set_page_dirty() is racy if the caller has no
reference against page->mapping->host, and if
the page is unlocked. This is because another
CPU could truncate the page off the mapping and
then free the mapping.
Use set_page_dirty_lock() to avoid this race condition.
Change-Id: I517fb9aee66560618c7676b311368f7a7498011f
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
kgsl_context_init() prints error message continuously if a process
tries to create more number of contexts that KGSL supports.
This hogs CPU and might lead to watchdog timeout.
Reduce this log frequency by using KGSL_DRV_ERR_RATELIMIT().
Change-Id: I7e3a5d3db41ab0c60d1b6b620cbcdef96d5c21a9
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
Read and increment context count atomic variable under a lock
to avoid race condition between read and increment. This is
necessary to make sure no process goes beyond the specified
context limit.
Change-Id: I483e2ac169beaff49e19b8ef1b46541f6eb740b0
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
Added sysfs entries to show kgsl memory usage statistics.
gpumem_mapped: kgsl memory mapped in the process address space.
gpumem_unmapped: kgsl allocated memory but not mapped in process.
imported_mem: graphics memory not allocated by the kgsl.
Below is the sysfs path for new entries:
/sys/class/kgsl/kgsl/proc/<pid>/
Change-Id: I08c2014d28dc0ca1e2b54ebf966d00143b303b54
Signed-off-by: Amit Kushwaha <kushwaha@codeaurora.org>
Unload zap shader during device hibernation and reload it
during resume otherwise scm calls during post hibernation
GPU initialization will fail as there is possibility that
TZ driver is not aware of the hibernation.
Change-Id: I1f62fb97cbc8e6c3e3536d4d5260a543ca15b685
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Signed-off-by: Thomas Yun <wyun@codeaurora.org>
Invoke kgsl_suspend and kgsl_resume during hibernation
of KGSL.
Change-Id: I8e1a8ad8b9293d568950a9e71667d1088ff6fbba
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Signed-off-by: Thomas (Wonyoung) Yun <wyun@codeaurora.org>
This patch ensures device resumes successfully after
XO shutdown without any KGSL error.
Change-Id: I9eb8e281bc62793dc7521ba72aaeecf946860851
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Enforce a limit of 200 contexts per process. This is done so
that a process cannot use up all the available contexts and
prevent other processes from starving.
Change-Id: I6eda123128381a213315561cd42335e0944f1f55
Signed-off-by: Harshdeep Dhatt <hdhatt@codeaurora.org>
Signed-off-by: Archana Obannagari <aobann@codeaurora.org>
A bad user can pass memory type parameter value greater than 255.
Limit the memory type value to valid range before updating memory
descriptor flags to avoid incorrect flag update.
Change-Id: I23ce69584d1e2c9969583461ee942c5046e7cdbc
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
Add a check to set the pending_free flag if it is not already
set before freeing sparse memory entry. This is required to
prevent multiple ioctl threads from freeing the same sparse
memory entry.
Change-Id: I4e2bbe6fcd98c58d36340c4f87cdff27fc1de22e
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
The user can pass bad data into kgsl_ioctl_gpuobj_sync(). If
_copy_from_user() fails do to bad data, undo any current
references taken through this ioctl call.
Change-Id: I56195520b9dadba20ee419658fc2cbb282b8449c
Signed-off-by: Carter Cooper <ccooper@codeaurora.org>
Signed-off-by: samit vats <svats@codeaurora.org>
There is no check before cache ops if the memory is marked secure.
This leads to stage 2 pagefault if a secure memory is passed to
IOCTL_KGSL_GPUMEM_SYNC_CACHE ioctl because kernel is not allowed to
do cache ops on secure memory. This can be avoided by returning
success immediately if the memory is marked as secure.
Change-Id: I215d77d2a488cdb00e8e18cfd38cddd9632fd9f6
Signed-off-by: Akhil P Oommen <akhilpo@codeaurora.org>
Use the appropriate lock when adding sparse bindings, to protect the
list of sparse bindings from concurrent updates by multiple threads.
Change-Id: Ice9750c96fca42f4049ed352533f4722b5166221
Signed-off-by: Lynus Vaz <lvaz@codeaurora.org>
If we find that a different thread has already added bindings at the
same offset we wanted to add to the sparse object, don't get stuck in
an infinite loop, and return with an error.
