[PATCH igt] igt/gem_exec_capture: MI_STORE_DWORD requires EXEC_SECURE + DRM_MASTER on ctg/ilk

[PATCH igt] igt/gem_exec_capture: MI_STORE_DWORD requires EXEC_SECURE + DRM_MASTER on ctg/ilk

[Chris Wilson]

On ctg/ilk, for whatever reason, MI_STORE_DWORD is a privileged operation
so we must request a SECURE batch.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 tests/gem_exec_capture.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/gem_exec_capture.c b/tests/gem_exec_capture.c
index 1c7d1e7cb..3a1f70567 100644
--- a/tests/gem_exec_capture.c
+++ b/tests/gem_exec_capture.c
@@ -22,6 +22,7 @@
  */
 
 #include "igt.h"
+#include "igt_device.h"
 #include "igt_sysfs.h"
 
 #define LOCAL_OBJECT_CAPTURE (1 << 7)
@@ -141,6 +142,8 @@ static void __capture(int fd, int dir, unsigned ring, uint32_t target)
 	execbuf.buffers_ptr = (uintptr_t)obj;
 	execbuf.buffer_count = ARRAY_SIZE(obj);
 	execbuf.flags = ring;
+	if (gen > 3 && gen < 6)
+		execbuf.flags |= I915_EXEC_SECURE;
 	gem_execbuf(fd, &execbuf);
 
 	/* Wait for the request to start */
@@ -204,7 +207,14 @@ igt_main
 	igt_skip_on_simulation();
 
 	igt_fixture {
+		int gen;
+
 		fd = drm_open_driver(DRIVER_INTEL);
+
+		gen = intel_gen(intel_get_drm_devid(fd));
+		if (gen > 3 && gen < 6) /* ctg and ilk need secure batches */
+			igt_device_set_master(fd);
+
 		igt_require_gem(fd);
 		gem_require_mmap_wc(fd);
 		igt_require(has_capture(fd));
-- 
2.16.1

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [igt-dev] [PATCH igt] igt/gem_exec_capture: MI_STORE_DWORD requires EXEC_SECURE + DRM_MASTER on ctg/ilk

[Ville Syrjälä]

On Sat, Feb 10, 2018 at 09:43:38PM +0000, Chris Wilson wrote:
> On ctg/ilk, for whatever reason, MI_STORE_DWORD is a privileged operation
> so we must request a SECURE batch.

IIRC ctg supposedly introduced some form of ppgtt. Isn't that the
reason?

Hmm. Now I wonder how anything works on these platforms. Should the
batch itself be executed via ppgtt if it's non-secure? Maybe the hw
has a fallback mechanism of some sort to execute via ggtt if ppgtt
isn't enabled...

ppgtt enable bit:
"When this bit is clear, all memory accesses will be completed using the
GGTT. Privileged memory protections will not be enforced (it is
acceptable for a non-secure batch buffer to access GGTT space)"

OK. That seems to confirm that part of the theory.

For pre-ctg the spec says:
"Although Buffer Security Indicator is implemented, there is no usage
 model for it and it need not be validated."

So I'm thinking we should never set the non-secure bit on these old
platforms.

> 
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> ---
>  tests/gem_exec_capture.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/tests/gem_exec_capture.c b/tests/gem_exec_capture.c
> index 1c7d1e7cb..3a1f70567 100644
> --- a/tests/gem_exec_capture.c
> +++ b/tests/gem_exec_capture.c
> @@ -22,6 +22,7 @@
>   */
>  
>  #include "igt.h"
> +#include "igt_device.h"
>  #include "igt_sysfs.h"
>  
>  #define LOCAL_OBJECT_CAPTURE (1 << 7)
> @@ -141,6 +142,8 @@ static void __capture(int fd, int dir, unsigned ring, uint32_t target)
>  	execbuf.buffers_ptr = (uintptr_t)obj;
>  	execbuf.buffer_count = ARRAY_SIZE(obj);
>  	execbuf.flags = ring;
> +	if (gen > 3 && gen < 6)
> +		execbuf.flags |= I915_EXEC_SECURE;
>  	gem_execbuf(fd, &execbuf);
>  
>  	/* Wait for the request to start */
> @@ -204,7 +207,14 @@ igt_main
>  	igt_skip_on_simulation();
>  
>  	igt_fixture {
> +		int gen;
> +
>  		fd = drm_open_driver(DRIVER_INTEL);
> +
> +		gen = intel_gen(intel_get_drm_devid(fd));
> +		if (gen > 3 && gen < 6) /* ctg and ilk need secure batches */
> +			igt_device_set_master(fd);
> +
>  		igt_require_gem(fd);
>  		gem_require_mmap_wc(fd);
>  		igt_require(has_capture(fd));
> -- 
> 2.16.1
> 
> _______________________________________________
> igt-dev mailing list
> igt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/igt-dev

