[07/39] drm/i915: Introduce the i915_user_extension_method

Message ID	20190313144401.17735-7-chris@chris-wilson.co.uk (mailing list archive)
State	New, archived
Headers	show Return-Path: <intel-gfx-bounces@lists.freedesktop.org> From: Chris Wilson <chris@chris-wilson.co.uk> To: intel-gfx@lists.freedesktop.org Date: Wed, 13 Mar 2019 14:43:29 +0000 Message-Id: <20190313144401.17735-7-chris@chris-wilson.co.uk> In-Reply-To: <20190313144401.17735-1-chris@chris-wilson.co.uk> References: <20190313144401.17735-1-chris@chris-wilson.co.uk> MIME-Version: 1.0 Subject: [Intel-gfx] [PATCH 07/39] drm/i915: Introduce the i915_user_extension_method Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
Series	[01/39] drm/i915: Hold a ref to the ring while retiring \| expand [01/39] drm/i915: Hold a ref to the ring while retiring [02/39] drm/i915: Lock the gem_context->active_list while dropping the link [03/39] drm/i915: Hold a reference to the active HW context [04/39] drm/i915: Stop needlessly acquiring wakeref for debugfs/drop_caches_set [05/39] drm/i915/selftests: Provide stub reset functions [06/39] drm/i915: Switch to use HWS indices rather than addresses [07/39] drm/i915: Introduce the i915_user_extension_method [08/39] drm/i915: Create/destroy VM (ppGTT) for use with contexts [09/39] drm/i915: Extend CONTEXT_CREATE to set parameters upon construction [10/39] drm/i915: Allow contexts to share a single timeline across all engines [11/39] drm/i915: Allow userspace to clone contexts on creation [12/39] drm/i915: Allow a context to define its set of engines [13/39] drm/i915: Extend I915_CONTEXT_PARAM_SSEU to support local ctx->engine[] [14/39] drm/i915: Load balancing across a virtual engine [15/39] drm/i915: Extend execution fence to support a callback [16/39] drm/i915/execlists: Virtual engine bonding [17/39] drm/i915: Allow specification of parallel execbuf [18/39] drm/i915/execlists: Skip direct submission if only lite-restore [19/39] drm/i915: Split GEM object type definition to its own header [20/39] drm/i915: Pull GEM ioctls interface to its own file [21/39] drm/i915: Move object->pages API to i915_gem_object.[ch] [22/39] drm/i915: Move shmem object setup to its own file [23/39] drm/i915: Move phys objects to its own file [24/39] drm/i915: Move mmap and friends to its own file [25/39] drm/i915: Move GEM domain management to its own file [26/39] drm/i915: Move more GEM objects under gem/ [27/39] drm/i915: Pull scatterlist utils out of i915_gem.h [28/39] drm/i915: Move GEM object domain management from struct_mutex to local [29/39] drm/i915: Move GEM object waiting to its own file [30/39] drm/i915: Move GEM object busy checking to its own file [31/39] drm/i915: Move GEM client throttling to its own file [32/39] drm/i915: Drop the deferred active reference [33/39] drm/i915: Move object close under its own lock [34/39] drm/i915: Rename intel_context.active to .inflight [35/39] drm/i915: Keep contexts pinned until after the next kernel context switch [36/39] drm/i915: Stop retiring along engine [37/39] drm/i915: Replace engine->timeline with a plain list [38/39] drm/i915/execlists: Preempt-to-busy [39/39] drm/i915: Remove logical HW ID

Message ID

20190313144401.17735-7-chris@chris-wilson.co.uk (mailing list archive)

State

New, archived

Headers

From: Chris Wilson <chris@chris-wilson.co.uk>
To: intel-gfx@lists.freedesktop.org
Date: Wed, 13 Mar 2019 14:43:29 +0000
Message-Id: <20190313144401.17735-7-chris@chris-wilson.co.uk>
In-Reply-To: <20190313144401.17735-1-chris@chris-wilson.co.uk>
References: <20190313144401.17735-1-chris@chris-wilson.co.uk>
MIME-Version: 1.0
Subject: [Intel-gfx] [PATCH 07/39] drm/i915: Introduce the
 i915_user_extension_method
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>

