18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0
28c2ecf20Sopenharmony_ci/*
38c2ecf20Sopenharmony_ci * Copyright (C) 2015-2018 Etnaviv Project
48c2ecf20Sopenharmony_ci */
58c2ecf20Sopenharmony_ci
68c2ecf20Sopenharmony_ci#include <linux/kernel.h>
78c2ecf20Sopenharmony_ci
88c2ecf20Sopenharmony_ci#include "etnaviv_gem.h"
98c2ecf20Sopenharmony_ci#include "etnaviv_gpu.h"
108c2ecf20Sopenharmony_ci
118c2ecf20Sopenharmony_ci#include "cmdstream.xml.h"
128c2ecf20Sopenharmony_ci
138c2ecf20Sopenharmony_ci#define EXTRACT(val, field) (((val) & field##__MASK) >> field##__SHIFT)
148c2ecf20Sopenharmony_ci
158c2ecf20Sopenharmony_cistruct etna_validation_state {
168c2ecf20Sopenharmony_ci	struct etnaviv_gpu *gpu;
178c2ecf20Sopenharmony_ci	const struct drm_etnaviv_gem_submit_reloc *relocs;
188c2ecf20Sopenharmony_ci	unsigned int num_relocs;
198c2ecf20Sopenharmony_ci	u32 *start;
208c2ecf20Sopenharmony_ci};
218c2ecf20Sopenharmony_ci
228c2ecf20Sopenharmony_cistatic const struct {
238c2ecf20Sopenharmony_ci	u16 offset;
248c2ecf20Sopenharmony_ci	u16 size;
258c2ecf20Sopenharmony_ci} etnaviv_sensitive_states[] __initconst = {
268c2ecf20Sopenharmony_ci#define ST(start, num) { (start) >> 2, (num) }
278c2ecf20Sopenharmony_ci	/* 2D */
288c2ecf20Sopenharmony_ci	ST(0x1200, 1),
298c2ecf20Sopenharmony_ci	ST(0x1228, 1),
308c2ecf20Sopenharmony_ci	ST(0x1238, 1),
318c2ecf20Sopenharmony_ci	ST(0x1284, 1),
328c2ecf20Sopenharmony_ci	ST(0x128c, 1),
338c2ecf20Sopenharmony_ci	ST(0x1304, 1),
348c2ecf20Sopenharmony_ci	ST(0x1310, 1),
358c2ecf20Sopenharmony_ci	ST(0x1318, 1),
368c2ecf20Sopenharmony_ci	ST(0x12800, 4),
378c2ecf20Sopenharmony_ci	ST(0x128a0, 4),
388c2ecf20Sopenharmony_ci	ST(0x128c0, 4),
398c2ecf20Sopenharmony_ci	ST(0x12970, 4),
408c2ecf20Sopenharmony_ci	ST(0x12a00, 8),
418c2ecf20Sopenharmony_ci	ST(0x12b40, 8),
428c2ecf20Sopenharmony_ci	ST(0x12b80, 8),
438c2ecf20Sopenharmony_ci	ST(0x12ce0, 8),
448c2ecf20Sopenharmony_ci	/* 3D */
458c2ecf20Sopenharmony_ci	ST(0x0644, 1),
468c2ecf20Sopenharmony_ci	ST(0x064c, 1),
478c2ecf20Sopenharmony_ci	ST(0x0680, 8),
488c2ecf20Sopenharmony_ci	ST(0x086c, 1),
498c2ecf20Sopenharmony_ci	ST(0x1028, 1),
508c2ecf20Sopenharmony_ci	ST(0x1410, 1),
518c2ecf20Sopenharmony_ci	ST(0x1430, 1),
528c2ecf20Sopenharmony_ci	ST(0x1458, 1),
538c2ecf20Sopenharmony_ci	ST(0x1460, 8),
548c2ecf20Sopenharmony_ci	ST(0x1480, 8),
558c2ecf20Sopenharmony_ci	ST(0x1500, 8),
568c2ecf20Sopenharmony_ci	ST(0x1520, 8),
578c2ecf20Sopenharmony_ci	ST(0x1608, 1),
588c2ecf20Sopenharmony_ci	ST(0x1610, 1),
