Age | Commit message (Collapse) | Author |
|
If a slot number parsed from trace data exceeds the number of supported
CSG slots, the trace data must be discarded. Otherwise the access to
the invalid memory address could happen.
Bug: 304341806
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/6057
Signed-off-by: Jörg Wagner <jorwag@google.com>
Change-Id: I8e702e7487f2bea3618f2fe8ad696a1b546f10f2
|
|
Fix potential out-of-bounds read due to missing bounds check.
Bug: 298264460
Signed-off-by: Guus Sliepen <gsliepen@google.com>
Change-Id: I57b67a4177e4fe6d84a261eeb00b6b833da5486b
Merged-In: I57b67a4177e4fe6d84a261eeb00b6b833da5486b
|
|
Bug: 299948695
Change-Id: I28bde3744a365fb5a8b7794c26b5adf507041eec
|
|
Storing the waitqueue in struct kbase_context leaves epoll holding a
stale pointer to it, which it later attempts to deref and crashes the
kernel in:
[*][T15976] remove_wait_queue+0x64/0x190
[40350.510681][T15976] ep_unregister_pollwait+0x98/0xe8
Move this waitqueue to struct kbase_file to ensure that
it lives long enough during process termination that the
ep_unregister_pollwait access is valid (b/302281297).
Bug: 300750575
Test: SST: b/302324090#comment4, repro: b/300750575#comment26
Change-Id: Ib161a7d7d4314bb6951bddbd87183a7dc71d5ac0
Signed-off-by: Varad Gautam <varadgautam@google.com>
|
|
Bug: 296839414
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5965
Change-Id: I1c8a13de1e0abfff4e3cd7ec069fb139524c59db
|
|
Fix potential integer overflow within buffer liveness ioctl.
Bug: 296984851
Test: N/A
Change-Id: Ib1c9ee25a89b0a39ec905f109ee2c57c502428db
(cherry picked from https://partner-android-review.googlesource.com/q/commit:02e5329e2e3f4af00f51560895b5bbe87fe824ef)
Signed-off-by: Jack Diver <diverj@google.com>
|
|
Bug: 290882327
Change-Id: Ifb843070d65bdf4148b29c6d1a92bdf3a6f3aa89
Signed-off-by: Siddharth Kapoor <ksiddharth@google.com>
|
|
This line was re-added accidentally as part of the
merge of r44p1-00dev3 in b6fd708b3a.
Removed this line to restore exposure of the ftrace events.
Bug: 290882327
Change-Id: Ibf3215bab6d4699d905027cce3412b49e205f9fb
Signed-off-by: Debarshi Dutta <debarshid@google.com>
|
|
Split functionality to allow creation of arbitrary
thread tasks and kthread_worker_fn workers, while sharing
the promotion to RT scheduling policies for both.
Finally use this functionality to elevate "mali-gpuq-kthread"
to RT priority.
Bug: 290882327
Change-Id: Icf2c07849cdd0ca47bcfc06700853ac1856d0a87
|
|
Bug: 290882327
Change-Id: I90723cbaa3f294431087587fd8025f0688e51bf2
|
|
Provenance: ipdelivery@5c8fdf6c071d63537e87949cfb4845079a669a0b
Change-Id: Icc06581f804bf59be5fe923349318e703f02d5a3
|
|
protm_event_worker is responsible for triggering protected mode entry,
but it currently runs in a default priority workqueue, which results
in occasional long stalls for protected mode work.
The workload of this task is very light, typically only running
for a few tens of microseconds each invocation, so converting
it to a kthread should have no significant impact on overall
system performance.
Bug: 297019294
Test: Manual Netflix PiP perfetto trace inspection
Change-Id: Ica9e744bd390ae6b88a701bf2d390f82937581d0
|
|
android13-gs-pixel-5.10-udc-qpr1" into android13-gs-pixel-5.10-udc-qpr1
|
|
This reverts commit e8fa58acd3f48031ac6297e64ae996d430fa31d4.
b/290409680 shows RESET_COMPLETED irq being missed in the absence of this
patch. The original patch (pa/I2dcec3ef431) was found to not cause the
stability problems for which it was reverted (pa/I6ee1b26063a).
Reintroduce it.
Test: Boot to home.
ARM Upstreaming: Pending in https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4835
Bug: 290409680
Change-Id: Iada51bb1d9c88dd0d3b0fdab5961c85699221b47
Signed-off-by: Varad Gautam <varadgautam@google.com>
|
|
Bug: 292447561
SBMerger: 558810260
Change-Id: Ic618ad7008dfa915ff71de71bc205d9e219b7c34
Signed-off-by: Pindar Yang <pindaryang@google.com>
|
|
mapping
As a result of this change now the whole of each of the pages
underlying a memory region imported as a USER_BUFFER region
are synchronized and the driver disables automatic CPU cache
synchronization upon DMA map/unmap operations.
