drm/fb_helper: Allow leaking fbdev smem_start

Since "drm/fb: Stop leaking physical address", the default behaviour of the DRM fbdev emulation is to set the smem_base to 0 and pass the new FBINFO_HIDE_SMEM_START flag. The main reason is to avoid leaking physical addresse to user-space, and it follows a general move over the kernel code to avoid user-space to manipulate physical addresses and then use some other mechanisms like dma-buf to transfer physical buffer handles over multiple subsystems. But, a lot of devices depends on closed sources binaries to enable OpenGL hardware acceleration that uses this smem_start value to pass physical addresses to out-of-tree modules in order to render into these physical adresses. These should use dma-buf buffers allocated from the DRM display device instead and stop relying on fbdev overallocation to gather DMA memory (some HW vendors delivers GBM and Wayland capable binaries, but older unsupported devices won't have these new binaries and are doomed until an Open Source solution like Lima finalizes). Since these devices heavily depends on this kind of software and because the smem_start population was available for years, it's a breakage to stop leaking smem_start without any alternative solutions. This patch adds a Kconfig depending on the EXPERT config and an unsafe kernel module parameter tainting the kernel when enabled. A clear comment and Kconfig help text was added to clarify why and when this patch should be reverted, but in the meantime it's a necessary feature to keep. Cc: Dave Airlie <airlied@gmail.com> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> Cc: Noralf Trønnes <noralf@tronnes.org> Cc: Maxime Ripard <maxime.ripard@bootlin.com> Cc: Eric Anholt <eric@anholt.net> Cc: Lucas Stach <l.stach@pengutronix.de> Cc: Rob Clark <robdclark@gmail.com> Cc: Ben Skeggs <skeggsb@gmail.com> Cc: Christian König <christian.koenig@amd.com> Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> Reviewed-by: Maxime Ripard <maxime.ripard@bootlin.com> Tested-by: Maxime Ripard <maxime.ripard@bootlin.com> Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Dave Airlie <airlied@gmail.com> Link: https://patchwork.freedesktop.org/patch/msgid/1538136355-15383-1-git-send-email-narmstrong@baylibre.com
author: Neil Armstrong <narmstrong@baylibre.com> 2018-09-28 08:05:55 -0400
committer: Neil Armstrong <narmstrong@baylibre.com> 2018-10-03 15:08:21 -0400
commit: 4be9bd10e22dfc7fc101c5cf5969ef2d3a042d8a (patch)
tree: 651f906d0c72ba2eae9efaafee4571cedc917e10 /drivers/gpu
parent: 87c2ee740c07f1edae9eec8bc45cb9b32a68f323 (diff)
2 files changed, 51 insertions, 2 deletions
diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig
index 736b7e67e4ec..4385f00e1d05 100644
--- a/drivers/gpu/drm/Kconfig
+++ b/drivers/gpu/drm/Kconfig
@@ -110,6 +110,26 @@ config DRM_FBDEV_OVERALLOC
          is 100. Typical values for double buffering will be 200,
          triple buffering 300.
+config DRM_FBDEV_LEAK_PHYS_SMEM
+        bool "Shamelessly allow leaking of fbdev physical address (DANGEROUS)"
+        depends on DRM_FBDEV_EMULATION && EXPERT
+        default n
+        help
+          In order to keep user-space compatibility, we want in certain
+          use-cases to keep leaking the fbdev physical address to the
+          user-space program handling the fbdev buffer.
+          This affects, not only, Amlogic, Allwinner or Rockchip devices
+          with ARM Mali GPUs using an userspace Blob.
+          This option is not supported by upstream developers and should be
+          removed as soon as possible and be considered as a broken and
+          legacy behaviour from a modern fbdev device driver.
+          Please send any bug reports when using this to your proprietary
+          software vendor that requires this.
+          If in doubt, say "N" or spread the word to your closed source
+          library vendor.
 config DRM_LOAD_EDID_FIRMWARE
        bool "Allow to specify an EDID data set instead of probing for it"
        depends on DRM
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index a504a5e05676..9b111e846847 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -56,6 +56,25 @@ MODULE_PARM_DESC(drm_fbdev_overalloc,
                 "Overallocation of the fbdev buffer (%) [default="
                 __MODULE_STRING(CONFIG_DRM_FBDEV_OVERALLOC) "]");
+/*
+ * In order to keep user-space compatibility, we want in certain use-cases
+ * to keep leaking the fbdev physical address to the user-space program
+ * handling the fbdev buffer.
