lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0edd288595cb53768822c3d9dc18b8506e07a244.camel@pengutronix.de>
Date:   Thu, 23 Jun 2022 17:26:04 +0200
From:   Lucas Stach <l.stach@...gutronix.de>
To:     Christian König <christian.koenig@....com>,
        Pekka Paalanen <ppaalanen@...il.com>
Cc:     "Sharma, Shashank" <Shashank.Sharma@....com>,
        lkml <linux-kernel@...r.kernel.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        Nicolas Dufresne <nicolas@...fresne.ca>,
        linaro-mm-sig@...ts.linaro.org,
        Sumit Semwal <sumit.semwal@...aro.org>,
        linux-media <linux-media@...r.kernel.org>
Subject: Re: DMA-buf and uncached system memory

Am Donnerstag, dem 23.06.2022 um 14:52 +0200 schrieb Christian König:
> Am 23.06.22 um 14:14 schrieb Lucas Stach:
> > Am Donnerstag, dem 23.06.2022 um 13:54 +0200 schrieb Christian König:
> > > Am 23.06.22 um 13:29 schrieb Lucas Stach:
> > > [SNIP]
> > > I mean I even had somebody from ARM which told me that this is not going
> > > to work with our GPUs on a specific SoC. That there are ARM internal use
> > > cases which just seem to work because all the devices are non-coherent
> > > is completely new to me.
> > > 
> > Yes, trying to hook up a peripheral that assumes cache snooping in some
> > design details to a non coherent SoC may end up exploding in various
> > ways. On the other hand you can work around most of those assumptions
> > by marking the memory as uncached to the CPU, which may tank
> > performance, but will work from a correctness PoV.
> 
> Yeah, and exactly that's what I meant with "DMA-buf is not the framework 
> for this".
> 
> See we do support using uncached/not snooped memory in DMA-buf, but only 
> for the exporter side.
> 
> For example the AMD and Intel GPUs have a per buffer flag for this.
> 
> The importer on the other hand needs to be able to handle whatever the 
> exporter provides.
> 
I fail to construct a case where you want the Vulkan/GL "no domain
transition" coherent semantic without the allocator knowing about this.
If you need this and the system is non-snooping, surely the allocator
will choose uncached memory.

I agree that you absolutely need to fail the usage when someone imports
a CPU cached buffer and then tries to use it as GL coherent on a non-
snooping system. That simply will not work.

> > > [SNIP]
> > > > Non coherent access, including your non-snoop scanout, and no domain
> > > > transition signal just doesn't go together when you want to solve
> > > > things in a generic way.
> > > Yeah, that's the stuff I totally agree on.
> > > 
> > > See we absolutely do have the requirement of implementing coherent
> > > access without domain transitions for Vulkan and OpenGL+extensions.
> > > 
> > Coherent can mean 2 different things:
> > 1. CPU cached with snooping from the IO device
> > 2. CPU uncached
> > 
> > The Vulkan and GL "coherent" uses are really coherent without explicit
> > domain transitions, so on non coherent arches that require the
> > transitions the only way to implement this is by making the memory CPU
> > uncached. Which from a performance PoV will probably not be what app
> > developers expect, but will still expose the correct behavior.
> 
> Quite a boomer for performance, but yes that should work.
> 
> > > > Remember that in a fully (not only IO) coherent system the CPU isn't
> > > > the only agent that may cache the content you are trying to access
> > > > here. The dirty cacheline could reasonably still be sitting in a GPU or
> > > > VPU cache, so you need some way to clean those cachelines, which isn't
> > > > a magic "importer knows how to call CPU cache clean instructions".
> > > IIRC we do already have/had a SYNC_IOCTL for cases like this, but (I
> > > need to double check as well, that's way to long ago) this was kicked
> > > out because of the requirements above.
> > > 
> > The DMA_BUF_IOCTL_SYNC is available in upstream, with the explicit
> > documentation that "userspace can not rely on coherent access".
> 
> Yeah, double checked that as well. This is for the coherency case on the 
> exporter side.
> 
> > > > > You can of course use DMA-buf in an incoherent environment, but then you
> > > > > can't expect that this works all the time.
> > > > > 
> > > > > This is documented behavior and so far we have bluntly rejected any of
> > > > > the complains that it doesn't work on most ARM SoCs and I don't really
> > > > > see a way to do this differently.
> > > > Can you point me to that part of the documentation? A quick grep for
> > > > "coherent" didn't immediately turn something up within the DMA-buf
> > > > dirs.
> > > Search for "cache coherency management". It's quite a while ago, but I
> > > do remember helping to review that stuff.
> > > 
> > That only turns up the lines in DMA_BUF_IOCTL_SYNC doc, which are
> > saying the exact opposite of the DMA-buf is always coherent.
> 
> Sounds like I'm not making clear what I want to say here: For the 
> exporter using cache coherent memory is optional, for the importer it isn't.
> 
> For the exporter it is perfectly valid to use kmalloc, get_free_page 
> etc... on his buffers as long as it uses the DMA API to give the 
> importer access to it.
> 
And here is where our line of thought diverges: the DMA API allows
snooping and non-snooping devices to work together just fine, as it has
explicit domain transitions, which are no-ops if both devices are
snooping, but will do the necessary cache maintenance when one of them
is non-snooping but the memory is CPU cached.

I don't see why DMA-buf should be any different here. Yes, you can not
support the "no domain transition" sharing when the memory is CPU
cached and one of the devices in non-snooping, but you can support 99%
of real use-cases like the non-snooped scanout or the UVC video import.

> The importer on the other hand needs to be able to deal with that. When 
> this is not the case then the importer somehow needs to work around that.
> 
Why? The importer maps the dma-buf via dma_buf_map_attachment, which in
most cases triggers a map via the DMA API on the exporter side. This
map via the DMA API will already do the right thing in terms of cache
management, it's just that we explicitly disable it via
DMA_ATTR_SKIP_CPU_SYNC in DRM because we know that the mapping will be
cached, which violates the DMA API explicit domain transition anyway.

> Either by flushing the CPU caches or by rejecting using the imported 
> buffer for this specific use case (like AMD and Intel drivers should be 
> doing).
> 
> If the Intel or ARM display drivers need non-cached memory and don't 
> reject buffer where they don't know this then that's certainly a bug in 
> those drivers.

It's not just display drivers, video codec accelerators and most GPUs
in this space are also non-snooping. In the ARM SoC world everyone just
assumes you are non-snooping, which is why things work for most cases
and only a handful like the UVC video import is broken.
> 
> Otherwise we would need to change all DMA-buf exporters to use a special 
> function for allocation non-coherent memory and that is certainly not 
> going to fly.
> 
> > I also don't see why you think that both world views are so totally
> > different. We could just require explicit domain transitions for non-
> > snoop access, which would probably solve your scanout issue and would
> > not be a problem for most ARM systems, where we could no-op this if the
> > buffer is already in uncached memory and at the same time keep the "x86
> > assumes cached + snooped access by default" semantics.
> 
> Well the key point is we intentionally rejected that design previously 
> because it created all kind of trouble as well.
> 
I would really like to know what issues popped up there. Moving the
dma-buf attachment to work more like a buffer used with the DMA API
seems like a good thing to me.

> For this limited use case of doing a domain transition right before 
> scanout it might make sense, but that's just one use case.
> 
The only case I see that we still couldn't support with a change in
that direction is the GL coherent access to a imported buffer that has
been allocated from CPU cached memory on a system with non-snooping
agents. Which to me sounds like a pretty niche use-case, but I would be
happy to be proven wrong.

Regards,
Lucas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