Change-Id: I6b17c91eccb14c07e13cae24135dfe7b13f3301d
Signed-off-by: Lynus Vaz <lvaz@codeaurora.org>
Uninitalized kernel variable passes to userspace, it may have data
from stack. To avoid data leak from kernel to userspace initializes
struct kgsl_gpuobj_import_useraddr to zero.
CRs-Fixed: 2096006
Change-Id: Ib79b030cd5e3edd7279632af20dc3fac95eb73d4
Signed-off-by: Archana Obannagari <aobann@codeaurora.org>
A3xx device gets the ring buffer read pointer directly
from the GPU registers. So don’t allocate scratch memory
which can’t be used for A3xx GPU devices.
Change-Id: I95016dfc169b9fee74e978f5560592740f34515e
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
Reduce the frequency of kgsl logging when kgsl driver failed to get
memory mapping for requested memory.
Change-Id: If1a8832a9aa0396e3c990916deec7949697be12d
Signed-off-by: Venkateswara Rao Tadikonda <vtadik@codeaurora.org>
Sparse bind object are unbinded with bind id. This
can be exploited by any malicious application calling
unbind with same bind id again and again.
This can lead to a race condition between two threads
where one free the bind object and second thread uses
same object leading to bad dereference.
Change-Id: I542a008fc647489560667fb5016453a0c3448f7a
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
Make sure to use proper locks when using the
vma_struct_area. This will avoid the race condition
in a scenario where one thread gets a vma_struct_area
and other thread is unmapping the vma from the process.
Change-Id: I6c7837d1a8dd24fc6955ab5be8b1917a42f2cb53
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
This reverts commit 281fcb5e18.
To address the issue with the OOMkiller causing to kill the
foreground application.
Change-Id: Ie4c078d706fdf1c13ad45840f72b414ddc37c1d0
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
Signed-off-by: Venkateswara Rao Tadikonda <vtadik@codeaurora.org>
adreno_dispatch_work and _kgsl_event_worker are both low-latency
low-runtime functions that are in the critical path of GPU
rendering. Moving them out of workqueues and into a dedicated FIFO
kthread avoids significant jitter.
bug 30342017
Git-commit: 1a7a93bd33f48a369de29f6f2b56251127bf6ab4
Git-repo: https://android.googlesource.com/kernel/msm
Change-Id: I83562f488c34c2ab001c8ea79e7f09b633c658bd
Signed-off-by: Tim Murray <timmurray@google.com>
Signed-off-by: Abhilash Kumar <krabhi@codeaurora.org>
Currently submit ioctl getting blocked till the commands
gets added to ringbuffer incase inflight count is less
than context burst count. If the submit command happens
in GPU slumber state, it will add the GPU wakeup time to
submit IOCTL. This will add latency in preparing next frame
in CPU side. Defer commands submission to dispatcher worker,
if the GPU is in slumber state.
CRs-Fixed: 2055107
Change-Id: I099ba721e02bbcd8ccadb1bc518c7c1ef4fb7e21
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
Return mementry from kgsl_sharedmem_find only if pending_free
is not set for that mementry. This is necessary to avoid use
of a mementry after it is already marked for free.
Change-Id: I23111e9c82a88ccbda2ab259074c38d91f9ff5cb
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
Any memory free ioctl doesn't need to be blocked till the
corresponding mementry is destroyed. This change defers
the mementry put to unblock all memory free ioctls immediately.
This is done to reduce the time spent by user applications in
waiting for memory to be freed.
Change-Id: Iaa37ac5dbdedc3d02c41886c2bdf7f3d016176ac
Signed-off-by: Deepak Kumar <dkumar@codeaurora.org>
Hold the context lock before updating the context id in
param->drawctxt_id to avoid race condition between context
creation and context destroy.
Change-Id: Ic26d3e5b68078c02d15c38080b1a262ea4b1f7fe
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
When allocating userspace memory keep reference to memory
allocation till it is completely initialized and info is sent back
to userspace.
Change-Id: Id72c82bf98c094ecbd4722813c732a998dcbb188
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
Signed-off-by: Sunil Khatri <sunilkh@codeaurora.org>
_get_svm_area can fail to find available address range
from mmap_base which was adjusted by random factor.
By logging mmap_base value will help to identify
any issue with the VA randomization.
Change-Id: Ibdc3fac975adde02c30aa253b53d6533ee558161
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
Remove the kgsl device-specific debugfs files in the device removal
sequence, and also if probe fails.
