gpu: host1x: Forbid unrelated SETCLASS opcode in the firewall

Several channels could be made to write the same unit concurrently via
the SETCLASS opcode, trusting userspace is a bad idea. It should be
possible to drop the per-client channel reservation and add a per-unit
locking by inserting MLOCK's to the command stream to re-allow the
SETCLASS opcode, but it will be much more work. Let's forbid the
unit-unrelated class changes for now.

Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Reviewed-by: Erik Faye-Lund <kusmabite@gmail.com>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>

diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
index b44f1ed..4a46ba8 100644 (file)
--- a/drivers/gpu/drm/tegra/drm.c
+++ b/drivers/gpu/drm/tegra/drm.c
@@ -532,6 +532,7 @@ int tegra_drm_submit(struct tegra_drm_context *context,
        }
 
        job->is_addr_reg = context->client->ops->is_addr_reg;
+       job->is_valid_class = context->client->ops->is_valid_class;
        job->syncpt_incrs = syncpt.incrs;
        job->syncpt_id = syncpt.id;
        job->timeout = 10000;

diff --git a/drivers/gpu/drm/tegra/drm.h b/drivers/gpu/drm/tegra/drm.h
index 85aa2e3..6d6da01 100644 (file)
--- a/drivers/gpu/drm/tegra/drm.h
+++ b/drivers/gpu/drm/tegra/drm.h
@@ -83,6 +83,7 @@ struct tegra_drm_client_ops {
                            struct tegra_drm_context *context);
        void (*close_channel)(struct tegra_drm_context *context);
        int (*is_addr_reg)(struct device *dev, u32 class, u32 offset);
+       int (*is_valid_class)(u32 class);
        int (*submit)(struct tegra_drm_context *context,
                      struct drm_tegra_submit *args, struct drm_device *drm,
                      struct drm_file *file);

diff --git a/drivers/gpu/drm/tegra/gr2d.c b/drivers/gpu/drm/tegra/gr2d.c
index 02cd3e3..fbe0b8b 100644 (file)
--- a/drivers/gpu/drm/tegra/gr2d.c
+++ b/drivers/gpu/drm/tegra/gr2d.c
@@ -109,10 +109,17 @@ static int gr2d_is_addr_reg(struct device *dev, u32 class, u32 offset)
        return 0;
 }
 
+static int gr2d_is_valid_class(u32 class)
+{
+       return (class == HOST1X_CLASS_GR2D ||
+               class == HOST1X_CLASS_GR2D_SB);
+}
+
 static const struct tegra_drm_client_ops gr2d_ops = {
        .open_channel = gr2d_open_channel,
        .close_channel = gr2d_close_channel,
        .is_addr_reg = gr2d_is_addr_reg,
+       .is_valid_class = gr2d_is_valid_class,
        .submit = tegra_drm_submit,
 };
 

diff --git a/drivers/gpu/host1x/job.c b/drivers/gpu/host1x/job.c
index 54230ec..ef746f7 100644 (file)
--- a/drivers/gpu/host1x/job.c
+++ b/drivers/gpu/host1x/job.c
@@ -356,6 +356,9 @@ struct host1x_firewall {
 
 static int check_register(struct host1x_firewall *fw, unsigned long offset)
 {
+       if (!fw->job->is_addr_reg)
+               return 0;
+
        if (fw->job->is_addr_reg(fw->dev, fw->class, offset)) {
                if (!fw->num_relocs)
                        return -EINVAL;
@@ -370,6 +373,19 @@ static int check_register(struct host1x_firewall *fw, unsigned long offset)
        return 0;
 }
 
+static int check_class(struct host1x_firewall *fw, u32 class)
+{
+       if (!fw->job->is_valid_class) {
+               if (fw->class != class)
+                       return -EINVAL;
+       } else {
+               if (!fw->job->is_valid_class(fw->class))
+                       return -EINVAL;
+       }
+
+       return 0;
+}
+
 static int check_mask(struct host1x_firewall *fw)
 {
        u32 mask = fw->mask;
@@ -443,11 +459,9 @@ static int validate(struct host1x_firewall *fw, struct host1x_job_gather *g)
 {
        u32 *cmdbuf_base = (u32 *)fw->job->gather_copy_mapped +
                (g->offset / sizeof(u32));
+       u32 job_class = fw->class;
        int err = 0;
 
-       if (!fw->job->is_addr_reg)
-               return 0;
-
        fw->words = g->words;
        fw->cmdbuf = g->bo;
        fw->offset = 0;
@@ -467,7 +481,9 @@ static int validate(struct host1x_firewall *fw, struct host1x_job_gather *g)
                        fw->class = word >> 6 & 0x3ff;
                        fw->mask = word & 0x3f;
                        fw->reg = word >> 16 & 0xfff;
-                       err = check_mask(fw);
+                       err = check_class(fw, job_class);
+                       if (!err)
+                               err = check_mask(fw);
                        if (err)
                                goto out;
                        break;

diff --git a/include/linux/host1x.h b/include/linux/host1x.h
index ba0b245..b5358f8 100644 (file)
--- a/include/linux/host1x.h
+++ b/include/linux/host1x.h
@@ -251,6 +251,9 @@ struct host1x_job {
        /* Check if register is marked as an address reg */
        int (*is_addr_reg)(struct device *dev, u32 reg, u32 class);
 
+       /* Check if class belongs to the unit */
+       int (*is_valid_class)(u32 class);
+
        /* Request a SETCLASS to this class */
        u32 class;