projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 858da41) | patch
drm/i915: Flush TLBs before releasing backing store
authorTvrtko Ursulin <tvrtko.ursulin@intel.com>
Tue, 19 Oct 2021 12:27:10 +0000 (13:27 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Mon, 28 Feb 2022 11:23:03 +0000 (11:23 +0000)
commitbf696edab7f0f839a6332695708b6d96872266da
tree1d7fcb19f1fb3c32a76a2afd49dfb482d8e22d7btree | snapshot
parent858da4116ae5737bd2c554d254467885d5d2b737commit | diff
drm/i915: Flush TLBs before releasing backing store

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-0330

commit 7938d61591d33394a21bdd7797a245b65428f44c upstream.

We need to flush TLBs before releasing backing store otherwise userspace
is able to encounter stale entries if a) it is not declaring access to
certain buffers and b) it races with the backing store release from a
such undeclared execution already executing on the GPU in parallel.

The approach taken is to mark any buffer objects which were ever bound
to the GPU and to trigger a serialized TLB flush when their backing
store is released.

Alternatively the flushing could be done on VMA unbind, at which point
we would be able to ascertain whether there is potential a parallel GPU
execution (which could race), but essentially it boils down to paying
the cost of TLB flushes potentially needlessly at VMA unbind time (when
the backing store is not known to be going away so not needed for
safety), versus potentially needlessly at backing store relase time
(since we at that point cannot tell whether there is anything executing
on the GPU which uses that object).

Thereforce simplicity of implementation has been chosen for now with
scope to benchmark and refine later as required.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reported-by: Sushma Venkatesh Reddy <sushma.venkatesh.reddy@intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: Dave Airlie <airlied@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Jani Nikula <jani.nikula@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name drm-i915-Flush-TLBs-before-releasing-backing-store.patch
drivers/gpu/drm/i915/gem/i915_gem_object_types.h diff | blob | history
drivers/gpu/drm/i915/gem/i915_gem_pages.c diff | blob | history
drivers/gpu/drm/i915/gt/intel_gt.c diff | blob | history
drivers/gpu/drm/i915/gt/intel_gt.h diff | blob | history
drivers/gpu/drm/i915/gt/intel_gt_types.h diff | blob | history
drivers/gpu/drm/i915/i915_reg.h diff | blob | history
drivers/gpu/drm/i915/i915_vma.c diff | blob | history
drivers/gpu/drm/i915/intel_uncore.c diff | blob | history
drivers/gpu/drm/i915/intel_uncore.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.