[Intel-gfx] [Beignet] Preventing zero GPU virtual address allocation
Daniel Vetter
daniel at ffwll.ch
Fri Mar 13 10:49:50 PDT 2015
On Fri, Mar 13, 2015 at 05:34:22PM +0000, Chris Wilson wrote:
> On Fri, Mar 13, 2015 at 06:13:39PM +0100, Daniel Vetter wrote:
> > On Fri, Mar 13, 2015 at 04:58:47PM +0000, Chris Wilson wrote:
> > > On Fri, Mar 13, 2015 at 10:27:38AM +0100, Daniel Vetter wrote:
> > > > If supporting systems without full ppgtt is a requirement for you (still
> > > > wonky on gen8 a bit, so might be a good strategy) then imo it's the
> > > > PIN_BIAS idea I've laid out earlier in this thread. That one will work
> > > > everywhere. softpin can unexpectedly fail without full ppgtt if the kernel
> > > > decides to put something at a given spot, which imo means we should only
> > > > expose it on full ppgtt systems.
> > > >
> > > > And PIN_BIAS should be fairly easy to wire up since the internal logic is
> > > > all there already. So "just" needs an execbuf flag, igt test and
> > > > appropriate userspace to set that new bit.
> > >
> > > It doesn't though. To provide the guarantee userspace is asking for
> > > (which is that address 0 goes to a special, preferrably inaccessible,
> > > page), you have to evict the first N pages in the GGTT. That is just as
> > > likely to fail with an execbuffer flag as it would with an execobject flag.
> >
> > Afaiui userspace only needs the guarantee that NULL is never a valid
> > address. Which means it's never a valid address for its own buffer
> > objects. I don't think it cares one bit what's actually there, it's not
> > mandatory to fault apparently. And faulting is what's not possible.
>
> You are bending ABI to allow userspace to use absolute addressing (no
> relocations). The kernel has to make sure that nothing else is at that
> address.
>
> > I guess the standard is like normal C: If you access a NULL pointer,
> > anything can happen (including garbage on the frontbuffer), the only
> > guarantee you need to make is that NULL is never a valid address. At least
> > if no one plays tricks ;-)
>
> No. The kernel is quite strict about *NULL. It certainly doesn't allow
> trivial information leakage.
We already have that trivial information leakage anyway. Just because we
make it a notch more likely that a special address will leak information
that doesn't make it different that without full ppgtt you can read any
other gpu clients stuff easily. And also write to it if you feel like.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the Intel-gfx
mailing list