(cherry picked from commit 0c2790fb2b006edb3e648a8a9a732e3aadcf2436)
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5829
Bug: 295897369
Change-Id: Ifbd656b78e49ae614ca87e156321d0ccd6dd8887
|
|
We use pm_runtime for handling suspends, which means that an
internal linux power workqueue will take and hold the CSF
scheduler lock while performing suspend operations.
This workqueue runs at default priority and so might not be
scheduled fast enough if there is high CPU load, which results
in missed frames.
By promoting the CSF scheduler lock to an rt_mutex we ensure
that the GPU wakes up faster when there is work that needs to
be done, since our other internal realtime threads will be
waiting on the scheduler lock in these cases.
Bug: 296862283
Test: CUJ close camera
Change-Id: Ibe81ad7e26a75acb1640b2820902eb8144a48fdd
Merged-In: I0e81a45e3d65f60337250d35c53ef6447c876051
|
|
The change ca522e4491584d5a2a5f122ee90e3edb3581182b was added
by the automerger. It changed the sequence of the mutex_unlock
Restore it according to bce5281a0408a175137c08dc93028e2a2c0fb69b
[upstream R43P0 merge]
Bug 294759508
Change-Id: Ie9ed80e48237111e190a070f0615fad47cfb8f3a
Signed-off-by: Debarshi Dutta <debarshid@google.com>
|
|
Test: Boot to home, gfx-bench sweep
Bug: 294167925
(cherry picked from https://partner-android-review.googlesource.com/q/commit:3143995156d9372ca6af0be57aa29dd0ec14cce1)
Merged-In: I4a122fe023b43c3763884fda99cfed17048a3eb0
Change-Id: I4a122fe023b43c3763884fda99cfed17048a3eb0
Signed-off-by: Jack Diver <diverj@google.com>
|
|
Refactor kbase_mmu_update_pages, extracting flush/invalidate into new
function.
Expose no-flush variant.
Test: Build, boot
Bug: 294167925
Signed-off-by: Jack Diver <diverj@google.com>
(cherry picked from https://partner-android-review.googlesource.com/q/commit:b36ce28e0779c27e57dad90d98c5e202eb654013)
Merged-In: I4d1fce75d6ccf352ee54935138d6c92cdc609049
Change-Id: I4d1fce75d6ccf352ee54935138d6c92cdc609049
|
|
transition timeout
This patch continues FLUSH_MEM operation at function caller and increases the timeout value for the core power transition.
Change-Id: I8cf5417976ab31b8d1e9e33e6359a91455d37144
(cherry picked from commit 71f7017252aabbb0013a2f151d894959b7c7c226)
Bug: 295942377
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5812
|
|
android13-gs-pixel-5.10-udc-qpr1" into android13-gs-pixel-5.10-udc-qpr1
|
|
Invoke kbase_csf_tiler_heap_context_term() after an unsuccessful call
to kbasep_ctx_user_reg_page_mapping_init().
Bug 294759508
Change-Id: I6ef97a6e69042ab9e2351939d23e09cf4ec83216
Signed-off-by: Debarshi Dutta <debarshid@google.com>
|
|
Conflict files:
mali_kbase/context/mali_kbase_context.c
mali_kbase/mali_kbase_mem.h
SBMerger: 526756187
Change-Id: I6e2a522d8735896f970cac1157943fa2670664c7
|
|
android13-gs-pixel-5.10-udc-qpr1
|
|
memory accounting
Kbase accounts the GPU memory allocated for a context under the memory
footprint of a process, so that kernel's low memory killer or OoM killer
can kill the suitable process to free up decent amount of system memory.
For accounting, Kbase updates the 'MM_FILEPAGES' counter inside the
'mm_struct' corresponding to the process that created the Kbase context.
To ensure 'mm_struct' can always be safely accessed, a tracking page was
used which Kbase mandated to be mapped right after the opening of
'/dev/mali0' file. When the mapping was closed Kbase updated the kernel
counter to subtract all the GPU memory allocated so far for a context
but the actual freeing of GPU memory was done later. This was usually
not a problem as the mapping is closed by DDK Userspace just before the
context termination. But the Userspace is allowed to close it at will.
Malicious Userspace could have exploited this Kbase quirk by closing
the mapping which would have mislead the OoM killer in killing the
innocent processes before it gets around to the culprit process.
This commit removes the use of tracking page and uses mmgrab() to take
a reference on 'mm_struct' for User created Kbase context.
The reference doesn't prevent the freeing of address space on process
exit, it merely keeps the 'mm_struct' alive. The reference is dropped
on context termination.
