030 /* copy_signaled_event_data may sleep. So this has to happen
1031 * after the task state is set back to RUNNING.
1032 *
1033 * The event may also have been destroyed after signaling. So
1034 * copy_signaled_event_data also must confirm that the event
1035 * still exists. Therefore this must be under the p->event_mutex
1036 * which is also held when events are destroyed.
1037 */
1038 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE)
1039 ret = copy_signaled_event_data(num_events,
1040 event_waiters, events);
1041
1042out_unlock:
1043 free_waiters(num_events, event_waiters, ret == -ERESTARTSYS);
1044 mutex_unlock(&p->event_mutex);
1045out:
1046 if (ret)
1047 *wait_result = KFD_IOC_WAIT_RESULT_FAIL;
1048 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL)
1049 ret = -EIO;
1050
1051 return ret;
1052}
1053
1054int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma)
1055{
1056 unsigned long pfn;
1057 struct kfd_signal_page *page;
1058 int ret;
1059
1060 /* check required size doesn't exceed the allocated size */
1061 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) <
1062 get_order(vma->vm_end - vma->vm_start)) {
1063 pr_err("Event page mmap requested illegal size\n");
1064 return -EINVAL;
1065 }
1066
1067 page = p->signal_page;
1068 if (!page) {
1069 /* Probably KFD bug, but mmap is user-accessible. */
1070 pr_debug("Signal page could not be found\n");
1071 return -EINVAL;
1072 }
1073
1074 pfn = __pa(page->kernel_address);
1075 pfn >>= PAGE_SHIFT;
1076
1077 vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE
1078 | VM_DONTDUMP | VM_PFNMAP);
1079
1080 pr_debug("Mapping signal page\n");
1081 pr_debug(" start user address == 0x%08lx\n", vma->vm_start);
1082 pr_debug(" end user address == 0x%08lx\n", vma->vm_end);
1083 pr_debug(" pfn == 0x%016lX\n", pfn);
1084 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags);
1085 pr_debug(" size == 0x%08lX\n",
1086 vma->vm_end - vma->vm_start);
1087
1088 page->user_address = (uint64_t __user *)vma->vm_start;
1089
1090 /* mapping the page to user process */
1091 ret = remap_pfn_range(vma, vma->vm_start, pfn,
1092 vma->vm_end - vma->vm_start, vma->vm_page_prot);
1093 if (!ret)
1094 p->signal_mapped_size = vma->vm_end - vma->vm_start;
1095
1096 return ret;
1097}
1098
1099/*
1100 * Assumes that p is not going away.
1101 */
1102static void lookup_events_by_type_and_signal(struct kfd_process *p,
1103 int type, void *event_data)
1104{
1105 struct kfd_hsa_memory_exception_data *ev_data;
1106 struct kfd_event *ev;
1107 uint32_t id;
1108 bool send_signal = true;
1109
1110 ev_data = (struct kfd_hsa_memory_exception_data *) event_data;
1111
1112 rcu_read_lock();
1113
1114 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1115 idr_for_each_entry_continue(&p->event_idr, ev, id)
1116 if (ev->type == type) {
1117 send_signal = false;
1118 dev_dbg(kfd_device,
1119 "Event found: id %X type %d",
1120 ev->event_id, ev->type);
1121 spin_lock(&ev->lock);
1122 set_event(ev);
1123 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data)
1124 ev->memory_exception_data = *ev_data;
1125 spin_unlock(&ev->lock);
1126 }
1127
1128 if (type == KFD_EVENT_TYPE_MEMORY) {
1129 dev_warn(kfd_device,
1130 "Sending SIGSEGV to process %d (pasid 0x%x)",
1131 p->lead_thread->pid, p->pasid);
1132 send_sig(SIGSEGV, p->lead_thread, 0);
1133 }
1134
1135 /* Send SIGTERM no event of type "type" has been found*/
1136 if (send_signal) {
1137 if (send_sigterm) {
1138 dev_warn(kfd_device,
1139 "Sending SIGTERM to process %d (pasid 0x%x)",
1140 p->lead_thread->pid, p->pasid);
1141 send_sig(SIGTERM, p->lead_thread, 0);
1142 } else {
1143 dev_err(kfd_device,
1144 "Process %d (pasid 0x%x) got unhandled exception",
1145 p->lead_thread->pid, p->pasid);
1146 }
1147 }
1148
1149 rcu_read_unlock();
1150}
1151
1152void kfd_signal_hw_exception_event(u32 pasid)
1153{
1154 /*
1155 * Because we are called from arbitrary context (workqueue) as opposed
1156 * to process context, kfd_process could attempt to exit while we are
1157 * running so the lookup function increments the process ref count.