Series

[01/39] drm/i915: Hold a ref to the ring while retiring | expand

Commit Message

Chris Wilson March 13, 2019, 2:43 p.m. UTC

An idea for extending uABI inspired by Vulkan's extension chains.
Instead of expanding the data struct for each ioctl every time we need
to add a new feature, define an extension chain instead. As we add
optional interfaces to control the ioctl, we define a new extension
struct that can be linked into the ioctl data only when required by the
user. The key advantage being able to ignore large control structs for
optional interfaces/extensions, while being able to process them in a
consistent manner.

In comparison to other extensible ioctls, the key difference is the
use of a linked chain of extension structs vs an array of tagged
pointers. For example,

struct drm_amdgpu_cs_chunk {
        __u32           chunk_id;
        __u32           length_dw;
        __u64           chunk_data;
};

struct drm_amdgpu_cs_in {
        __u32           ctx_id;
        __u32           bo_list_handle;
        __u32           num_chunks;
        __u32           _pad;
        __u64           chunks;
};

allows userspace to pass in array of pointers to extension structs, but
must therefore keep constructing that array along side the command stream.
In dynamic situations like that, a linked list is preferred and does not
similar from extra cache line misses as the extension structs themselves
must still be loaded separate to the chunks array.

v2: Apply the tail call optimisation directly to nip the worry of stack
overflow in the bud.
v3: Defend against recursion.

Opens:
- do we include the result as an out-field in each chain?
struct i915_user_extension {
	__u64 next_extension;
	__u64 name;
	__s32 result;
	__u32 mbz; /* reserved for future use */
};
* Undecided, so provision some room for future expansion.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
---
 drivers/gpu/drm/i915/Makefile               |  1 +
 drivers/gpu/drm/i915/i915_user_extensions.c | 59 +++++++++++++++++++++
 drivers/gpu/drm/i915/i915_user_extensions.h | 20 +++++++
 drivers/gpu/drm/i915/i915_utils.h           | 12 +++++
 include/uapi/drm/i915_drm.h                 | 22 ++++++++
 5 files changed, 114 insertions(+)
 create mode 100644 drivers/gpu/drm/i915/i915_user_extensions.c
 create mode 100644 drivers/gpu/drm/i915/i915_user_extensions.h