Change-Id: I4d5e9ec33a887f29c14bac513c4faf75266e990b
Signed-off-by: Lynus Vaz <lvaz@codeaurora.org>
There could be possibility of integer overflow on adding
offset with size and result into a value smaller than
memdesc size.
CRs-Fixed: 1109776
Change-Id: I3746f34c9fb8ada28a9b6ed438ca8c296b69e752
Signed-off-by: Sudeep Yedalapure <sudeepy@codeaurora.org>
Signed-off-by: Abhilash Kumar <krabhi@codeaurora.org>
kgsl_ioctl_gpu_sparse_command() is added to for user to
specify list of binds/unbinds for a memory entry
and syncpoints they depend on. If user specifies both
create a sync object for syncpoints and bind object for
binds/unbinds and add them to dispatcher draw queue. Sync
object should be inserted before the bind object in the
draw queue. Once the bind object reaches the head of
draw queue the corresponding binds/unbinds are performed.
kgsl_ioctl_gpu_sparse_command() only accepts commands from
context created with flag KGSL_CONTEXT_SPARSE, commands
from all other context types will return an error.
Change-Id: Ib0a2361f854ae01d0d8090cdd48cfa96308daf93
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
Check MMU type for below operations to make NOMMU functional:
- adreno_iommu_set_pt_ctx() tries to set pagetable during context
switch without really checking on type of MMU.
- skip tracking of gpuaddr in case of NoMMU during
kgsl_mem_entry_track_gpuaddr().
- In case of nommu the function kgsl_allocate_global() should
always allocate contiguous memory from CMA.
Change-Id: I8cb59e1475376167c7a8a60c54df0939597f5083
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
When creating a context allocate an ID but don't populate the slot
with the context pointer until we are done setup up the rest of the
process. This avoids a race if somebody tries to free the same
identifier before the create operation is complete.
Change-Id: Ic0dedbadca5b4cc4ce567afad48a33078b549439
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Dumpeti Sathish Kumar <sathyanov14@codeaurora.org>
Add more information to the debugfs kgsl/proc/<pid>/mem which
will allow memtrack to correctly assign allocated ion buffer
memory to a process. The additional columns show the number of
kgsl_mem_entries which have a usage of egl_image (or) egl_surface.
When attaching a dma_buf to kgsl, use the dma_buf_attachment's
(void*)priv to point back to the kgsl_mem_entry. This makes it
possible to iterate through all attachments on a dma_buf and
gather statistics from each kgsl_mem_entry associated with the
dma_buf.
CRs-Fixed: 1073673
Change-Id: I1ef3bd0da3f74fa41074021699b2226c48bde9c3
Signed-off-by: Santhosh Punugu <spunug@codeaurora.org>
Add driver support to configure mempools from the device tree.
This will enable mempools to configure per device specific and
reduces the high kgsl memory usage based on configuration.
CRs-Fixed: 1064046
Change-Id: I0a7e36b7e1fef9d42a4c0fe33d69a4debf15af2f
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
If one is mapping anonyomous user memory in the GPU with SVM enabled
we want to try to accommodate that request if possible. The memory
address was being set up correctly in the memory descriptor but
the GPU address was getting tripped up when getting mapped in the
process. This is because the memory should be treated like SVM
memory so it needs to be registered in the memory tree and the
rest of the path needs to accept the address.
Change-Id: Ic0dedbad661143977a226d50263c26b5af579ce3
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
memdesc->pagetable is supposed to help ensure that memory gets
unmapped before it is freed, but the pagetable member is being
populated at create time not when the buffer gets mapped. This
forces the developer to ensure that the same pagetable is
used for both the create and map step. Instead, assign the
pagetable member when it is first used (to get a GPU address)
and put it away when the GPU address is released.
Change-Id: Ic0dedbad372fd9029b932dd99633a650049751ed
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Currently dispatcher accepts kgsl_cmdbatch object. This object
is a superset of all the types of objects dispatcher accepts.
Split kgsl_cmdbatch object to SYNC and IB/MARKER objects and
structure the code to make it easier for new type of objects
to be added to the dispatcher queue.
CRs-Fixed: 1054354
Change-Id: I2d482d1081ce6fdb7925243c88ce00ea6b864efe
Signed-off-by: Tarun Karra <tkarra@codeaurora.org>