+ * This is a bad habit essentially kept into closed source opengl driver
+ * that should really be moved into open-source upstream projects instead
+ * of using legacy physical addresses in user space to communicate with
+ * other out-of-tree kernel modules.
+ *
+ * This module_param *should* be removed as soon as possible and be
+ * considered as a broken and legacy behaviour from a modern fbdev device.
+ */
+#if IS_ENABLED(CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM)
+static bool drm_leak_fbdev_smem = false;
+module_param_unsafe(drm_leak_fbdev_smem, bool, 0600);
+MODULE_PARM_DESC(fbdev_emulation,
+                 "Allow unsafe leaking fbdev physical smem address [default=false]");
+#endif
 static LIST_HEAD(kernel_fb_helper_list);
 static DEFINE_MUTEX(kernel_fb_helper_lock);
@@ -2670,8 +2689,12 @@ __drm_fb_helper_initial_config_and_unlock(struct drm_fb_helper *fb_helper,
        info = fb_helper->fbdev;
        info->var.pixclock = 0;
-        /* don't leak any physical addresses to userspace */
+        /* Shamelessly allow physical address leaking to userspace */
-        info->flags |= FBINFO_HIDE_SMEM_START;
+#if IS_ENABLED(CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM)
+        if (!drm_leak_fbdev_smem)
+#endif
+                /* don't leak any physical addresses to userspace */
+                info->flags |= FBINFO_HIDE_SMEM_START;
        /* Need to drop locks to avoid recursive deadlock in
         * register_framebuffer. This is ok because the only thing left to do is
@@ -3081,6 +3104,12 @@ int drm_fb_helper_generic_probe(struct drm_fb_helper *fb_helper,
        fbi->screen_size = fb->height * fb->pitches[0];
        fbi->fix.smem_len = fbi->screen_size;
        fbi->screen_buffer = buffer->vaddr;
+        /* Shamelessly leak the physical address to user-space */
+#if IS_ENABLED(CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM)
+        if (drm_leak_fbdev_smem && fbi->fix.smem_start == 0)
+                fbi->fix.smem_start =
+                        page_to_phys(virt_to_page(fbi->screen_buffer));
+#endif
        strcpy(fbi->fix.id, "DRM emulated");
        drm_fb_helper_fill_fix(fbi, fb->pitches[0], fb->format->depth);
author	Neil Armstrong <narmstrong@baylibre.com>	2018-09-28 08:05:55 -0400
committer	Neil Armstrong <narmstrong@baylibre.com>	2018-10-03 15:08:21 -0400
commit	4be9bd10e22dfc7fc101c5cf5969ef2d3a042d8a (patch)
tree	651f906d0c72ba2eae9efaafee4571cedc917e10 /drivers/gpu
parent	87c2ee740c07f1edae9eec8bc45cb9b32a68f323 (diff)

diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 736b7e67e4ec..4385f00e1d05 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig
@@ -110,6 +110,26 @@ config DRM_FBDEV_OVERALLOC
110	is 100. Typical values for double buffering will be 200,	110	is 100. Typical values for double buffering will be 200,
111	triple buffering 300.	111	triple buffering 300.
112		112
		113	config DRM_FBDEV_LEAK_PHYS_SMEM
		114	bool "Shamelessly allow leaking of fbdev physical address (DANGEROUS)"
		115	depends on DRM_FBDEV_EMULATION && EXPERT
		116	default n
		117	help
		118	In order to keep user-space compatibility, we want in certain
		119	use-cases to keep leaking the fbdev physical address to the
		120	user-space program handling the fbdev buffer.
		121	This affects, not only, Amlogic, Allwinner or Rockchip devices
		122	with ARM Mali GPUs using an userspace Blob.
		123	This option is not supported by upstream developers and should be
		124	removed as soon as possible and be considered as a broken and
		125	legacy behaviour from a modern fbdev device driver.
		126
		127	Please send any bug reports when using this to your proprietary
		128	software vendor that requires this.
		129
		130	If in doubt, say "N" or spread the word to your closed source
		131	library vendor.
