projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bcbba01) | patch
drm/i915: Flush TLBs before releasing backing store
authorTvrtko Ursulin <tvrtko.ursulin@intel.com>
Tue, 19 Oct 2021 12:27:10 +0000 (13:27 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Sun, 30 Jan 2022 10:14:49 +0000 (10:14 +0000)
commit7cda34ca518bf12252563e83a9c53ca2f4bdc015
treebcbf1ed10b1d0a7c1ba1615088094aaca200fbc3tree | snapshot
parentbcbba01841a1c7988c4407683fc6190b9fa311dccommit | diff
drm/i915: Flush TLBs before releasing backing store

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=8a17a077e7e9ecce25c95dbdb27843d2d6c2f0f7
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-0330

commit 7938d61591d33394a21bdd7797a245b65428f44c upstream.

We need to flush TLBs before releasing backing store otherwise userspace
is able to encounter stale entries if a) it is not declaring access to
certain buffers and b) it races with the backing store release from a
such undeclared execution already executing on the GPU in parallel.

The approach taken is to mark any buffer objects which were ever bound
to the GPU and to trigger a serialized TLB flush when their backing
store is released.

Alternatively the flushing could be done on VMA unbind, at which point
we would be able to ascertain whether there is potential a parallel GPU
execution (which could race), but essentially it boils down to paying
the cost of TLB flushes potentially needlessly at VMA unbind time (when
the backing store is not known to be going away so not needed for
safety), versus potentially needlessly at backing store relase time
(since we at that point cannot tell whether there is anything executing
on the GPU which uses that object).

Thereforce simplicity of implementation has been chosen for now with
scope to benchmark and refine later as required.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reported-by: Sushma Venkatesh Reddy <sushma.venkatesh.reddy@intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: Dave Airlie <airlied@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name drm-i915-Flush-TLBs-before-releasing-backing-store.patch
drivers/gpu/drm/i915/gem/i915_gem_object_types.h diff | blob | history
drivers/gpu/drm/i915/gem/i915_gem_pages.c diff | blob | history
drivers/gpu/drm/i915/gt/intel_gt.c diff | blob | history
drivers/gpu/drm/i915/gt/intel_gt.h diff | blob | history
drivers/gpu/drm/i915/gt/intel_gt_types.h diff | blob | history
drivers/gpu/drm/i915/i915_reg.h diff | blob | history
drivers/gpu/drm/i915/i915_vma.c diff | blob | history
drivers/gpu/drm/i915/intel_uncore.c diff | blob | history
drivers/gpu/drm/i915/intel_uncore.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.