Comments

Tvrtko Ursulin March 14, 2019, 2:52 p.m. UTC | #1

On 13/03/2019 14:43, Chris Wilson wrote:
> An idea for extending uABI inspired by Vulkan's extension chains.
> Instead of expanding the data struct for each ioctl every time we need
> to add a new feature, define an extension chain instead. As we add
> optional interfaces to control the ioctl, we define a new extension
> struct that can be linked into the ioctl data only when required by the
> user. The key advantage being able to ignore large control structs for
> optional interfaces/extensions, while being able to process them in a
> consistent manner.
> 
> In comparison to other extensible ioctls, the key difference is the
> use of a linked chain of extension structs vs an array of tagged
> pointers. For example,
> 
> struct drm_amdgpu_cs_chunk {
>          __u32           chunk_id;
>          __u32           length_dw;
>          __u64           chunk_data;
> };
> 
> struct drm_amdgpu_cs_in {
>          __u32           ctx_id;
>          __u32           bo_list_handle;
>          __u32           num_chunks;
>          __u32           _pad;
>          __u64           chunks;
> };
> 
> allows userspace to pass in array of pointers to extension structs, but
> must therefore keep constructing that array along side the command stream.
> In dynamic situations like that, a linked list is preferred and does not
> similar from extra cache line misses as the extension structs themselves
> must still be loaded separate to the chunks array.
> 
> v2: Apply the tail call optimisation directly to nip the worry of stack
> overflow in the bud.
> v3: Defend against recursion.
> 
> Opens:
> - do we include the result as an out-field in each chain?
> struct i915_user_extension {
> 	__u64 next_extension;
> 	__u64 name;
> 	__s32 result;
> 	__u32 mbz; /* reserved for future use */
> };
> * Undecided, so provision some room for future expansion.
> 
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> ---
>   drivers/gpu/drm/i915/Makefile               |  1 +
>   drivers/gpu/drm/i915/i915_user_extensions.c | 59 +++++++++++++++++++++
>   drivers/gpu/drm/i915/i915_user_extensions.h | 20 +++++++
>   drivers/gpu/drm/i915/i915_utils.h           | 12 +++++
>   include/uapi/drm/i915_drm.h                 | 22 ++++++++
>   5 files changed, 114 insertions(+)
>   create mode 100644 drivers/gpu/drm/i915/i915_user_extensions.c
>   create mode 100644 drivers/gpu/drm/i915/i915_user_extensions.h
> 
> diff --git a/drivers/gpu/drm/i915/Makefile b/drivers/gpu/drm/i915/Makefile
> index 68fecf355471..60de05f3fa60 100644
> --- a/drivers/gpu/drm/i915/Makefile
> +++ b/drivers/gpu/drm/i915/Makefile
> @@ -46,6 +46,7 @@ i915-y := i915_drv.o \
>   	  i915_sw_fence.o \
>   	  i915_syncmap.o \
>   	  i915_sysfs.o \
> +	  i915_user_extensions.o \
>   	  intel_csr.o \
>   	  intel_device_info.o \
>   	  intel_pm.o \
> diff --git a/drivers/gpu/drm/i915/i915_user_extensions.c b/drivers/gpu/drm/i915/i915_user_extensions.c
> new file mode 100644
> index 000000000000..d28c95221db4
> --- /dev/null
> +++ b/drivers/gpu/drm/i915/i915_user_extensions.c
> @@ -0,0 +1,59 @@
> +/*
> + * SPDX-License-Identifier: MIT
> + *
> + * Copyright © 2018 Intel Corporation
> + */
> +
> +#include <linux/nospec.h>
> +#include <linux/sched/signal.h>
> +#include <linux/uaccess.h>
> +
> +#include <uapi/drm/i915_drm.h>
> +
> +#include "i915_user_extensions.h"
> +#include "i915_utils.h"
> +
> +int i915_user_extensions(struct i915_user_extension __user *ext,
> +			 const i915_user_extension_fn *tbl,
> +			 unsigned long count,

Could shrink to unsigned int if going to 32-bit "name". And...

> +			 void *data)
> +{
> +	unsigned int stackdepth = 512;
> +
> +	while (ext) {
> +		int i, err;
> +		u64 x;

... so it is u32 in this version.

