Commit 1a8e7475 authored by Felix Kuehling's avatar Felix Kuehling Committed by Liu Chuang
Browse files

drm/amdkfd: Export DMABufs from KFD using GEM handles 

mainline inclusion
from mainline-v6.8-rc1
commit 1819200166ce511ac298dc96b9b17eb655a9edc4
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9TM7F
CVE: CVE-2024-36022

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1819200166ce511ac298dc96b9b17eb655a9edc4



--------------------------------

Create GEM handles for exporting DMABufs using GEM-Prime APIs. The GEM
handles are created in a drm_client_dev context to avoid exposing them
in user mode contexts through a DMABuf import.

Signed-off-by: default avatarFelix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: default avatarRamesh Errabolu <Ramesh.Errabolu@amd.com>
Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
Conflicts:
	drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
[Due to not merge commit 0e2e7c5b3d71 drm/amdgpu: Attach eviction fence on alloc]
Signed-off-by: default avatarLiu Chuang <liuchuang40@huawei.com>
parent 59194fd6

drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c

+11 −0
Original line number Diff line number Diff line
@@ -141,6 +141,7 @@ void amdgpu_amdkfd_device_init(struct amdgpu_device *adev) 
{

	int i;

	int last_valid_bit;

	int ret;



	amdgpu_amdkfd_gpuvm_init_mem_limits();
@@ -159,6 +160,12 @@ void amdgpu_amdkfd_device_init(struct amdgpu_device *adev) 
			.enable_mes = adev->enable_mes,

		};



		ret = drm_client_init(&adev->ddev, &adev->kfd.client, "kfd", NULL);

		if (ret) {

			dev_err(adev->dev, "Failed to init DRM client: %d\n", ret);

			return;

		}



		/* this is going to have a few of the MSBs set that we need to

		 * clear

		 */
@@ -197,6 +204,10 @@ void amdgpu_amdkfd_device_init(struct amdgpu_device *adev) 


		adev->kfd.init_complete = kgd2kfd_device_init(adev->kfd.dev,

							&gpu_resources);

		if (adev->kfd.init_complete)

			drm_client_register(&adev->kfd.client);

		else

			drm_client_release(&adev->kfd.client);



		amdgpu_amdkfd_total_mem_size += adev->gmc.real_vram_size;

drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h

+5 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ 
#include <linux/mmu_notifier.h>

#include <linux/memremap.h>

#include <kgd_kfd_interface.h>

#include <drm/drm_client.h>

#include "amdgpu_sync.h"

#include "amdgpu_vm.h"

#include "amdgpu_xcp.h"
@@ -83,6 +84,7 @@ struct kgd_mem { 


	struct amdgpu_sync sync;



	uint32_t gem_handle;

	bool aql_queue;

	bool is_imported;

};
@@ -105,6 +107,9 @@ struct amdgpu_kfd_dev { 


	/* HMM page migration MEMORY_DEVICE_PRIVATE mapping */

	struct dev_pagemap pgmap;



	/* Client for KFD BO GEM handle allocations */

	struct drm_client_dev client;

};



enum kgd_engine_type {

drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c

+26 −7
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ 
#include <linux/pagemap.h>

#include <linux/sched/mm.h>

#include <linux/sched/task.h>

#include <linux/fdtable.h>

#include <drm/ttm/ttm_tt.h>



#include <drm/drm_exec.h>
@@ -774,13 +775,22 @@ kfd_mem_dmaunmap_attachment(struct kgd_mem *mem, 
static int kfd_mem_export_dmabuf(struct kgd_mem *mem)

{

	if (!mem->dmabuf) {

		struct dma_buf *ret = amdgpu_gem_prime_export(

			&mem->bo->tbo.base,

		struct amdgpu_device *bo_adev;

		struct dma_buf *dmabuf;

		int r, fd;



		bo_adev = amdgpu_ttm_adev(mem->bo->tbo.bdev);

		r = drm_gem_prime_handle_to_fd(&bo_adev->ddev, bo_adev->kfd.client.file,

					       mem->gem_handle,

			mem->alloc_flags & KFD_IOC_ALLOC_MEM_FLAGS_WRITABLE ?

				DRM_RDWR : 0);

		if (IS_ERR(ret))

			return PTR_ERR(ret);

		mem->dmabuf = ret;

					       DRM_RDWR : 0, &fd);

		if (r)

			return r;

		dmabuf = dma_buf_get(fd);

		close_fd(fd);

		if (WARN_ON_ONCE(IS_ERR(dmabuf)))

			return PTR_ERR(dmabuf);

		mem->dmabuf = dmabuf;

	}



	return 0;
@@ -1737,6 +1747,9 @@ int amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu( 
		pr_debug("Failed to allow vma node access. ret %d\n", ret);

		goto err_node_allow;

	}

	ret = drm_gem_handle_create(adev->kfd.client.file, gobj, &(*mem)->gem_handle);

	if (ret)

		goto err_gem_handle_create;

	bo = gem_to_amdgpu_bo(gobj);

	if (bo_type == ttm_bo_type_sg) {

		bo->tbo.sg = sg;
@@ -1778,6 +1791,8 @@ int amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu( 
allocate_init_user_pages_failed:

err_pin_bo:

	remove_kgd_mem_from_kfd_bo_list(*mem, avm->process_info);

	drm_gem_handle_delete(adev->kfd.client.file, (*mem)->gem_handle);

err_gem_handle_create:

	drm_vma_node_revoke(&gobj->vma_node, drm_priv);

err_node_allow:

	/* Don't unreserve system mem limit twice */
@@ -1893,8 +1908,12 @@ int amdgpu_amdkfd_gpuvm_free_memory_of_gpu( 


	/* Free the BO*/

	drm_vma_node_revoke(&mem->bo->tbo.base.vma_node, drm_priv);

	if (mem->dmabuf)

	if (!mem->is_imported)

		drm_gem_handle_delete(adev->kfd.client.file, mem->gem_handle);

	if (mem->dmabuf) {

		dma_buf_put(mem->dmabuf);

		mem->dmabuf = NULL;

	}

	mutex_destroy(&mem->lock);



	/* If this releases the last reference, it will end up calling

drivers/gpu/drm/amd/amdkfd/kfd_chardev.c

+2 −2
Original line number Diff line number Diff line
@@ -1851,8 +1851,8 @@ static uint32_t get_process_num_bos(struct kfd_process *p) 
	return num_of_bos;

}



static int criu_get_prime_handle(struct kgd_mem *mem, int flags,

				      u32 *shared_fd)

static int criu_get_prime_handle(struct kgd_mem *mem,

				 int flags, u32 *shared_fd)

{

	struct dma_buf *dmabuf;

	int ret;