Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2920385pxb; Tue, 24 Aug 2021 10:37:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxaYL+DOy3PK87JBDXO0AdYa3W2erhAB3fbt87vhDrj49h87fFHtPVF9fkUOiIToEybxcCi X-Received: by 2002:a92:dd12:: with SMTP id n18mr28234440ilm.180.1629826649750; Tue, 24 Aug 2021 10:37:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629826649; cv=none; d=google.com; s=arc-20160816; b=l7ZVNqZjAnHuOoFK5rwT+K/LEo6cXN//HUMYKXioOgdGpZtbGALnJxcS2reBXu6dY9 IiFzM7re35eJq9MPZ6+en74ewVjsGwRJXaKhWV/q3Mzsopm3i2ac5kI4ldFIOjWIcMdN F+EwTKXsj47U7W1u0VuTptNX6mol8impoIc00F7dO002HlhofPIR408TNCr9DRQKBJc2 kLW0VCG8vQ8tYmaxbfKWjDL2vu7cZADl7fk73J5IzVVfjAK34lSTZgG4hWQRKFPT5nlR ay2/vVsPZIhm/vu0E6je9ze9T1FS1YpLHMBnVmOResxX/RwsDZGmIODPnv0PbgCohdi7 4LbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=rzcynqiGofAO1srSJ+T6618HLDkzBJ03I3aTV255ta8=; b=m+I5PcaPEuDXgR76ZIn6Xr7ckaQIWVNDfAa7Gp2ZttVuaN7+ey0HzBIWHLrrzM+nZ+ 350RwDxa2dU+Xytwz/lsn2+nDf0VBP+UcELcZ3D8dfB86ZZyDUU/UkFwUwMLGEtO5Bcx TVhYLLVo4nvVYz38xjcCvcDBr1prH3nz5ltvy104VLyXnMW1LUPInPCLcw3BnYCKJw0C 2GC+JOei09P10Mm8nFjHoJVmoOSsiA3DIm4p8dJcszZOCTgFRCVkdaV/F9PPCOcsNN3Z W1YBelKRT6JtzPBfxE/WJQWKM8rlKT5oGc7HltxUWtqTBITkc41skqAOExPxoJjiWPLO IAPA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i5si3802245jam.97.2021.08.24.10.37.17; Tue, 24 Aug 2021 10:37:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241949AbhHXReT (ORCPT + 99 others); Tue, 24 Aug 2021 13:34:19 -0400 Received: from bhuna.collabora.co.uk ([46.235.227.227]:36432 "EHLO bhuna.collabora.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241162AbhHXRb0 (ORCPT ); Tue, 24 Aug 2021 13:31:26 -0400 Received: from localhost.localdomain (unknown [IPv6:2600:8800:8c06:1000::c8f3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: alyssa) by bhuna.collabora.co.uk (Postfix) with ESMTPSA id 76CB11F426FC; Tue, 24 Aug 2021 18:30:38 +0100 (BST) From: Alyssa Rosenzweig To: dri-devel@lists.freedesktop.org Cc: Rob Herring , Tomeu Vizoso , Steven Price , Alyssa Rosenzweig , David Airlie , Daniel Vetter , linux-kernel@vger.kernel.org Subject: [PATCH v2 0/4] drm/panfrost: Bug fixes for lock_region Date: Tue, 24 Aug 2021 13:30:24 -0400 Message-Id: <20210824173028.7528-1-alyssa.rosenzweig@collabora.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Chris Morgan reported UBSAN errors in panfrost and tracked them down to the size computation in lock_region. This calculation is overcomplicated (cargo culted from kbase) and can be simplified with kernel helpers and some mathematical identities. The first patch in the series rewrites the calculation in a form avoiding undefined behaviour; Chris confirms it placates UBSAN. While researching this function, I noticed a pair of other potential bugs: Bifrost can lock more than 4GiB at a time, but must lock at least 32KiB at a time. The latter patches in the series handle these cases. In review of v1 of this series, Steven pointed out a fourth potential bug: rounding down the iova can truncate the lock region. v2 adds a new patch for this case. The size computation was unit-tested in userspace. Relevant code below, just missing some copypaste definitions for fls64/clamp/etc: #define MIN_LOCK (1ULL << 12) #define MAX_LOCK (1ULL << 48) struct { uint64_t size; uint8_t encoded; } tests[] = { /* Clamping */ { 0, 11 }, { 1, 11 }, { 2, 11 }, { 4095, 11 }, /* Power of two */ { 4096, 11 }, /* Round up */ { 4097, 12 }, { 8192, 12 }, { 16384, 13 }, { 16385, 14 }, /* Maximum */ { ~0ULL, 47 }, }; static uint8_t region_width(uint64_t size) { size = clamp(size, MIN_LOCK, MAX_LOCK); return fls64(size - 1) - 1; } int main(int argc, char **argv) { for (unsigned i = 0; i < ARRAY_SIZE(tests); ++i) { uint64_t test = tests[i].size; uint8_t expected = tests[i].encoded; uint8_t actual = region_width(test); assert(expected == actual); } } Changes in v2: * New patch for non-aligned lock addresses * Commit message improvements. * Add Steven's tags. Alyssa Rosenzweig (4): drm/panfrost: Simplify lock_region calculation drm/panfrost: Use u64 for size in lock_region drm/panfrost: Clamp lock region to Bifrost minimum drm/panfrost: Handle non-aligned lock addresses drivers/gpu/drm/panfrost/panfrost_mmu.c | 32 ++++++++++-------------- drivers/gpu/drm/panfrost/panfrost_regs.h | 2 ++ 2 files changed, 15 insertions(+), 19 deletions(-) -- 2.30.2