-- 
Ville Syrjälä
Intel OTC
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [igt-dev] [PATCH igt] igt/gem_exec_capture: MI_STORE_DWORD requires EXEC_SECURE + DRM_MASTER on ctg/ilk

[Chris Wilson]

Quoting Ville Syrjälä (2018-02-12 17:30:52)
> On Sat, Feb 10, 2018 at 09:43:38PM +0000, Chris Wilson wrote:
> > On ctg/ilk, for whatever reason, MI_STORE_DWORD is a privileged operation
> > so we must request a SECURE batch.
> 
> IIRC ctg supposedly introduced some form of ppgtt. Isn't that the
> reason?
> 
> Hmm. Now I wonder how anything works on these platforms. Should the
> batch itself be executed via ppgtt if it's non-secure? Maybe the hw
> has a fallback mechanism of some sort to execute via ggtt if ppgtt
> isn't enabled...
> 
> ppgtt enable bit:
> "When this bit is clear, all memory accesses will be completed using the
> GGTT. Privileged memory protections will not be enforced (it is
> acceptable for a non-secure batch buffer to access GGTT space)"
> 
> OK. That seems to confirm that part of the theory.
> 
> For pre-ctg the spec says:
> "Although Buffer Security Indicator is implemented, there is no usage
>  model for it and it need not be validated."
> 
> So I'm thinking we should never set the non-secure bit on these old
> platforms.

That does open a large can of worms with the ability to write any
register from userspace or manipulate the pagetables; i.e. requires the
cmdparser. The usage model has been such that very few commands are
affected; certainly no one [else] has noticed (afaik).
-Chris
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [igt-dev] [PATCH igt] igt/gem_exec_capture: MI_STORE_DWORD requires EXEC_SECURE + DRM_MASTER on ctg/ilk

[Ville Syrjälä]

On Mon, Feb 12, 2018 at 05:37:56PM +0000, Chris Wilson wrote:
> Quoting Ville Syrjälä (2018-02-12 17:30:52)
> > On Sat, Feb 10, 2018 at 09:43:38PM +0000, Chris Wilson wrote:
> > > On ctg/ilk, for whatever reason, MI_STORE_DWORD is a privileged operation
> > > so we must request a SECURE batch.
> > 
> > IIRC ctg supposedly introduced some form of ppgtt. Isn't that the
> > reason?
> > 
> > Hmm. Now I wonder how anything works on these platforms. Should the
> > batch itself be executed via ppgtt if it's non-secure? Maybe the hw
> > has a fallback mechanism of some sort to execute via ggtt if ppgtt
> > isn't enabled...
> > 
> > ppgtt enable bit:
> > "When this bit is clear, all memory accesses will be completed using the
> > GGTT. Privileged memory protections will not be enforced (it is
> > acceptable for a non-secure batch buffer to access GGTT space)"
> > 
> > OK. That seems to confirm that part of the theory.
> > 
> > For pre-ctg the spec says:
> > "Although Buffer Security Indicator is implemented, there is no usage
> >  model for it and it need not be validated."
> > 
> > So I'm thinking we should never set the non-secure bit on these old
> > platforms.
> 
> That does open a large can of worms with the ability to write any
> register from userspace or manipulate the pagetables; i.e. requires the
> cmdparser. The usage model has been such that very few commands are
> affected; certainly no one [else] has noticed (afaik).

I suppose. I can't find any notes about this being wrong in the gen2/3
docs. And the gen4 quote just says "need not be validated" after all so
I suppose it doesn't necessarily mean it wasn't validated. And I guess
we should have found out long ago if it's hopelessly broken.

Patch is
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>

-- 
Ville Syrjälä
Intel OTC
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx