John Hubbard
2018-Mar-13 06:14 UTC
[Nouveau] [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
On 03/12/2018 10:50 AM, Jerome Glisse wrote:> On Mon, Mar 12, 2018 at 06:30:09PM +0100, Daniel Vetter wrote: >> On Sat, Mar 10, 2018 at 04:01:58PM +0100, Christian K??nig wrote: > > [...] > >>>> They are work underway to revamp nouveau channel creation with a new >>>> userspace API. So we might want to delay upstreaming until this lands. >>>> We can stil discuss one aspect specific to HMM here namely the issue >>>> around GEM objects used for some specific part of the GPU. Some engine >>>> inside the GPU (engine are a GPU block like the display block which >>>> is responsible of scaning memory to send out a picture through some >>>> connector for instance HDMI or DisplayPort) can only access memory >>>> with virtual address below (1 << 40). To accomodate those we need to >>>> create a "hole" inside the process address space. This patchset have >>>> a hack for that (patch 13 HACK FOR HMM AREA), it reserves a range of >>>> device file offset so that process can mmap this range with PROT_NONE >>>> to create a hole (process must make sure the hole is below 1 << 40). >>>> I feel un-easy of doing it this way but maybe it is ok with other >>>> folks. >>> >>> Well we have essentially the same problem with pre gfx9 AMD hardware. Felix >>> might have some advise how it was solved for HSA. >> >> Couldn't we do an in-kernel address space for those special gpu blocks? As >> long as it's display the kernel needs to manage it anyway, and adding a >> 2nd mapping when you pin/unpin for scanout usage shouldn't really matter >> (as long as you cache the mapping until the buffer gets thrown out of >> vram). More-or-less what we do for i915 (where we have an entirely >> separate address space for these things which is 4G on the latest chips). >> -Daniel > > We can not do an in-kernel address space for those. We already have an > in kernel address space but it does not apply for the object considered > here. > > For NVidia (i believe this is the same for AMD AFAIK) the objects we > are talking about are objects that must be in the same address space > as the one against which process's shader/dma/... get executed. > > For instance command buffer submited by userspace must be inside a > GEM object mapped inside the GPU's process address against which the > command are executed. My understanding is that the PFIFO (the engine > on nv GPU that fetch commands) first context switch to address space > associated with the channel and then starts fetching commands with > all address being interpreted against the channel address space. > > Hence why we need to reserve some range in the process virtual address > space if we want to do SVM in a sane way. I mean we could just map > buffer into GPU page table and then cross fingers and toes hopping that > the process will never get any of its mmap overlapping those mapping :) > > Cheers, > Jérôme >Hi Jerome and all, Yes, on NVIDIA GPUs, the Host/FIFO unit is limited to 40-bit addresses, so things such as the following need to be below (1 << 40), and also accessible to both CPU (user space) and GPU hardware. -- command buffers (CPU user space driver fills them, GPU consumes them), -- semaphores (here, a GPU-centric term, rather than OS-type: these are memory locations that, for example, the GPU hardware might write to, in order to indicate work completion; there are other uses as well), -- a few other things most likely (this is not a complete list). So what I'd tentatively expect that to translate into in the driver stack is, approximately: -- User space driver code mmap's an area below (1 << 40). It's hard to avoid this, given that user space needs access to the area (for filling out command buffers and monitoring semaphores, that sort of thing). Then suballocate from there using mmap's MAP_FIXED or (future-ish) MAP_FIXED_SAFE flags. ...glancing at the other fork of this thread, I think that is exactly what Felix is saying, too. So that's good. -- The user space program sits above the user space driver, and although the program could, in theory, interfere with this mmap'd area, that would be wrong in the same way that mucking around with malloc'd areas (outside of malloc() itself) is wrong. So I don't see any particular need to do much more than the above. thanks, -- John Hubbard NVIDIA
Matthew Wilcox
2018-Mar-13 13:29 UTC
[Nouveau] [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
On Mon, Mar 12, 2018 at 11:14:47PM -0700, John Hubbard wrote:> Yes, on NVIDIA GPUs, the Host/FIFO unit is limited to 40-bit addresses, so > things such as the following need to be below (1 << 40), and also accessible > to both CPU (user space) and GPU hardware. > -- command buffers (CPU user space driver fills them, GPU consumes them), > -- semaphores (here, a GPU-centric term, rather than OS-type: these are > memory locations that, for example, the GPU hardware might write to, in > order to indicate work completion; there are other uses as well), > -- a few other things most likely (this is not a complete list).Is that a 40-bit virtual address limit or physical address limit? I'm no longer sure who is addressing what memory through what mechanism ;-)
Jerome Glisse
2018-Mar-13 14:31 UTC
[Nouveau] [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
On Tue, Mar 13, 2018 at 06:29:40AM -0700, Matthew Wilcox wrote:> On Mon, Mar 12, 2018 at 11:14:47PM -0700, John Hubbard wrote: > > Yes, on NVIDIA GPUs, the Host/FIFO unit is limited to 40-bit addresses, so > > things such as the following need to be below (1 << 40), and also accessible > > to both CPU (user space) and GPU hardware. > > -- command buffers (CPU user space driver fills them, GPU consumes them), > > -- semaphores (here, a GPU-centric term, rather than OS-type: these are > > memory locations that, for example, the GPU hardware might write to, in > > order to indicate work completion; there are other uses as well), > > -- a few other things most likely (this is not a complete list). > > Is that a 40-bit virtual address limit or physical address limit? I'm > no longer sure who is addressing what memory through what mechanism ;-) >Virtual address limit, those object get mapped into GPU page table but the register/structure fields where you program those object's address only are 32bits (the virtual address is shifted by 8bits for alignment). Cheers, Jérôme
Jerome Glisse
2018-Mar-13 15:56 UTC
[Nouveau] [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
On Mon, Mar 12, 2018 at 11:14:47PM -0700, John Hubbard wrote:> On 03/12/2018 10:50 AM, Jerome Glisse wrote:[...]> Yes, on NVIDIA GPUs, the Host/FIFO unit is limited to 40-bit addresses, so > things such as the following need to be below (1 << 40), and also accessible > to both CPU (user space) and GPU hardware. > -- command buffers (CPU user space driver fills them, GPU consumes them), > -- semaphores (here, a GPU-centric term, rather than OS-type: these are > memory locations that, for example, the GPU hardware might write to, in > order to indicate work completion; there are other uses as well), > -- a few other things most likely (this is not a complete list). > > So what I'd tentatively expect that to translate into in the driver stack is, > approximately: > > -- User space driver code mmap's an area below (1 << 40). It's hard to avoid this, > given that user space needs access to the area (for filling out command > buffers and monitoring semaphores, that sort of thing). Then suballocate > from there using mmap's MAP_FIXED or (future-ish) MAP_FIXED_SAFE flags. > > ...glancing at the other fork of this thread, I think that is exactly what > Felix is saying, too. So that's good. > > -- The user space program sits above the user space driver, and although the > program could, in theory, interfere with this mmap'd area, that would be > wrong in the same way that mucking around with malloc'd areas (outside of > malloc() itself) is wrong. So I don't see any particular need to do much > more than the above.I am worried that rogue program (i am not worried about buggy program if people shoot themself in the foot they should feel the pain) could use that to abuse channel to do something harmful. I am not familiar enough with the hardware to completely rule out such scenario. I do believe hardware with userspace queue support have the necessary boundary to keep thing secure as i would assume for those the hardware engineers had to take security into consideration. Note that in my patchset the code that monitor the special vma is small something like 20lines of code that only get call if something happen to the reserved area. So i believe it is worth having such thing, cost is low for little extra peace of mind :) Cheers, Jérôme
Seemingly Similar Threads
- [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
- [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
- [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
- [RFC PATCH 00/13] SVM (share virtual memory) with HMM in nouveau
- Nouveau dmem NULL Pointer deref (SVM)