598c2ecf20Sopenharmony_ci	ST(0x1658, 1),
608c2ecf20Sopenharmony_ci	ST(0x165c, 1),
618c2ecf20Sopenharmony_ci	ST(0x1664, 1),
628c2ecf20Sopenharmony_ci	ST(0x1668, 1),
638c2ecf20Sopenharmony_ci	ST(0x16a4, 1),
648c2ecf20Sopenharmony_ci	ST(0x16c0, 8),
658c2ecf20Sopenharmony_ci	ST(0x16e0, 8),
668c2ecf20Sopenharmony_ci	ST(0x1740, 8),
678c2ecf20Sopenharmony_ci	ST(0x17c0, 8),
688c2ecf20Sopenharmony_ci	ST(0x17e0, 8),
698c2ecf20Sopenharmony_ci	ST(0x2400, 14 * 16),
708c2ecf20Sopenharmony_ci	ST(0x3824, 1),
718c2ecf20Sopenharmony_ci	ST(0x10800, 32 * 16),
728c2ecf20Sopenharmony_ci	ST(0x14600, 16),
738c2ecf20Sopenharmony_ci	ST(0x14800, 8 * 8),
748c2ecf20Sopenharmony_ci#undef ST
758c2ecf20Sopenharmony_ci};
768c2ecf20Sopenharmony_ci
778c2ecf20Sopenharmony_ci#define ETNAVIV_STATES_SIZE (VIV_FE_LOAD_STATE_HEADER_OFFSET__MASK + 1u)
788c2ecf20Sopenharmony_cistatic DECLARE_BITMAP(etnaviv_states, ETNAVIV_STATES_SIZE);
798c2ecf20Sopenharmony_ci
808c2ecf20Sopenharmony_civoid __init etnaviv_validate_init(void)
818c2ecf20Sopenharmony_ci{
828c2ecf20Sopenharmony_ci	unsigned int i;
838c2ecf20Sopenharmony_ci
848c2ecf20Sopenharmony_ci	for (i = 0; i < ARRAY_SIZE(etnaviv_sensitive_states); i++)
858c2ecf20Sopenharmony_ci		bitmap_set(etnaviv_states, etnaviv_sensitive_states[i].offset,
868c2ecf20Sopenharmony_ci			   etnaviv_sensitive_states[i].size);
878c2ecf20Sopenharmony_ci}
888c2ecf20Sopenharmony_ci
898c2ecf20Sopenharmony_cistatic void etnaviv_warn_if_non_sensitive(struct etna_validation_state *state,
908c2ecf20Sopenharmony_ci	unsigned int buf_offset, unsigned int state_addr)
918c2ecf20Sopenharmony_ci{
928c2ecf20Sopenharmony_ci	if (state->num_relocs && state->relocs->submit_offset < buf_offset) {
938c2ecf20Sopenharmony_ci		dev_warn_once(state->gpu->dev,
948c2ecf20Sopenharmony_ci			      "%s: relocation for non-sensitive state 0x%x at offset %u\n",
958c2ecf20Sopenharmony_ci			      __func__, state_addr,
968c2ecf20Sopenharmony_ci			      state->relocs->submit_offset);
978c2ecf20Sopenharmony_ci		while (state->num_relocs &&
988c2ecf20Sopenharmony_ci		       state->relocs->submit_offset < buf_offset) {
998c2ecf20Sopenharmony_ci			state->relocs++;
1008c2ecf20Sopenharmony_ci			state->num_relocs--;
1018c2ecf20Sopenharmony_ci		}
1028c2ecf20Sopenharmony_ci	}
1038c2ecf20Sopenharmony_ci}
1048c2ecf20Sopenharmony_ci
1058c2ecf20Sopenharmony_cistatic bool etnaviv_validate_load_state(struct etna_validation_state *state,
1068c2ecf20Sopenharmony_ci	u32 *ptr, unsigned int state_offset, unsigned int num)