For backward compatibility, the call from Base to create the mapping for
tracking page isn't rejected by Kbase. The Base code has been updated to
skip the mapping of tracking page only for newer Kbase so as to maintain
forward compatibility with the older Kbase. BASE_UK_VERSION_MINOR has
been incremented as the requirement to create a mapping for tracking
page is relaxed by Kbase.
Change-Id: I37407809d7187cb5c8fac63e6c10f72cc3bd762d
Bug: 275853921
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5165
(cherry picked from commit b29f4a639e0863c09e72d7e34c0a6ad57f9572a6)
|
|
An accidental change back to a lower hysteresis time as
a part of the R43P0 merge commit resulted in GPU
powering on and off more frequently and regressing previously
established perf. Restore the same to a value that was previously
determined and set in our downstream driver.
Bug 292157710
Bug 278174418
Change-Id: Id44337bc1fd672722a5edaf27aaca16f320b7ad0
Signed-off-by: Debarshi Dutta <debarshid@google.com>
|
|
Restore the history relationship between our side and Arm's
(goog/upstream) which was left decoupled by 20fff721667a22.
Bug: 294759508
Change-Id: I21dc645bb7376c7e659ad879d8ad2f5d683eb944
|
|
Provenance: ipdelivery@d10c137c7691a470b8b33786aec4965315db4561
Change-Id: I4fbcc669d3b8e36c8288c91fdddd8b79258b6635
|
|
We have accumulated various logging that is no longer required, and
some messages that sound more scary than they need to.
Bug: 291710900
Test: boot to home
Change-Id: I870a4136e1de423281b14a2e3ba8f643e9243d81
|
|
This restores kbase fence tracepoint operation.
Bug: 291242575
Test: b/291242575#comment12
Change-Id: I3cebd8118373b6cc43b28298955d108b2b85d505
Signed-off-by: Varad Gautam <varadgautam@google.com>
ARM upstream: Available r44p0 onwards b/291902034#comment2
|
|
When an ITMON fault report identifies a transaction originated by the
GPU, search for the faulting address in all GPU page tables and log
whether it was found or not.
Bug: 288088318
Test: boot to home
Change-Id: Ic774d4d84af625a33b94b79069f62c8a71adaad7
|
|
`TASK_COMM_LEN` is defined to 16, which means thread names longer than
15 characters (+ '\0') get truncated.
The `mali_kbase_csf_` prefix is 15 characters by itself, shorten it to
`csf_` instead to make the rest of the name readable.
This also brings those names inline with other threads created through
`kbase_create_realtime_thread` which already used the base `csf_*`
prefix.
Bug: 230023102
Test: record trace in perfetto and look for `csf_*` kthread names
Change-Id: I07d6c3d49d3f0dcda85f168e7295dba8f22c031b
|
|
For protected FW sections avoid trying to grab a 2MB page
but continue to use small pages with a tight size.
If an allocation fails do not fail the whole device intialization,
but just treat this case similar to not finding a protected allocator -
remove the allocator reference from the device and continue.
Bug 264977054
Commit-Topic: R43P0_KMD
Change-Id: I024503ef833eb01d2e36e3075e39aea30d891a80
Signed-off-by: Debarshi Dutta <debarshid@google.com>
|
|
Merge DDK version R43P0 from upstream branch
Provenance: 48a9c7e25986318c8475bc245de51e7bec2606e8 (ipdelivery/EAC/v_r43p0)
VX504X08X-BU-00000-r43p0-01eac0 - Valhall Android DDK
VX504X08X-BU-60000-r43p0-01eac0 - Valhall Android Document Bundle
VX504X08X-DC-11001-r43p0-01eac0 - Valhall Android DDK Software Errata
VX504X08X-SW-99006-r43p0-01eac0 - Valhall Android Renderscript AOSP parts
Bug 278174418
Commit-Topic: R43P0_KMD
Signed-off-by: Debarshi Dutta <debarshid@google.com>
Change-Id: I84fb19e7ce5f28e735d44a4993d51bd985aac80b
|
|
Remove differentiation between kernel thread and ioctl triggered
allocations - if the owner has a kill signal pending, stop requesting
pages.
Bug: 265224675
Change-Id: I70acfc9f3e6dc07dc040c456f11e3ddac5d49494
|
|
SBMerger: 526756187
Change-Id: I3cbd7d81818ce93bc2ab9d95bc2cc3dd8d2aaa61
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Bug: 276704984
Change-Id: Id86861197e8f0929b3594fa28d21b8e3b6bee0f9
Signed-off-by: Varad Gautam <varadgautam@google.com>
|
|
SBMerger: 526756187
Change-Id: I2aef3b329e47c52ef205c6849552ab82feab7675
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
This commit fixes a race condition in kbase_mmu_page_fault_worker when
a memory pool is required to grow. It addresses a potential racing
window where the worker is dealing with a given region's growable
pages on fault recovery yet the application side triggers a buffer
close on the specific region.