> +
> +		if (!stackdepth--) /* recursion vs useful flexibility */
> +			return -E2BIG;
> +
> +		err = check_user_mbz(&ext->flags);
> +		if (err)
> +			return err;
> +
> +		for (i = 0; i < ARRAY_SIZE(ext->rsvd); i++) {
> +			err = check_user_mbz(&ext->rsvd[i]);
> +			if (err)
> +				return err;
> +		}
> +
> +		if (get_user(x, &ext->name))
> +			return -EFAULT;
> +
> +		err = -EINVAL;
> +		if (x < count) {
> +			x = array_index_nospec(x, count);
> +			if (tbl[x])
> +				err = tbl[x](ext, data);
> +		}
> +		if (err)
> +			return err;
> +
> +		if (get_user(x, &ext->next_extension))
> +			return -EFAULT;
> +
> +		ext = u64_to_user_ptr(x);
> +	}
> +
> +	return 0;
> +}
> diff --git a/drivers/gpu/drm/i915/i915_user_extensions.h b/drivers/gpu/drm/i915/i915_user_extensions.h
> new file mode 100644
> index 000000000000..313a510b068a
> --- /dev/null
> +++ b/drivers/gpu/drm/i915/i915_user_extensions.h
> @@ -0,0 +1,20 @@
> +/*
> + * SPDX-License-Identifier: MIT
> + *
> + * Copyright © 2018 Intel Corporation
> + */
> +
> +#ifndef I915_USER_EXTENSIONS_H
> +#define I915_USER_EXTENSIONS_H
> +
> +struct i915_user_extension;
> +
> +typedef int (*i915_user_extension_fn)(struct i915_user_extension __user *ext,
> +				      void *data);
> +
> +int i915_user_extensions(struct i915_user_extension __user *ext,
> +			 const i915_user_extension_fn *tbl,
> +			 unsigned long count,
> +			 void *data);
> +
> +#endif /* I915_USER_EXTENSIONS_H */
> diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h
> index 9726df37c4c4..51b658fa966d 100644
> --- a/drivers/gpu/drm/i915/i915_utils.h
> +++ b/drivers/gpu/drm/i915/i915_utils.h
> @@ -105,6 +105,18 @@
>   	__T;								\
>   })
>   
> +#define container_of_user(ptr, type, member) ({				\
> +	void __user *__mptr = (void __user *)(ptr);			\
> +	BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&	\
> +			 !__same_type(*(ptr), void),			\
> +			 "pointer type mismatch in container_of()");	\
> +	((type __user *)(__mptr - offsetof(type, member))); })
> +
> +#define check_user_mbz(U) ({						\
> +	typeof(*(U)) mbz__;						\
> +	get_user(mbz__, (U)) ? -EFAULT : mbz__ ? -EINVAL : 0;		\
> +})
> +
>   static inline u64 ptr_to_u64(const void *ptr)
>   {
>   	return (uintptr_t)ptr;
> diff --git a/include/uapi/drm/i915_drm.h b/include/uapi/drm/i915_drm.h
> index aa2d4c73a97d..1c69ed16a923 100644
> --- a/include/uapi/drm/i915_drm.h
> +++ b/include/uapi/drm/i915_drm.h
> @@ -62,6 +62,28 @@ extern "C" {
>   #define I915_ERROR_UEVENT		"ERROR"
>   #define I915_RESET_UEVENT		"RESET"
>   
> +/*
> + * i915_user_extension: Base class for defining a chain of extensions
> + *
> + * Many interfaces need to grow over time. In most cases we can simply
> + * extend the struct and have userspace pass in more data. Another option,
> + * as demonstrated by Vulkan's approach to providing extensions for forward
> + * and backward compatibility, is to use a list of optional structs to
> + * provide those extra details.
> + *
> + * The key advantage to using an extension chain is that it allows us to
> + * redefine the interface more easily than an ever growing struct of
> + * increasing complexity, and for large parts of that interface to be
> + * entirely optional. The downside is more pointer chasing; chasing across
> + * the __user boundary with pointers encapsulated inside u64.
> + */
> +struct i915_user_extension {
> +	__u64 next_extension;
> +	__u32 name;
> +	__u32 flags; /* All undefined bits must be zero. */
> +	__u32 rsvd[4]; /* Reserved for future use; must be zero. */
> +};
> +
>   /*
>    * MOCS indexes used for GPU surfaces, defining the cacheability of the
>    * surface data and the coherency for this data wrt. CPU vs. GPU accesses.
> 

With the u32 thing fixed:

Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>

Regards,

Tvrtko

Chris Wilson March 14, 2019, 2:59 p.m. UTC | #2

Quoting Tvrtko Ursulin (2019-03-14 14:52:00)
> 
> On 13/03/2019 14:43, Chris Wilson wrote:
> > +int i915_user_extensions(struct i915_user_extension __user *ext,
> > +                      const i915_user_extension_fn *tbl,
> > +                      unsigned long count,
> 
> Could shrink to unsigned int if going to 32-bit "name". And...
> 
> > +                      void *data)
> > +{
> > +     unsigned int stackdepth = 512;
> > +
> > +     while (ext) {
> > +             int i, err;
> > +             u64 x;
> 
> ... so it is u32 in this version.