1158 */
1159 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
1160
1161 if (!p)
1162 return; /* Presumably process exited. */
1163
1164 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL);
1165 kfd_unref_process(p);
1166}
1167
1168void kfd_signal_vm_fault_event(struct kfd_node *dev, u32 pasid,
1169 struct kfd_vm_fault_info *info,
1170 struct kfd_hsa_memory_exception_data *data)
1171{
1172 struct kfd_event *ev;
1173 uint32_t id;
1174 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
1175 struct kfd_hsa_memory_exception_data memory_exception_data;
1176 int user_gpu_id;
1177
1178 if (!p)
1179 return; /* Presumably process exited. */
1180
1181 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id);
1182 if (unlikely(user_gpu_id == -EINVAL)) {
1183 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id);
1184 return;
1185 }
1186
1187 /* SoC15 chips and onwards will pass in data from now on. */
1188 if (!data) {
1189 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
1190 memory_exception_data.gpu_id = user_gpu_id;
1191 memory_exception_data.failure.imprecise = true;
1192
1193 /* Set failure reason */
1194 if (info) {
1195 memory_exception_data.va = (info->page_addr) <<
1196 PAGE_SHIFT;
1197 memory_exception_data.failure.NotPresent =
1198 info->prot_valid ? 1 : 0;
1199 memory_exception_data.failure.NoExecute =
1200 info->prot_exec ? 1 : 0;
1201 memory_exception_data.failure.ReadOnly =
1202 info->prot_write ? 1 : 0;
1203 memory_exception_data.failure.imprecise = 0;
1204 }
1205 }
1206
1207 rcu_read_lock();
1208
1209 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1210 idr_for_each_entry_continue(&p->event_idr, ev, id)
1211 if (ev->type == KFD_EVENT_TYPE_MEMORY) {
1212 spin_lock(&ev->lock);
1213 ev->memory_exception_data = data ? *data :
1214 memory_exception_data;
1215 set_event(ev);
1216 spin_unlock(&ev->lock);
1217 }
1218
1219 rcu_read_unlock();
1220 kfd_unref_process(p);
1221}
1222
1223void kfd_signal_reset_event(struct kfd_node *dev)
1224{
1225 struct kfd_hsa_hw_exception_data hw_exception_data;
1226 struct kfd_hsa_memory_exception_data memory_exception_data;
1227 struct kfd_process *p;
1228 struct kfd_event *ev;
1229 unsigned int temp;
1230 uint32_t id, idx;
1231 int reset_cause = atomic_read(&dev->sram_ecc_flag) ?
1232 KFD_HW_EXCEPTION_ECC :
1233 KFD_HW_EXCEPTION_GPU_HANG;
1234
1235 /* Whole gpu reset caused by GPU hang and memory is lost */
1236 memset(&hw_exception_data, 0, sizeof(hw_exception_data));
1237 hw_exception_data.memory_lost = 1;
1238 hw_exception_data.reset_cause = reset_cause;
1239
1240 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
1241 memory_exception_data.ErrorType = KFD_MEM_ERR_SRAM_ECC;
1242 memory_exception_data.failure.imprecise = true;
1243
1244 idx = srcu_read_lock(&kfd_processes_srcu);
1245 hash_for_each_rcu(kfd_processes_table, temp, p, kfd_processes) {
1246 int user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id);
1247
1248 if (unlikely(user_gpu_id == -EINVAL)) {
1249 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id);
1250 continue;
1251 }
1252
1253 rcu_read_lock();
1254
1255 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1256 idr_for_each_entry_continue(&p->event_idr, ev, id) {
1257 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) {
1258 spin_lock(&ev->lock);
1259 ev->hw_exception_data = hw_exception_data;
1260 ev->hw_exception_data.gpu_id = user_gpu_id;
1261 set_event(ev);
1262 spin_unlock(&ev->lock);
1263 }
1264 if (ev->type == KFD_EVENT_TYPE_MEMORY &&
1265 reset_cause == KFD_HW_EXCEPTION_ECC) {
1266 spin_lock(&ev->lock);
1267 ev->memory_exception_data = memory_exception_data;
1268 ev->memory_exception_data.gpu_id = user_gpu_id;
1269 set_event(ev);
1270 spin_unlock(&ev->lock);
1271 }
1272 }
1273
1274 rcu_read_unlock();
1275 }
1276 srcu_read_unlock(&kfd_processes_srcu, idx);
1277}
1278
1279void kfd_signal_poison_consumed_event(struct kfd_node *dev, u32 pasid)
1280{
1281 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
1282 struct kfd_hsa_memory_exception_data memory_exception_data;
1283 struct kfd_hsa_hw_exception_data hw_exception_data;
1284 struct kfd_event *ev;
1285 uint32_t id = KFD_FIRST_NONSIGNAL_EVENT_ID;
1286 int user_gpu_id;
1287
1288 if (!p) {
1289 dev_warn(dev->adev->dev, "Not find process with pasid:%d\n", pasid);
1290 return; /* Presumably process exited. */
1291 }
1292
1293 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id);
1294 if (unlikely(user_gpu_id == -EINVAL)) {
1295 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id);
1296 return;
1297 }
1298
1299 memset(&hw_exception_data, 0, sizeof(hw_exception_data));
1300 hw_exception_data.gpu_id = user_gpu_id;
1301 hw_exception_data.memory_lost = 1;
1302 hw_exception_data.reset_cause = KFD_HW_EXCEPTION_ECC;
1303
1304 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
1305 memory_exception_data.ErrorType = KFD_MEM_ERR_POISON_CONSUMED;
1306 memory_exception_data.gpu_id = user_gpu_id;
1307 memory_exception_data.failure.imprecise = true;
1308
1309 rcu_read_lock();
1310
1311 idr_for_each_entry_continue(&p->event_idr, ev, id) {
1312 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) {
1313 spin_lock(&ev->lock);
1314 ev->hw_exception_data = hw_exception_data;
1315 set_event(ev);
1316 spin_unlock(&ev->lock);
1317 }
1318
1319 if (ev->type == KFD_EVENT_TYPE_MEMORY) {
1320 spin_lock(&ev->lock);
1321 ev->memory_exception_data = memory_exception_data;
1322 set_event(ev);
1323 spin_unlock(&ev->lock);
1324 }
1325 }
1326
1327 dev_warn(dev->adev->dev, "Send SIGBUS to process %s(pasid:%d)\n",
1328 p->lead_thread->comm, pasid);
1329 rcu_read_unlock();
1330
1331 /* user application will handle SIGBUS signal */
1332 send_sig(SIGBUS, p->lead_thread, 0);
1333
1334 kfd_unref_process(p);
1335}
1/*
2 * Copyright 2014 Advanced Micro Devices, Inc.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a
5 * copy of this software and associated documentation files (the "Software"),
6 * to deal in the Software without restriction, including without limitation
7 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
8 * and/or sell copies of the Software, and to permit persons to whom the
9 * Software is furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
17 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR
18 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
19 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
20 * OTHER DEALINGS IN THE SOFTWARE.
21 */
22
23#include <linux/mm_types.h>
24#include <linux/slab.h>
25#include <linux/types.h>
26#include <linux/sched/signal.h>
27#include <linux/sched/mm.h>
28#include <linux/uaccess.h>
29#include <linux/mman.h>
30#include <linux/memory.h>
31#include "kfd_priv.h"
32#include "kfd_events.h"
33#include "kfd_iommu.h"
34#include <linux/device.h>
35
36/*
37 * Wrapper around wait_queue_entry_t
38 */
39struct kfd_event_waiter {
40 wait_queue_entry_t wait;
41 struct kfd_event *event; /* Event to wait for */
42 bool activated; /* Becomes true when event is signaled */
43};
44
45/*
46 * Each signal event needs a 64-bit signal slot where the signaler will write
47 * a 1 before sending an interrupt. (This is needed because some interrupts
48 * do not contain enough spare data bits to identify an event.)
49 * We get whole pages and map them to the process VA.
50 * Individual signal events use their event_id as slot index.
51 */
52struct kfd_signal_page {
53 uint64_t *kernel_address;
54 uint64_t __user *user_address;
55 bool need_to_free_pages;
56};
57
58
59static uint64_t *page_slots(struct kfd_signal_page *page)
60{
61 return page->kernel_address;
62}
63
64static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p)
65{
66 void *backing_store;
67 struct kfd_signal_page *page;
68
69 page = kzalloc(sizeof(*page), GFP_KERNEL);
70 if (!page)
71 return NULL;
72
73 backing_store = (void *) __get_free_pages(GFP_KERNEL,
74 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
75 if (!backing_store)
76 goto fail_alloc_signal_store;
77
78 /* Initialize all events to unsignaled */
79 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT,
80 KFD_SIGNAL_EVENT_LIMIT * 8);
81
82 page->kernel_address = backing_store;
83 page->need_to_free_pages = true;
84 pr_debug("Allocated new event signal page at %p, for process %p\n",
85 page, p);
86
87 return page;
88
89fail_alloc_signal_store:
90 kfree(page);
91 return NULL;
92}
93
94static int allocate_event_notification_slot(struct kfd_process *p,
95 struct kfd_event *ev)
96{
97 int id;
98
99 if (!p->signal_page) {
100 p->signal_page = allocate_signal_page(p);
101 if (!p->signal_page)
102 return -ENOMEM;
103 /* Oldest user mode expects 256 event slots */
104 p->signal_mapped_size = 256*8;
105 }
106
107 /*
108 * Compatibility with old user mode: Only use signal slots
109 * user mode has mapped, may be less than
110 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase
111 * of the event limit without breaking user mode.
112 */
113 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8,
114 GFP_KERNEL);
115 if (id < 0)
116 return id;
117
118 ev->event_id = id;
119 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT;
120
121 return 0;
122}
123
124/*
125 * Assumes that p->event_mutex is held and of course that p is not going
126 * away (current or locked).
127 */
128static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id)
129{
130 return idr_find(&p->event_idr, id);
131}
132
133/**
134 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID
135 * @p: Pointer to struct kfd_process
136 * @id: ID to look up
137 * @bits: Number of valid bits in @id
138 *
139 * Finds the first signaled event with a matching partial ID. If no
140 * matching signaled event is found, returns NULL. In that case the
141 * caller should assume that the partial ID is invalid and do an
142 * exhaustive search of all siglaned events.
