[PATCH] drm/i915/gvt: Double check batch buffer size after copy
Yan Zhao
yan.y.zhao at intel.com
Mon Jul 29 03:11:42 UTC 2019
Reviewed-by: Yan Zhao <yan.y.zhao at intel.com>
On Mon, Jul 29, 2019 at 08:42:20AM +0800, Tina Zhang wrote:
> Double check the size of the privilege buffer to make sure the size
> remains unchanged after copy.
>
> v3:
> - To get the right offset of the batch buffer end cmd. (Yan)
>
> v2:
> - Use lightweight way to audit batch buffer end. (Yan)
>
> Cc: Yan Zhao <yan.y.zhao at intel.com>
> Signed-off-by: Tina Zhang <tina.zhang at intel.com>
> ---
> drivers/gpu/drm/i915/gvt/cmd_parser.c | 39 +++++++++++++++++++++++++--
> 1 file changed, 37 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 6ea88270c818..a641e3ee1fe4 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -1661,7 +1661,9 @@ static int batch_buffer_needs_scan(struct parser_exec_state *s)
> return 1;
> }
>
> -static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
> +static int find_bb_size(struct parser_exec_state *s,
> + unsigned long *bb_size,
> + unsigned long *bb_end_cmd_offset)
> {
> unsigned long gma = 0;
> const struct cmd_info *info;
> @@ -1673,6 +1675,7 @@ static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
> s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm;
>
> *bb_size = 0;
> + *bb_end_cmd_offset = 0;
>
> /* get the start gm address of the batch buffer */
> gma = get_gma_bb_from_cmd(s, 1);
> @@ -1708,6 +1711,10 @@ static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
> /* chained batch buffer */
> bb_end = true;
> }
> +
> + if (bb_end)
> + *bb_end_cmd_offset = *bb_size;
> +
> cmd_len = get_cmd_length(info, cmd) << 2;
> *bb_size += cmd_len;
> gma += cmd_len;
> @@ -1716,12 +1723,36 @@ static int find_bb_size(struct parser_exec_state *s, unsigned long *bb_size)
> return 0;
> }
>
> +static int audit_bb_end(struct parser_exec_state *s, void *va)
> +{
> + struct intel_vgpu *vgpu = s->vgpu;
> + u32 cmd = *(u32 *)va;
> + const struct cmd_info *info;
> +
> + info = get_cmd_info(s->vgpu->gvt, cmd, s->ring_id);
> + if (info == NULL) {
> + gvt_vgpu_err("unknown cmd 0x%x, opcode=0x%x, addr_type=%s, ring %d, workload=%p\n",
> + cmd, get_opcode(cmd, s->ring_id),
> + (s->buf_addr_type == PPGTT_BUFFER) ?
> + "ppgtt" : "ggtt", s->ring_id, s->workload);
> + return -EBADRQC;
> + }
> +
> + if ((info->opcode == OP_MI_BATCH_BUFFER_END) ||
> + ((info->opcode == OP_MI_BATCH_BUFFER_START) &&
> + (BATCH_BUFFER_2ND_LEVEL_BIT(cmd) == 0)))
> + return 0;
> +
> + return -EBADRQC;
> +}
> +
> static int perform_bb_shadow(struct parser_exec_state *s)
> {
> struct intel_vgpu *vgpu = s->vgpu;
> struct intel_vgpu_shadow_bb *bb;
> unsigned long gma = 0;
> unsigned long bb_size;
> + unsigned long bb_end_cmd_offset;
> int ret = 0;
> struct intel_vgpu_mm *mm = (s->buf_addr_type == GTT_BUFFER) ?
> s->vgpu->gtt.ggtt_mm : s->workload->shadow_mm;
> @@ -1732,7 +1763,7 @@ static int perform_bb_shadow(struct parser_exec_state *s)
> if (gma == INTEL_GVT_INVALID_ADDR)
> return -EFAULT;
>
> - ret = find_bb_size(s, &bb_size);
> + ret = find_bb_size(s, &bb_size, &bb_end_cmd_offset);
> if (ret)
> return ret;
>
> @@ -1788,6 +1819,10 @@ static int perform_bb_shadow(struct parser_exec_state *s)
> goto err_unmap;
> }
>
> + ret = audit_bb_end(s, bb->va + start_offset + bb_end_cmd_offset);
> + if (ret)
> + goto err_unmap;
> +
> INIT_LIST_HEAD(&bb->list);
> list_add(&bb->list, &s->workload->shadow_bb);
>
> --
> 2.17.1
>
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
More information about the intel-gvt-dev
mailing list