This was a convenience to use one variable for both; it doesn't affect
the get_user() as that is determined by the sizeof(*ptr) and not the
local. However, it did upset array_index_nospec() on 32bit, so it did
become a u32. So unsigned int count also makes some sense, I was using
the natural type for ARRAY_SIZE() so that we didn't accidentally
truncate, but shrinking the array bound is not as harmful.
-Chris

Tvrtko Ursulin March 14, 2019, 4:10 p.m. UTC | #3

On 14/03/2019 14:59, Chris Wilson wrote:
> Quoting Tvrtko Ursulin (2019-03-14 14:52:00)
>>
>> On 13/03/2019 14:43, Chris Wilson wrote:
>>> +int i915_user_extensions(struct i915_user_extension __user *ext,
>>> +                      const i915_user_extension_fn *tbl,
>>> +                      unsigned long count,
>>
>> Could shrink to unsigned int if going to 32-bit "name". And...
>>
>>> +                      void *data)
>>> +{
>>> +     unsigned int stackdepth = 512;
>>> +
>>> +     while (ext) {
>>> +             int i, err;
>>> +             u64 x;
>>
>> ... so it is u32 in this version.
> 
> This was a convenience to use one variable for both; it doesn't affect
> the get_user() as that is determined by the sizeof(*ptr) and not the

My bad, I thought the destination controls the size.

> local. However, it did upset array_index_nospec() on 32bit, so it did
> become a u32. So unsigned int count also makes some sense, I was using
> the natural type for ARRAY_SIZE() so that we didn't accidentally
> truncate, but shrinking the array bound is not as harmful.

Ok.

Regards,

Tvrtko

diff --git a/drivers/gpu/drm/i915/Makefile b/drivers/gpu/drm/i915/Makefile
index 68fecf355471..60de05f3fa60 100644
--- a/drivers/gpu/drm/i915/Makefile
+++ b/drivers/gpu/drm/i915/Makefile
@@ -46,6 +46,7 @@  i915-y := i915_drv.o \
 	  i915_sw_fence.o \
 	  i915_syncmap.o \
 	  i915_sysfs.o \
+	  i915_user_extensions.o \
 	  intel_csr.o \
 	  intel_device_info.o \
 	  intel_pm.o \
diff --git a/drivers/gpu/drm/i915/i915_user_extensions.c b/drivers/gpu/drm/i915/i915_user_extensions.c
new file mode 100644
index 000000000000..d28c95221db4
--- /dev/null
+++ b/drivers/gpu/drm/i915/i915_user_extensions.c
@@ -0,0 +1,59 @@ 
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * Copyright © 2018 Intel Corporation
+ */
+
+#include <linux/nospec.h>
+#include <linux/sched/signal.h>
+#include <linux/uaccess.h>
+
+#include <uapi/drm/i915_drm.h>
+
+#include "i915_user_extensions.h"
+#include "i915_utils.h"
+
+int i915_user_extensions(struct i915_user_extension __user *ext,
+			 const i915_user_extension_fn *tbl,
+			 unsigned long count,
+			 void *data)
+{
+	unsigned int stackdepth = 512;
+
+	while (ext) {
+		int i, err;
+		u64 x;
+
+		if (!stackdepth--) /* recursion vs useful flexibility */
+			return -E2BIG;
+
+		err = check_user_mbz(&ext->flags);
+		if (err)
+			return err;
+
+		for (i = 0; i < ARRAY_SIZE(ext->rsvd); i++) {
+			err = check_user_mbz(&ext->rsvd[i]);
+			if (err)
+				return err;
+		}
+
+		if (get_user(x, &ext->name))
+			return -EFAULT;
+
+		err = -EINVAL;
+		if (x < count) {
+			x = array_index_nospec(x, count);
+			if (tbl[x])
+				err = tbl[x](ext, data);
+		}
+		if (err)
+			return err;
+
+		if (get_user(x, &ext->next_extension))
+			return -EFAULT;
+
+		ext = u64_to_user_ptr(x);
+	}
+
+	return 0;
+}
diff --git a/drivers/gpu/drm/i915/i915_user_extensions.h b/drivers/gpu/drm/i915/i915_user_extensions.h
new file mode 100644
index 000000000000..313a510b068a
--- /dev/null
+++ b/drivers/gpu/drm/i915/i915_user_extensions.h
@@ -0,0 +1,20 @@ 
+/*
+ * SPDX-License-Identifier: MIT
+ *
+ * Copyright © 2018 Intel Corporation
+ */
+
+#ifndef I915_USER_EXTENSIONS_H
+#define I915_USER_EXTENSIONS_H
+
+struct i915_user_extension;
+
+typedef int (*i915_user_extension_fn)(struct i915_user_extension __user *ext,
+				      void *data);
+
+int i915_user_extensions(struct i915_user_extension __user *ext,
+			 const i915_user_extension_fn *tbl,
+			 unsigned long count,
+			 void *data);
+
+#endif /* I915_USER_EXTENSIONS_H */
diff --git a/drivers/gpu/drm/i915/i915_utils.h b/drivers/gpu/drm/i915/i915_utils.h
index 9726df37c4c4..51b658fa966d 100644
--- a/drivers/gpu/drm/i915/i915_utils.h
+++ b/drivers/gpu/drm/i915/i915_utils.h
@@ -105,6 +105,18 @@ 
 	__T;								\
 })
 