143 *
144 * If multiple events with the same partial ID signal at the same
145 * time, they will be found one interrupt at a time, not necessarily
146 * in the same order the interrupts occurred. As long as the number of
147 * interrupts is correct, all signaled events will be seen by the
148 * driver.
149 */
150static struct kfd_event *lookup_signaled_event_by_partial_id(
151 struct kfd_process *p, uint32_t id, uint32_t bits)
152{
153 struct kfd_event *ev;
154
155 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT)
156 return NULL;
157
158 /* Fast path for the common case that @id is not a partial ID
159 * and we only need a single lookup.
160 */
161 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) {
162 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
163 return NULL;
164
165 return idr_find(&p->event_idr, id);
166 }
167
168 /* General case for partial IDs: Iterate over all matching IDs
169 * and find the first one that has signaled.
170 */
171 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) {
172 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT)
173 continue;
174
175 ev = idr_find(&p->event_idr, id);
176 }
177
178 return ev;
179}
180
181static int create_signal_event(struct file *devkfd,
182 struct kfd_process *p,
183 struct kfd_event *ev)
184{
185 int ret;
186
187 if (p->signal_mapped_size &&
188 p->signal_event_count == p->signal_mapped_size / 8) {
189 if (!p->signal_event_limit_reached) {
190 pr_warn("Signal event wasn't created because limit was reached\n");
191 p->signal_event_limit_reached = true;
192 }
193 return -ENOSPC;
194 }
195
196 ret = allocate_event_notification_slot(p, ev);
197 if (ret) {
198 pr_warn("Signal event wasn't created because out of kernel memory\n");
199 return ret;
200 }
201
202 p->signal_event_count++;
203
204 ev->user_signal_address = &p->signal_page->user_address[ev->event_id];
205 pr_debug("Signal event number %zu created with id %d, address %p\n",
206 p->signal_event_count, ev->event_id,
207 ev->user_signal_address);
208
209 return 0;
210}
211
212static int create_other_event(struct kfd_process *p, struct kfd_event *ev)
213{
214 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an
215 * intentional integer overflow to -1 without a compiler
216 * warning. idr_alloc treats a negative value as "maximum
217 * signed integer".
218 */
219 int id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID,
220 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1,
221 GFP_KERNEL);
222
223 if (id < 0)
224 return id;
225 ev->event_id = id;
226
227 return 0;
228}
229
230void kfd_event_init_process(struct kfd_process *p)
231{
232 mutex_init(&p->event_mutex);
233 idr_init(&p->event_idr);
234 p->signal_page = NULL;
235 p->signal_event_count = 0;
236}
237
238static void destroy_event(struct kfd_process *p, struct kfd_event *ev)
239{
240 struct kfd_event_waiter *waiter;
241
242 /* Wake up pending waiters. They will return failure */
243 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
244 waiter->event = NULL;
245 wake_up_all(&ev->wq);
246
247 if (ev->type == KFD_EVENT_TYPE_SIGNAL ||
248 ev->type == KFD_EVENT_TYPE_DEBUG)
249 p->signal_event_count--;
250
251 idr_remove(&p->event_idr, ev->event_id);
252 kfree(ev);
253}
254
255static void destroy_events(struct kfd_process *p)
256{
257 struct kfd_event *ev;
258 uint32_t id;
259
260 idr_for_each_entry(&p->event_idr, ev, id)
261 destroy_event(p, ev);
262 idr_destroy(&p->event_idr);
263}
264
265/*
266 * We assume that the process is being destroyed and there is no need to
267 * unmap the pages or keep bookkeeping data in order.
268 */
269static void shutdown_signal_page(struct kfd_process *p)
270{
271 struct kfd_signal_page *page = p->signal_page;
272
273 if (page) {
274 if (page->need_to_free_pages)
275 free_pages((unsigned long)page->kernel_address,
276 get_order(KFD_SIGNAL_EVENT_LIMIT * 8));
277 kfree(page);
278 }
279}
280
281void kfd_event_free_process(struct kfd_process *p)
282{
283 destroy_events(p);
284 shutdown_signal_page(p);
285}
286
287static bool event_can_be_gpu_signaled(const struct kfd_event *ev)
288{
289 return ev->type == KFD_EVENT_TYPE_SIGNAL ||
290 ev->type == KFD_EVENT_TYPE_DEBUG;
291}
292
293static bool event_can_be_cpu_signaled(const struct kfd_event *ev)
294{
295 return ev->type == KFD_EVENT_TYPE_SIGNAL;
296}
297
298int kfd_event_page_set(struct kfd_process *p, void *kernel_address,
299 uint64_t size)
300{
301 struct kfd_signal_page *page;
302
303 if (p->signal_page)
304 return -EBUSY;
305
306 page = kzalloc(sizeof(*page), GFP_KERNEL);
307 if (!page)
308 return -ENOMEM;
309
310 /* Initialize all events to unsignaled */
311 memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT,
312 KFD_SIGNAL_EVENT_LIMIT * 8);
313
314 page->kernel_address = kernel_address;
315
316 p->signal_page = page;
317 p->signal_mapped_size = size;
318
319 return 0;
320}
321
322int kfd_event_create(struct file *devkfd, struct kfd_process *p,
323 uint32_t event_type, bool auto_reset, uint32_t node_id,
324 uint32_t *event_id, uint32_t *event_trigger_data,
325 uint64_t *event_page_offset, uint32_t *event_slot_index)
326{
327 int ret = 0;
328 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL);
329
330 if (!ev)
331 return -ENOMEM;
332
333 ev->type = event_type;
334 ev->auto_reset = auto_reset;
335 ev->signaled = false;
336
337 init_waitqueue_head(&ev->wq);
338
339 *event_page_offset = 0;
340
341 mutex_lock(&p->event_mutex);
342
343 switch (event_type) {
344 case KFD_EVENT_TYPE_SIGNAL:
345 case KFD_EVENT_TYPE_DEBUG:
346 ret = create_signal_event(devkfd, p, ev);
347 if (!ret) {
348 *event_page_offset = KFD_MMAP_EVENTS_MASK;
349 *event_page_offset <<= PAGE_SHIFT;
350 *event_slot_index = ev->event_id;
351 }
352 break;
353 default:
354 ret = create_other_event(p, ev);
355 break;
356 }
357
358 if (!ret) {
359 *event_id = ev->event_id;
360 *event_trigger_data = ev->event_id;
361 } else {
362 kfree(ev);
363 }
364
365 mutex_unlock(&p->event_mutex);
366
367 return ret;
368}
369
370/* Assumes that p is current. */
371int kfd_event_destroy(struct kfd_process *p, uint32_t event_id)
372{
373 struct kfd_event *ev;
374 int ret = 0;
375
376 mutex_lock(&p->event_mutex);
377
378 ev = lookup_event_by_id(p, event_id);
379
380 if (ev)
381 destroy_event(p, ev);
382 else
383 ret = -EINVAL;
384
385 mutex_unlock(&p->event_mutex);
386 return ret;
387}
388
389static void set_event(struct kfd_event *ev)
390{
391 struct kfd_event_waiter *waiter;
392
393 /* Auto reset if the list is non-empty and we're waking
394 * someone. waitqueue_active is safe here because we're
395 * protected by the p->event_mutex, which is also held when
396 * updating the wait queues in kfd_wait_on_events.
397 */
398 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq);
399
400 list_for_each_entry(waiter, &ev->wq.head, wait.entry)
401 waiter->activated = true;
402
403 wake_up_all(&ev->wq);
404}
405
406/* Assumes that p is current. */
407int kfd_set_event(struct kfd_process *p, uint32_t event_id)
408{
409 int ret = 0;
410 struct kfd_event *ev;
411
412 mutex_lock(&p->event_mutex);
413
414 ev = lookup_event_by_id(p, event_id);
415
416 if (ev && event_can_be_cpu_signaled(ev))
417 set_event(ev);
418 else
419 ret = -EINVAL;
420
421 mutex_unlock(&p->event_mutex);
422 return ret;
423}
424
425static void reset_event(struct kfd_event *ev)
426{
427 ev->signaled = false;
428}
429
430/* Assumes that p is current. */
431int kfd_reset_event(struct kfd_process *p, uint32_t event_id)
432{
433 int ret = 0;
434 struct kfd_event *ev;
435
436 mutex_lock(&p->event_mutex);
437
438 ev = lookup_event_by_id(p, event_id);
439
440 if (ev && event_can_be_cpu_signaled(ev))
441 reset_event(ev);
442 else
443 ret = -EINVAL;
444
445 mutex_unlock(&p->event_mutex);
446 return ret;
447
448}
449
450static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev)
451{
452 page_slots(p->signal_page)[ev->event_id] = UNSIGNALED_EVENT_SLOT;
453}
454
455static void set_event_from_interrupt(struct kfd_process *p,
456 struct kfd_event *ev)
457{
458 if (ev && event_can_be_gpu_signaled(ev)) {
459 acknowledge_signal(p, ev);
460 set_event(ev);
461 }
462}
463
464void kfd_signal_event_interrupt(unsigned int pasid, uint32_t partial_id,
465 uint32_t valid_id_bits)
466{
467 struct kfd_event *ev = NULL;
468
469 /*
470 * Because we are called from arbitrary context (workqueue) as opposed
471 * to process context, kfd_process could attempt to exit while we are
472 * running so the lookup function increments the process ref count.
