drm/i915: Allow multiple user handles to the same VM
authorChris Wilson <chris@chris-wilson.co.uk>
Thu, 25 Apr 2019 05:43:33 +0000 (06:43 +0100)
committerChris Wilson <chris@chris-wilson.co.uk>
Thu, 25 Apr 2019 06:33:57 +0000 (07:33 +0100)
It was noted that we made the same mistake for VM_ID as for object
handles, whereby we ensured that we only allocated a single handle for
one ppgtt. This has the unfortunate consequence for userspace that they
need to reference count the handles to avoid destroying an active ID. If
we allow multiple handles to the same ppgtt, userspace can freely
unreference any handle they own without fear of destroying the same
handle in use elsewhere.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190425054333.27299-1-chris@chris-wilson.co.uk
drivers/gpu/drm/i915/i915_gem_context.c
drivers/gpu/drm/i915/i915_gem_gtt.h

index 76ed74e75d82800c071f370ce41d77a08e9b261f..05496ea7a1235bd076f5275656890e009535c2a3 100644 (file)
@@ -772,8 +772,7 @@ int i915_gem_vm_create_ioctl(struct drm_device *dev, void *data,
        if (err < 0)
                goto err_unlock;
 
-       GEM_BUG_ON(err == 0); /* reserved for default/unassigned ppgtt */
-       ppgtt->user_handle = err;
+       GEM_BUG_ON(err == 0); /* reserved for invalid/unassigned ppgtt */
 
        mutex_unlock(&file_priv->vm_idr_lock);
 
@@ -811,10 +810,6 @@ int i915_gem_vm_destroy_ioctl(struct drm_device *dev, void *data,
                return err;
 
        ppgtt = idr_remove(&file_priv->vm_idr, id);
-       if (ppgtt) {
-               GEM_BUG_ON(ppgtt->user_handle != id);
-               ppgtt->user_handle = 0;
-       }
 
        mutex_unlock(&file_priv->vm_idr_lock);
        if (!ppgtt)
@@ -925,18 +920,15 @@ static int get_ppgtt(struct drm_i915_file_private *file_priv,
        if (ret)
                goto err_put;
 
-       if (!ppgtt->user_handle) {
-               ret = idr_alloc(&file_priv->vm_idr, ppgtt, 0, 0, GFP_KERNEL);
-               GEM_BUG_ON(!ret);
-               if (ret < 0)
-                       goto err_unlock;
+       ret = idr_alloc(&file_priv->vm_idr, ppgtt, 0, 0, GFP_KERNEL);
+       GEM_BUG_ON(!ret);
+       if (ret < 0)
+               goto err_unlock;
 
-               ppgtt->user_handle = ret;
-               i915_ppgtt_get(ppgtt);
-       }
+       i915_ppgtt_get(ppgtt);
 
        args->size = 0;
-       args->value = ppgtt->user_handle;
+       args->value = ret;
 
        ret = 0;
 err_unlock:
@@ -1027,10 +1019,8 @@ static int set_ppgtt(struct drm_i915_file_private *file_priv,
                return err;
 
        ppgtt = idr_find(&file_priv->vm_idr, args->value);
-       if (ppgtt) {
-               GEM_BUG_ON(ppgtt->user_handle != args->value);
+       if (ppgtt)
                i915_ppgtt_get(ppgtt);
-       }
        mutex_unlock(&file_priv->vm_idr_lock);
        if (!ppgtt)
                return -ENOENT;
index f85b75db1f98e7aa04fcdab2e9a0a0005c4f516b..2fafa04c45ec099990aa80dd2d28c272cc4a503a 100644 (file)
@@ -397,8 +397,6 @@ struct i915_hw_ppgtt {
                struct i915_page_directory_pointer pdp; /* GEN8+ */
                struct i915_page_directory pd;          /* GEN6-7 */
        };
-
-       u32 user_handle;
 };
 
 struct gen6_hw_ppgtt {