1078c2ecf20Sopenharmony_ci{
1088c2ecf20Sopenharmony_ci	unsigned int size = min(ETNAVIV_STATES_SIZE, state_offset + num);
1098c2ecf20Sopenharmony_ci	unsigned int st_offset = state_offset, buf_offset;
1108c2ecf20Sopenharmony_ci
1118c2ecf20Sopenharmony_ci	for_each_set_bit_from(st_offset, etnaviv_states, size) {
1128c2ecf20Sopenharmony_ci		buf_offset = (ptr - state->start +
1138c2ecf20Sopenharmony_ci			      st_offset - state_offset) * 4;
1148c2ecf20Sopenharmony_ci
1158c2ecf20Sopenharmony_ci		etnaviv_warn_if_non_sensitive(state, buf_offset, st_offset * 4);
1168c2ecf20Sopenharmony_ci		if (state->num_relocs &&
1178c2ecf20Sopenharmony_ci		    state->relocs->submit_offset == buf_offset) {
1188c2ecf20Sopenharmony_ci			state->relocs++;
1198c2ecf20Sopenharmony_ci			state->num_relocs--;
1208c2ecf20Sopenharmony_ci			continue;
1218c2ecf20Sopenharmony_ci		}
1228c2ecf20Sopenharmony_ci
1238c2ecf20Sopenharmony_ci		dev_warn_ratelimited(state->gpu->dev,
1248c2ecf20Sopenharmony_ci				     "%s: load state touches restricted state 0x%x at offset %u\n",
1258c2ecf20Sopenharmony_ci				     __func__, st_offset * 4, buf_offset);
1268c2ecf20Sopenharmony_ci		return false;
1278c2ecf20Sopenharmony_ci	}
1288c2ecf20Sopenharmony_ci
1298c2ecf20Sopenharmony_ci	if (state->num_relocs) {
1308c2ecf20Sopenharmony_ci		buf_offset = (ptr - state->start + num) * 4;
1318c2ecf20Sopenharmony_ci		etnaviv_warn_if_non_sensitive(state, buf_offset, st_offset * 4 +
1328c2ecf20Sopenharmony_ci					      state->relocs->submit_offset -
1338c2ecf20Sopenharmony_ci					      buf_offset);
1348c2ecf20Sopenharmony_ci	}
1358c2ecf20Sopenharmony_ci
1368c2ecf20Sopenharmony_ci	return true;
1378c2ecf20Sopenharmony_ci}
1388c2ecf20Sopenharmony_ci
1398c2ecf20Sopenharmony_cistatic uint8_t cmd_length[32] = {
1408c2ecf20Sopenharmony_ci	[FE_OPCODE_DRAW_PRIMITIVES] = 4,
1418c2ecf20Sopenharmony_ci	[FE_OPCODE_DRAW_INDEXED_PRIMITIVES] = 6,
1428c2ecf20Sopenharmony_ci	[FE_OPCODE_DRAW_INSTANCED] = 4,
1438c2ecf20Sopenharmony_ci	[FE_OPCODE_NOP] = 2,
1448c2ecf20Sopenharmony_ci	[FE_OPCODE_STALL] = 2,
1458c2ecf20Sopenharmony_ci};
1468c2ecf20Sopenharmony_ci
1478c2ecf20Sopenharmony_cibool etnaviv_cmd_validate_one(struct etnaviv_gpu *gpu, u32 *stream,
1488c2ecf20Sopenharmony_ci			      unsigned int size,
1498c2ecf20Sopenharmony_ci			      struct drm_etnaviv_gem_submit_reloc *relocs,
1508c2ecf20Sopenharmony_ci			      unsigned int reloc_size)
1518c2ecf20Sopenharmony_ci{
1528c2ecf20Sopenharmony_ci	struct etna_validation_state state;