Change-Id: I25234396defd874ade30cf5075ed918e1142d96c
Bug: 287629203
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5549
(cherry picked from commit 221aa13af3d02f6b820adba0f50db7d203c41ba6)
|
|
If reset failed, both KMD and the hardware are in an unrecoverable
state. Any future attempts to process work or reset the GPU will fail,
and it may take a long time (30mins) for the device to reboot and return
to normal.
Collect a system ramdump and reboot the device immediately when reset
fails.
Bug: 276855700
Test: Simulated failed reset and checked that a ramdump was generated.
Change-Id: Iba901e1654d150b834303e0caa8fba2dc468b5ac
Signed-off-by: Varad Gautam <varadgautam@google.com>
|
|
SBMerger: 526756187
Change-Id: Iddb56c0a11fefedd9d44d653ddf327d075e4d919
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Commit 0935897 (pa/1761483) added two additional katom flags, but
updates to these new flags were not protected by hwaccess_lock, and
could thus race with other updates and ultimately corrupt atom_flags.
Bug: 265931966
Test: SST soak test
Change-Id: I95acc5e335d8013394b11149abf5d9b793648c6f
|
|
GPUCORE-35974: Add Memory Barrier between CS_REQ/ACK and CSG_DB_REQ/ACK
The access to GLB_DB_REQ/ACK needs to be ordered with respect to
CSG_REQ/ACK and CSG_DB_REQ/ACK to avoid a scenario where a CSI
request overlaps with a CSG request or 2 CSI requests overlap and
FW ends up missing the 2nd request. Memory barrier is required,
both on Host and FW side, to guarantee the ordering.
Bug: 286056062
Test: SST soak test
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4688
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5435
Change-Id: I4de23e3f37b81749c6d668952b4f8dd21c669fea
|
|
SBMerger: 526756187
Change-Id: I78a4e882d943b157a365612055ea922088ca2bff
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
SBMerger: 526756187
Change-Id: Ibe152c3a5f6bde3b32b1349e33175811bc895c38
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
|
|
Rename kutf to mali_kutf. Enable mali_kutf and
mali_kutf_clk_rate_trace_test_portal.
Bug: 267758398
Test: insmod
Change-Id: I36fecd89bce4f87d31d452f5a913c95c22513c53
Signed-off-by: Yunju Lee <yunjulee@google.com>
|
|
During an invalid GPU page fault, kbase will try to flush the GPU cache
and disable the faulting address space (AS). There is a small window
between flushing of the GPU L2 cache (MMU resumes) and when the AS is
disabled where existing jobs on the GPU may access memory for that AS,
dirtying the GPU cache.
This is a problem as the kctx->as_nr is marked as KBASEP_AS_NR_INVALID
and thus no cache maintenance will be performed on the AS of the faulty
context when cleaning up the csg_slot and releasing the context.
This patch addresses that issue by:
1. locking the AS via a GPU command
2. flushing the cache
3. disabling the AS
4. unlocking the AS
This ensures that any jobs remaining on the GPU will not be able to
access the memory due to the locked AS. Once the AS is unlocked, any
memory access will fail as the AS is now disabled.
The issue only happens on CSF GPUs. To avoid any issues, the code path
for non-CSF GPUs is left undisturbed.
(cherry picked from commit 566789dffda3dfec00ecf00f9819e7a515fb2c61)
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5071
Bug: 274014055
Change-Id: I2028182878b4f88505cc135a5f53ae4c7e734650
|
|
This patch addresses the dead lock condition due to circular locking
dependency between hwaccess_lock and clk_rtm->lock.Hwaccess_lock needs
to be taken before clk_rtm->lock to avoid locking dependency.
Change-Id: I1064dbbac7800282bf3a1ac167c9c476177aefd8
(cherry picked from commit e0dfe9669c3456ada4b860f6ba9859c59ffec9a7)
Bug: 274687461
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/5258
|
|
If kbase_release is called while jobs are in progress, the driver
will start by calling kbasep_platform_context_term before waiting
for jobs to finish in kbase_context_flush_jobs. When the jobs do
finish, the driver will call kbasep_platform_event_work_end, which
leads to issues since the platform callback has already cleaned
up resources for the kbase_context.
Make sure kbase_context_flush_jobs is called before
kbasep_platform_context_term.
Test: start/stop processes over and over
Bug: 278366794
Change-Id: Iee0297f4b64a3f6b59a5df0c26e46d446257a652
|