drm/i915/ehl: unconditionally flush the pages on acquire

EHL and JSL add the 'Bypass LLC' MOCS entry, which should make it
possible for userspace to bypass the GTT caching bits set by the kernel,
as per the given object cache_level. This is troublesome since the heavy
flush we apply when first acquiring the pages is skipped if the kernel
thinks the object is coherent with the GPU. As a result it might be
possible to bypass the cache and read the contents of the page directly,
which could be stale data. If it's just a case of userspace shooting
themselves in the foot then so be it, but since i915 takes the stance of
always zeroing memory before handing it to userspace, we need to prevent
this.

v2: this time actually set cache_dirty in put_pages()
v3: move to get_pages() which looks simpler

BSpec: 34007
References: dbd3c2e04bef ("Revert "drm/i915/ehl: Update MOCS table for EHL"")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Tejas Upadhyay <tejaskumarx.surendrakumar.upadhyay@intel.com>
Cc: Francisco Jerez <francisco.jerez.plata@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: Jon Bloomfield <jon.bloomfield@intel.com>
Cc: Chris Wilson <chris.p.wilson@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20210723105045.400841-2-matthew.auld@intel.com

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_object_types.h b/drivers/gpu/drm/i915/gem/i915_gem_object_types.h
index 79de925aecfdbeca6cf481019c86bb0dde5abcc9..2471f36aaff38836a4d4e31c88f402965a3b909c 100644 (file)
--- a/drivers/gpu/drm/i915/gem/i915_gem_object_types.h
+++ b/drivers/gpu/drm/i915/gem/i915_gem_object_types.h
@@ -415,6 +415,12 @@ struct drm_i915_gem_object {
         * Note that on shared LLC platforms we still apply the heavy flush for
         * I915_CACHE_NONE objects, under the assumption that this is going to
         * be used for scanout.
+        *
+        * Update: On some hardware there is now also the 'Bypass LLC' MOCS
+        * entry, which defeats our @cache_coherent tracking, since userspace
+        * can freely bypass the CPU cache when touching the pages with the GPU,
+        * where the kernel is completely unaware. On such platform we need
+        * apply the sledgehammer-on-acquire regardless of the @cache_coherent.
         */
        unsigned int cache_dirty:1;
 

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c b/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
index 6a04cce188fcc99bed2ebf6ec1e20689551db3a0..11f072193f3b1e1f009fa85ed8fe374cc07a931e 100644 (file)
--- a/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_shmem.c
@@ -182,6 +182,24 @@ rebuild_st:
        if (i915_gem_object_needs_bit17_swizzle(obj))
                i915_gem_object_do_bit_17_swizzle(obj, st);
 
+       /*
+        * EHL and JSL add the 'Bypass LLC' MOCS entry, which should make it
+        * possible for userspace to bypass the GTT caching bits set by the
+        * kernel, as per the given object cache_level. This is troublesome
+        * since the heavy flush we apply when first gathering the pages is
+        * skipped if the kernel thinks the object is coherent with the GPU. As
+        * a result it might be possible to bypass the cache and read the
+        * contents of the page directly, which could be stale data. If it's
+        * just a case of userspace shooting themselves in the foot then so be
+        * it, but since i915 takes the stance of always zeroing memory before
+        * handing it to userspace, we need to prevent this.
+        *
+        * By setting cache_dirty here we make the clflush in set_pages
+        * unconditional on such platforms.
+        */
+       if (IS_JSL_EHL(i915) && obj->flags & I915_BO_ALLOC_USER)
+               obj->cache_dirty = true;
+
        __i915_gem_object_set_pages(obj, st, sg_page_sizes);
 
        return 0;