+#define container_of_user(ptr, type, member) ({				\
+	void __user *__mptr = (void __user *)(ptr);			\
+	BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) &&	\
+			 !__same_type(*(ptr), void),			\
+			 "pointer type mismatch in container_of()");	\
+	((type __user *)(__mptr - offsetof(type, member))); })
+
+#define check_user_mbz(U) ({						\
+	typeof(*(U)) mbz__;						\
+	get_user(mbz__, (U)) ? -EFAULT : mbz__ ? -EINVAL : 0;		\
+})
+
 static inline u64 ptr_to_u64(const void *ptr)
 {
 	return (uintptr_t)ptr;
diff --git a/include/uapi/drm/i915_drm.h b/include/uapi/drm/i915_drm.h
index aa2d4c73a97d..1c69ed16a923 100644
--- a/include/uapi/drm/i915_drm.h
+++ b/include/uapi/drm/i915_drm.h
@@ -62,6 +62,28 @@  extern "C" {
 #define I915_ERROR_UEVENT		"ERROR"
 #define I915_RESET_UEVENT		"RESET"
 
+/*
+ * i915_user_extension: Base class for defining a chain of extensions
+ *
+ * Many interfaces need to grow over time. In most cases we can simply
+ * extend the struct and have userspace pass in more data. Another option,
+ * as demonstrated by Vulkan's approach to providing extensions for forward
+ * and backward compatibility, is to use a list of optional structs to
+ * provide those extra details.
+ *
+ * The key advantage to using an extension chain is that it allows us to
+ * redefine the interface more easily than an ever growing struct of
+ * increasing complexity, and for large parts of that interface to be
+ * entirely optional. The downside is more pointer chasing; chasing across
+ * the __user boundary with pointers encapsulated inside u64.
+ */
+struct i915_user_extension {
+	__u64 next_extension;
+	__u32 name;
+	__u32 flags; /* All undefined bits must be zero. */
+	__u32 rsvd[4]; /* Reserved for future use; must be zero. */
+};
+
 /*
  * MOCS indexes used for GPU surfaces, defining the cacheability of the
  * surface data and the coherency for this data wrt. CPU vs. GPU accesses.

[07/39] drm/i915: Introduce the i915_user_extension_method

Commit Message

Comments

Patch