1538c2ecf20Sopenharmony_ci	u32 *buf = stream;
1548c2ecf20Sopenharmony_ci	u32 *end = buf + size;
1558c2ecf20Sopenharmony_ci
1568c2ecf20Sopenharmony_ci	state.gpu = gpu;
1578c2ecf20Sopenharmony_ci	state.relocs = relocs;
1588c2ecf20Sopenharmony_ci	state.num_relocs = reloc_size;
1598c2ecf20Sopenharmony_ci	state.start = stream;
1608c2ecf20Sopenharmony_ci
1618c2ecf20Sopenharmony_ci	while (buf < end) {
1628c2ecf20Sopenharmony_ci		u32 cmd = *buf;
1638c2ecf20Sopenharmony_ci		unsigned int len, n, off;
1648c2ecf20Sopenharmony_ci		unsigned int op = cmd >> 27;
1658c2ecf20Sopenharmony_ci
1668c2ecf20Sopenharmony_ci		switch (op) {
1678c2ecf20Sopenharmony_ci		case FE_OPCODE_LOAD_STATE:
1688c2ecf20Sopenharmony_ci			n = EXTRACT(cmd, VIV_FE_LOAD_STATE_HEADER_COUNT);
1698c2ecf20Sopenharmony_ci			len = ALIGN(1 + n, 2);
1708c2ecf20Sopenharmony_ci			if (buf + len > end)
1718c2ecf20Sopenharmony_ci				break;
1728c2ecf20Sopenharmony_ci
1738c2ecf20Sopenharmony_ci			off = EXTRACT(cmd, VIV_FE_LOAD_STATE_HEADER_OFFSET);
1748c2ecf20Sopenharmony_ci			if (!etnaviv_validate_load_state(&state, buf + 1,
1758c2ecf20Sopenharmony_ci							 off, n))
1768c2ecf20Sopenharmony_ci				return false;
1778c2ecf20Sopenharmony_ci			break;
1788c2ecf20Sopenharmony_ci
1798c2ecf20Sopenharmony_ci		case FE_OPCODE_DRAW_2D:
1808c2ecf20Sopenharmony_ci			n = EXTRACT(cmd, VIV_FE_DRAW_2D_HEADER_COUNT);
1818c2ecf20Sopenharmony_ci			if (n == 0)
1828c2ecf20Sopenharmony_ci				n = 256;
1838c2ecf20Sopenharmony_ci			len = 2 + n * 2;
1848c2ecf20Sopenharmony_ci			break;
1858c2ecf20Sopenharmony_ci
1868c2ecf20Sopenharmony_ci		default:
1878c2ecf20Sopenharmony_ci			len = cmd_length[op];
1888c2ecf20Sopenharmony_ci			if (len == 0) {
1898c2ecf20Sopenharmony_ci				dev_err(gpu->dev, "%s: op %u not permitted at offset %tu\n",
1908c2ecf20Sopenharmony_ci					__func__, op, buf - state.start);
1918c2ecf20Sopenharmony_ci				return false;
1928c2ecf20Sopenharmony_ci			}
1938c2ecf20Sopenharmony_ci			break;
1948c2ecf20Sopenharmony_ci		}
1958c2ecf20Sopenharmony_ci
1968c2ecf20Sopenharmony_ci		buf += len;
1978c2ecf20Sopenharmony_ci	}
1988c2ecf20Sopenharmony_ci
1998c2ecf20Sopenharmony_ci	if (buf > end) {
2008c2ecf20Sopenharmony_ci		dev_err(gpu->dev, "%s: commands overflow end of buffer: %tu > %u\n",
2018c2ecf20Sopenharmony_ci			__func__, buf - state.start, size);
2028c2ecf20Sopenharmony_ci		return false;
2038c2ecf20Sopenharmony_ci	}
2048c2ecf20Sopenharmony_ci
2058c2ecf20Sopenharmony_ci	return true;
2068c2ecf20Sopenharmony_ci}
207