473 */
474 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
475
476 if (!p)
477 return; /* Presumably process exited. */
478
479 mutex_lock(&p->event_mutex);
480
481 if (valid_id_bits)
482 ev = lookup_signaled_event_by_partial_id(p, partial_id,
483 valid_id_bits);
484 if (ev) {
485 set_event_from_interrupt(p, ev);
486 } else if (p->signal_page) {
487 /*
488 * Partial ID lookup failed. Assume that the event ID
489 * in the interrupt payload was invalid and do an
490 * exhaustive search of signaled events.
491 */
492 uint64_t *slots = page_slots(p->signal_page);
493 uint32_t id;
494
495 if (valid_id_bits)
496 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n",
497 partial_id, valid_id_bits);
498
499 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT/2) {
500 /* With relatively few events, it's faster to
501 * iterate over the event IDR
502 */
503 idr_for_each_entry(&p->event_idr, ev, id) {
504 if (id >= KFD_SIGNAL_EVENT_LIMIT)
505 break;
506
507 if (slots[id] != UNSIGNALED_EVENT_SLOT)
508 set_event_from_interrupt(p, ev);
509 }
510 } else {
511 /* With relatively many events, it's faster to
512 * iterate over the signal slots and lookup
513 * only signaled events from the IDR.
514 */
515 for (id = 0; id < KFD_SIGNAL_EVENT_LIMIT; id++)
516 if (slots[id] != UNSIGNALED_EVENT_SLOT) {
517 ev = lookup_event_by_id(p, id);
518 set_event_from_interrupt(p, ev);
519 }
520 }
521 }
522
523 mutex_unlock(&p->event_mutex);
524 kfd_unref_process(p);
525}
526
527static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events)
528{
529 struct kfd_event_waiter *event_waiters;
530 uint32_t i;
531
532 event_waiters = kmalloc_array(num_events,
533 sizeof(struct kfd_event_waiter),
534 GFP_KERNEL);
535
536 for (i = 0; (event_waiters) && (i < num_events) ; i++) {
537 init_wait(&event_waiters[i].wait);
538 event_waiters[i].activated = false;
539 }
540
541 return event_waiters;
542}
543
544static int init_event_waiter_get_status(struct kfd_process *p,
545 struct kfd_event_waiter *waiter,
546 uint32_t event_id)
547{
548 struct kfd_event *ev = lookup_event_by_id(p, event_id);
549
550 if (!ev)
551 return -EINVAL;
552
553 waiter->event = ev;
554 waiter->activated = ev->signaled;
555 ev->signaled = ev->signaled && !ev->auto_reset;
556
557 return 0;
558}
559
560static void init_event_waiter_add_to_waitlist(struct kfd_event_waiter *waiter)
561{
562 struct kfd_event *ev = waiter->event;
563
564 /* Only add to the wait list if we actually need to
565 * wait on this event.
566 */
567 if (!waiter->activated)
568 add_wait_queue(&ev->wq, &waiter->wait);
569}
570
571/* test_event_condition - Test condition of events being waited for
572 * @all: Return completion only if all events have signaled
573 * @num_events: Number of events to wait for
574 * @event_waiters: Array of event waiters, one per event
575 *
576 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have
577 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all)
578 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of
579 * the events have been destroyed.
580 */
581static uint32_t test_event_condition(bool all, uint32_t num_events,
582 struct kfd_event_waiter *event_waiters)
583{
584 uint32_t i;
585 uint32_t activated_count = 0;
586
587 for (i = 0; i < num_events; i++) {
588 if (!event_waiters[i].event)
589 return KFD_IOC_WAIT_RESULT_FAIL;
590
591 if (event_waiters[i].activated) {
592 if (!all)
593 return KFD_IOC_WAIT_RESULT_COMPLETE;
594
595 activated_count++;
596 }
597 }
598
599 return activated_count == num_events ?
600 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT;
601}
602
603/*
604 * Copy event specific data, if defined.
605 * Currently only memory exception events have additional data to copy to user
606 */
607static int copy_signaled_event_data(uint32_t num_events,
608 struct kfd_event_waiter *event_waiters,
609 struct kfd_event_data __user *data)
610{
611 struct kfd_hsa_memory_exception_data *src;
612 struct kfd_hsa_memory_exception_data __user *dst;
613 struct kfd_event_waiter *waiter;
614 struct kfd_event *event;
615 uint32_t i;
616
617 for (i = 0; i < num_events; i++) {
618 waiter = &event_waiters[i];
619 event = waiter->event;
620 if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) {
621 dst = &data[i].memory_exception_data;
622 src = &event->memory_exception_data;
623 if (copy_to_user(dst, src,
624 sizeof(struct kfd_hsa_memory_exception_data)))
625 return -EFAULT;
626 }
627 }
628
629 return 0;
630
631}
632
633
634
635static long user_timeout_to_jiffies(uint32_t user_timeout_ms)
636{
637 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE)
638 return 0;
639
640 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE)
641 return MAX_SCHEDULE_TIMEOUT;
642
643 /*
644 * msecs_to_jiffies interprets all values above 2^31-1 as infinite,
645 * but we consider them finite.
646 * This hack is wrong, but nobody is likely to notice.
647 */
648 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF);
649
650 return msecs_to_jiffies(user_timeout_ms) + 1;
651}
652
653static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters)
654{
655 uint32_t i;
656
657 for (i = 0; i < num_events; i++)
658 if (waiters[i].event)
659 remove_wait_queue(&waiters[i].event->wq,
660 &waiters[i].wait);
661
662 kfree(waiters);
663}
664
665int kfd_wait_on_events(struct kfd_process *p,
666 uint32_t num_events, void __user *data,
667 bool all, uint32_t user_timeout_ms,
668 uint32_t *wait_result)
669{
670 struct kfd_event_data __user *events =
671 (struct kfd_event_data __user *) data;
672 uint32_t i;
673 int ret = 0;
674
675 struct kfd_event_waiter *event_waiters = NULL;
676 long timeout = user_timeout_to_jiffies(user_timeout_ms);
677
678 event_waiters = alloc_event_waiters(num_events);
679 if (!event_waiters) {
680 ret = -ENOMEM;
681 goto out;
682 }
683
684 mutex_lock(&p->event_mutex);
685
686 for (i = 0; i < num_events; i++) {
687 struct kfd_event_data event_data;
688
689 if (copy_from_user(&event_data, &events[i],
690 sizeof(struct kfd_event_data))) {
691 ret = -EFAULT;
692 goto out_unlock;
693 }
694
695 ret = init_event_waiter_get_status(p, &event_waiters[i],
696 event_data.event_id);
697 if (ret)
698 goto out_unlock;
699 }
700
701 /* Check condition once. */
702 *wait_result = test_event_condition(all, num_events, event_waiters);
703 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) {
704 ret = copy_signaled_event_data(num_events,
705 event_waiters, events);
706 goto out_unlock;
707 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) {
708 /* This should not happen. Events shouldn't be
709 * destroyed while we're holding the event_mutex
710 */
711 goto out_unlock;
712 }
713
714 /* Add to wait lists if we need to wait. */
715 for (i = 0; i < num_events; i++)
716 init_event_waiter_add_to_waitlist(&event_waiters[i]);
717
718 mutex_unlock(&p->event_mutex);
719
720 while (true) {
721 if (fatal_signal_pending(current)) {
722 ret = -EINTR;
723 break;
724 }
725
726 if (signal_pending(current)) {
727 /*
728 * This is wrong when a nonzero, non-infinite timeout
729 * is specified. We need to use
730 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block
731 * contains a union with data for each user and it's
732 * in generic kernel code that I don't want to
733 * touch yet.
734 */
735 ret = -ERESTARTSYS;
736 break;
737 }
738
739 /* Set task state to interruptible sleep before
740 * checking wake-up conditions. A concurrent wake-up
741 * will put the task back into runnable state. In that
742 * case schedule_timeout will not put the task to
743 * sleep and we'll get a chance to re-check the
744 * updated conditions almost immediately. Otherwise,
745 * this race condition would lead to a soft hang or a
746 * very long sleep.
747 */
748 set_current_state(TASK_INTERRUPTIBLE);
749
750 *wait_result = test_event_condition(all, num_events,
751 event_waiters);
752 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT)
753 break;
754
755 if (timeout <= 0)
756 break;
757
758 timeout = schedule_timeout(timeout);
759 }
760 __set_current_state(TASK_RUNNING);
761
762 /* copy_signaled_event_data may sleep. So this has to happen
763 * after the task state is set back to RUNNING.
764 */
765 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE)
766 ret = copy_signaled_event_data(num_events,
767 event_waiters, events);
768
769 mutex_lock(&p->event_mutex);
770out_unlock:
771 free_waiters(num_events, event_waiters);
772 mutex_unlock(&p->event_mutex);
773out:
774 if (ret)
775 *wait_result = KFD_IOC_WAIT_RESULT_FAIL;
776 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL)
777 ret = -EIO;
778
779 return ret;
780}
781
782int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma)
783{
784 unsigned long pfn;
785 struct kfd_signal_page *page;
786 int ret;
787
788 /* check required size doesn't exceed the allocated size */
789 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) <
790 get_order(vma->vm_end - vma->vm_start)) {
791 pr_err("Event page mmap requested illegal size\n");
792 return -EINVAL;
793 }
794
795 page = p->signal_page;
796 if (!page) {
797 /* Probably KFD bug, but mmap is user-accessible. */
798 pr_debug("Signal page could not be found\n");
799 return -EINVAL;
800 }
801
802 pfn = __pa(page->kernel_address);
803 pfn >>= PAGE_SHIFT;
804
805 vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE
806 | VM_DONTDUMP | VM_PFNMAP;
807
808 pr_debug("Mapping signal page\n");
809 pr_debug(" start user address == 0x%08lx\n", vma->vm_start);
810 pr_debug(" end user address == 0x%08lx\n", vma->vm_end);
811 pr_debug(" pfn == 0x%016lX\n", pfn);
812 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags);
813 pr_debug(" size == 0x%08lX\n",
814 vma->vm_end - vma->vm_start);
815
816 page->user_address = (uint64_t __user *)vma->vm_start;
817
818 /* mapping the page to user process */
819 ret = remap_pfn_range(vma, vma->vm_start, pfn,
820 vma->vm_end - vma->vm_start, vma->vm_page_prot);
821 if (!ret)
822 p->signal_mapped_size = vma->vm_end - vma->vm_start;
823
824 return ret;
825}
826
827/*
828 * Assumes that p->event_mutex is held and of course
829 * that p is not going away (current or locked).
830 */
831static void lookup_events_by_type_and_signal(struct kfd_process *p,
832 int type, void *event_data)
833{
834 struct kfd_hsa_memory_exception_data *ev_data;
835 struct kfd_event *ev;
836 uint32_t id;
837 bool send_signal = true;
838
839 ev_data = (struct kfd_hsa_memory_exception_data *) event_data;
840
841 id = KFD_FIRST_NONSIGNAL_EVENT_ID;
842 idr_for_each_entry_continue(&p->event_idr, ev, id)
843 if (ev->type == type) {
844 send_signal = false;
845 dev_dbg(kfd_device,
846 "Event found: id %X type %d",
847 ev->event_id, ev->type);
848 set_event(ev);
849 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data)
850 ev->memory_exception_data = *ev_data;
851 }
852
853 /* Send SIGTERM no event of type "type" has been found*/
854 if (send_signal) {
855 if (send_sigterm) {
856 dev_warn(kfd_device,
857 "Sending SIGTERM to HSA Process with PID %d ",
858 p->lead_thread->pid);
859 send_sig(SIGTERM, p->lead_thread, 0);
860 } else {
861 dev_err(kfd_device,
862 "HSA Process (PID %d) got unhandled exception",
863 p->lead_thread->pid);
864 }
865 }
866}
867
868#ifdef KFD_SUPPORT_IOMMU_V2
869void kfd_signal_iommu_event(struct kfd_dev *dev, unsigned int pasid,
870 unsigned long address, bool is_write_requested,
871 bool is_execute_requested)
872{
873 struct kfd_hsa_memory_exception_data memory_exception_data;
874 struct vm_area_struct *vma;
875
876 /*
877 * Because we are called from arbitrary context (workqueue) as opposed
878 * to process context, kfd_process could attempt to exit while we are
879 * running so the lookup function increments the process ref count.
880 */
881 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
882 struct mm_struct *mm;
883
884 if (!p)
885 return; /* Presumably process exited. */
886
887 /* Take a safe reference to the mm_struct, which may otherwise
888 * disappear even while the kfd_process is still referenced.
889 */
890 mm = get_task_mm(p->lead_thread);
891 if (!mm) {
892 kfd_unref_process(p);
893 return; /* Process is exiting */
894 }
895
896 memset(&memory_exception_data, 0, sizeof(memory_exception_data));
897
898 down_read(&mm->mmap_sem);
899 vma = find_vma(mm, address);
900
901 memory_exception_data.gpu_id = dev->id;
902 memory_exception_data.va = address;
903 /* Set failure reason */
904 memory_exception_data.failure.NotPresent = 1;
905 memory_exception_data.failure.NoExecute = 0;
906 memory_exception_data.failure.ReadOnly = 0;
907 if (vma) {
908 if (vma->vm_start > address) {
909 memory_exception_data.failure.NotPresent = 1;
910 memory_exception_data.failure.NoExecute = 0;
911 memory_exception_data.failure.ReadOnly = 0;
912 } else {
913 memory_exception_data.failure.NotPresent = 0;
914 if (is_write_requested && !(vma->vm_flags & VM_WRITE))
915 memory_exception_data.failure.ReadOnly = 1;
916 else
917 memory_exception_data.failure.ReadOnly = 0;
918 if (is_execute_requested && !(vma->vm_flags & VM_EXEC))
919 memory_exception_data.failure.NoExecute = 1;
920 else
921 memory_exception_data.failure.NoExecute = 0;
922 }
923 }
924
925 up_read(&mm->mmap_sem);
926 mmput(mm);
927
928 mutex_lock(&p->event_mutex);
929
930 /* Lookup events by type and signal them */
931 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY,
932 &memory_exception_data);
933
934 mutex_unlock(&p->event_mutex);
935 kfd_unref_process(p);
936}
937#endif /* KFD_SUPPORT_IOMMU_V2 */
938
939void kfd_signal_hw_exception_event(unsigned int pasid)
940{
941 /*
942 * Because we are called from arbitrary context (workqueue) as opposed
943 * to process context, kfd_process could attempt to exit while we are
944 * running so the lookup function increments the process ref count.
945 */
946 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid);
947
948 if (!p)
949 return; /* Presumably process exited. */
950
951 mutex_lock(&p->event_mutex);
952
953 /* Lookup events by type and signal them */
954 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL);
955
956 mutex_unlock(&p->event_mutex);
957 kfd_unref_process(p);
958}