Commit 01f2557a authored by Matthew Brost's avatar Matthew Brost Committed by Thomas Hellström
Browse files

drm/xe: Open-code GGTT MMIO access protection 



GGTT MMIO access is currently protected by hotplug (drm_dev_enter),
which works correctly when the driver loads successfully and is later
unbound or unloaded. However, if driver load fails, this protection is
insufficient because drm_dev_unplug() is never called.

Additionally, devm release functions cannot guarantee that all BOs with
GGTT mappings are destroyed before the GGTT MMIO region is removed, as
some BOs may be freed asynchronously by worker threads.

To address this, introduce an open-coded flag, protected by the GGTT
lock, that guards GGTT MMIO access. The flag is cleared during the
dev_fini_ggtt devm release function to ensure MMIO access is disabled
once teardown begins.

Cc: stable@vger.kernel.org
Fixes: 919bb54e ("drm/xe: Fix missing runtime outer protection for ggtt_remove_node")
Reviewed-by: default avatarZhanjun Dong <zhanjun.dong@intel.com>
Signed-off-by: default avatarMatthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20260310225039.1320161-8-zhanjun.dong@intel.com


(cherry picked from commit 4f3a998a)
Signed-off-by: default avatarThomas Hellström <thomas.hellstrom@linux.intel.com>
parent e6e3ea52

drivers/gpu/drm/xe/xe_ggtt.c

+4 −6
Original line number Diff line number Diff line
@@ -313,6 +313,8 @@ static void dev_fini_ggtt(void *arg) 
{

	struct xe_ggtt *ggtt = arg;



	scoped_guard(mutex, &ggtt->lock)

		ggtt->flags &= ~XE_GGTT_FLAGS_ONLINE;

	drain_workqueue(ggtt->wq);

}
@@ -377,6 +379,7 @@ int xe_ggtt_init_early(struct xe_ggtt *ggtt) 
	if (err)

		return err;



	ggtt->flags |= XE_GGTT_FLAGS_ONLINE;

	err = devm_add_action_or_reset(xe->drm.dev, dev_fini_ggtt, ggtt);

	if (err)

		return err;
@@ -410,13 +413,10 @@ static void xe_ggtt_initial_clear(struct xe_ggtt *ggtt) 
static void ggtt_node_remove(struct xe_ggtt_node *node)

{

	struct xe_ggtt *ggtt = node->ggtt;

	struct xe_device *xe = tile_to_xe(ggtt->tile);

	bool bound;

	int idx;



	bound = drm_dev_enter(&xe->drm, &idx);



	mutex_lock(&ggtt->lock);

	bound = ggtt->flags & XE_GGTT_FLAGS_ONLINE;

	if (bound)

		xe_ggtt_clear(ggtt, node->base.start, node->base.size);

	drm_mm_remove_node(&node->base);
@@ -429,8 +429,6 @@ static void ggtt_node_remove(struct xe_ggtt_node *node) 
	if (node->invalidate_on_remove)

		xe_ggtt_invalidate(ggtt);



	drm_dev_exit(idx);



free_node:

	xe_ggtt_node_fini(node);

}

drivers/gpu/drm/xe/xe_ggtt_types.h

+4 −1
Original line number Diff line number Diff line
@@ -29,10 +29,13 @@ struct xe_ggtt { 
	u64 size;



#define XE_GGTT_FLAGS_64K       BIT(0)

#define XE_GGTT_FLAGS_ONLINE	BIT(1)

	/**

	 * @flags: Flags for this GGTT

	 * Acceptable flags:

	 * - %XE_GGTT_FLAGS_64K - if PTE size is 64K. Otherwise, regular is 4K.

	 * - %XE_GGTT_FLAGS_ONLINE - is GGTT online, protected by ggtt->lock

	 *   after init

	 */

	unsigned int flags;

	/** @scratch: Internal object allocation used as a scratch page */