		132
113	config DRM_LOAD_EDID_FIRMWARE	133	config DRM_LOAD_EDID_FIRMWARE
114	bool "Allow to specify an EDID data set instead of probing for it"	134	bool "Allow to specify an EDID data set instead of probing for it"
115	depends on DRM	135	depends on DRM


diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index a504a5e05676..9b111e846847 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -56,6 +56,25 @@ MODULE_PARM_DESC(drm_fbdev_overalloc,
56	"Overallocation of the fbdev buffer (%) [default="	56	"Overallocation of the fbdev buffer (%) [default="
57	__MODULE_STRING(CONFIG_DRM_FBDEV_OVERALLOC) "]");	57	__MODULE_STRING(CONFIG_DRM_FBDEV_OVERALLOC) "]");
58		58
		59	/*
		60	* In order to keep user-space compatibility, we want in certain use-cases
		61	* to keep leaking the fbdev physical address to the user-space program
		62	* handling the fbdev buffer.
		63	* This is a bad habit essentially kept into closed source opengl driver
		64	* that should really be moved into open-source upstream projects instead
		65	* of using legacy physical addresses in user space to communicate with
		66	* other out-of-tree kernel modules.
		67	*
		68	* This module_param should be removed as soon as possible and be
		69	* considered as a broken and legacy behaviour from a modern fbdev device.
		70	*/
		71	#if IS_ENABLED(CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM)
		72	static bool drm_leak_fbdev_smem = false;
		73	module_param_unsafe(drm_leak_fbdev_smem, bool, 0600);
		74	MODULE_PARM_DESC(fbdev_emulation,
		75	"Allow unsafe leaking fbdev physical smem address [default=false]");
		76	#endif
		77
59	static LIST_HEAD(kernel_fb_helper_list);	78	static LIST_HEAD(kernel_fb_helper_list);
60	static DEFINE_MUTEX(kernel_fb_helper_lock);	79	static DEFINE_MUTEX(kernel_fb_helper_lock);
61		80
@@ -2670,8 +2689,12 @@ __drm_fb_helper_initial_config_and_unlock(struct drm_fb_helper *fb_helper,
2670		2689
2671	info = fb_helper->fbdev;	2690	info = fb_helper->fbdev;
2672	info->var.pixclock = 0;	2691	info->var.pixclock = 0;
2673	/* don't leak any physical addresses to userspace */	2692	/* Shamelessly allow physical address leaking to userspace */
2674	info->flags \|= FBINFO_HIDE_SMEM_START;	2693	#if IS_ENABLED(CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM)
		2694	if (!drm_leak_fbdev_smem)
		2695	#endif
		2696	/* don't leak any physical addresses to userspace */
		2697	info->flags \|= FBINFO_HIDE_SMEM_START;
2675		2698
2676	/* Need to drop locks to avoid recursive deadlock in	2699	/* Need to drop locks to avoid recursive deadlock in
2677	* register_framebuffer. This is ok because the only thing left to do is	2700	* register_framebuffer. This is ok because the only thing left to do is
@@ -3081,6 +3104,12 @@ int drm_fb_helper_generic_probe(struct drm_fb_helper *fb_helper,
3081	fbi->screen_size = fb->height * fb->pitches[0];	3104	fbi->screen_size = fb->height * fb->pitches[0];
3082	fbi->fix.smem_len = fbi->screen_size;	3105	fbi->fix.smem_len = fbi->screen_size;
3083	fbi->screen_buffer = buffer->vaddr;	3106	fbi->screen_buffer = buffer->vaddr;
		3107	/* Shamelessly leak the physical address to user-space */
		3108	#if IS_ENABLED(CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM)
		3109	if (drm_leak_fbdev_smem && fbi->fix.smem_start == 0)
		3110	fbi->fix.smem_start =
		3111	page_to_phys(virt_to_page(fbi->screen_buffer));
		3112	#endif
3084	strcpy(fbi->fix.id, "DRM emulated");	3113	strcpy(fbi->fix.id, "DRM emulated");
3085		3114
3086	drm_fb_helper_fill_fix(fbi, fb->pitches[0], fb->format->depth);	3115	drm_fb_helper_fill_fix(fbi, fb->pitches[0], fb->format->depth);