kfd_events.c (36529B)
1// SPDX-License-Identifier: GPL-2.0 OR MIT 2/* 3 * Copyright 2014-2022 Advanced Micro Devices, Inc. 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be included in 13 * all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 19 * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 20 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 21 * OTHER DEALINGS IN THE SOFTWARE. 22 */ 23 24#include <linux/mm_types.h> 25#include <linux/slab.h> 26#include <linux/types.h> 27#include <linux/sched/signal.h> 28#include <linux/sched/mm.h> 29#include <linux/uaccess.h> 30#include <linux/mman.h> 31#include <linux/memory.h> 32#include "kfd_priv.h" 33#include "kfd_events.h" 34#include "kfd_iommu.h" 35#include <linux/device.h> 36 37/* 38 * Wrapper around wait_queue_entry_t 39 */ 40struct kfd_event_waiter { 41 wait_queue_entry_t wait; 42 struct kfd_event *event; /* Event to wait for */ 43 bool activated; /* Becomes true when event is signaled */ 44}; 45 46/* 47 * Each signal event needs a 64-bit signal slot where the signaler will write 48 * a 1 before sending an interrupt. (This is needed because some interrupts 49 * do not contain enough spare data bits to identify an event.) 50 * We get whole pages and map them to the process VA. 51 * Individual signal events use their event_id as slot index. 52 */ 53struct kfd_signal_page { 54 uint64_t *kernel_address; 55 uint64_t __user *user_address; 56 bool need_to_free_pages; 57}; 58 59static uint64_t *page_slots(struct kfd_signal_page *page) 60{ 61 return page->kernel_address; 62} 63 64static struct kfd_signal_page *allocate_signal_page(struct kfd_process *p) 65{ 66 void *backing_store; 67 struct kfd_signal_page *page; 68 69 page = kzalloc(sizeof(*page), GFP_KERNEL); 70 if (!page) 71 return NULL; 72 73 backing_store = (void *) __get_free_pages(GFP_KERNEL, 74 get_order(KFD_SIGNAL_EVENT_LIMIT * 8)); 75 if (!backing_store) 76 goto fail_alloc_signal_store; 77 78 /* Initialize all events to unsignaled */ 79 memset(backing_store, (uint8_t) UNSIGNALED_EVENT_SLOT, 80 KFD_SIGNAL_EVENT_LIMIT * 8); 81 82 page->kernel_address = backing_store; 83 page->need_to_free_pages = true; 84 pr_debug("Allocated new event signal page at %p, for process %p\n", 85 page, p); 86 87 return page; 88 89fail_alloc_signal_store: 90 kfree(page); 91 return NULL; 92} 93 94static int allocate_event_notification_slot(struct kfd_process *p, 95 struct kfd_event *ev, 96 const int *restore_id) 97{ 98 int id; 99 100 if (!p->signal_page) { 101 p->signal_page = allocate_signal_page(p); 102 if (!p->signal_page) 103 return -ENOMEM; 104 /* Oldest user mode expects 256 event slots */ 105 p->signal_mapped_size = 256*8; 106 } 107 108 if (restore_id) { 109 id = idr_alloc(&p->event_idr, ev, *restore_id, *restore_id + 1, 110 GFP_KERNEL); 111 } else { 112 /* 113 * Compatibility with old user mode: Only use signal slots 114 * user mode has mapped, may be less than 115 * KFD_SIGNAL_EVENT_LIMIT. This also allows future increase 116 * of the event limit without breaking user mode. 117 */ 118 id = idr_alloc(&p->event_idr, ev, 0, p->signal_mapped_size / 8, 119 GFP_KERNEL); 120 } 121 if (id < 0) 122 return id; 123 124 ev->event_id = id; 125 page_slots(p->signal_page)[id] = UNSIGNALED_EVENT_SLOT; 126 127 return 0; 128} 129 130/* 131 * Assumes that p->event_mutex or rcu_readlock is held and of course that p is 132 * not going away. 133 */ 134static struct kfd_event *lookup_event_by_id(struct kfd_process *p, uint32_t id) 135{ 136 return idr_find(&p->event_idr, id); 137} 138 139/** 140 * lookup_signaled_event_by_partial_id - Lookup signaled event from partial ID 141 * @p: Pointer to struct kfd_process 142 * @id: ID to look up 143 * @bits: Number of valid bits in @id 144 * 145 * Finds the first signaled event with a matching partial ID. If no 146 * matching signaled event is found, returns NULL. In that case the 147 * caller should assume that the partial ID is invalid and do an 148 * exhaustive search of all siglaned events. 149 * 150 * If multiple events with the same partial ID signal at the same 151 * time, they will be found one interrupt at a time, not necessarily 152 * in the same order the interrupts occurred. As long as the number of 153 * interrupts is correct, all signaled events will be seen by the 154 * driver. 155 */ 156static struct kfd_event *lookup_signaled_event_by_partial_id( 157 struct kfd_process *p, uint32_t id, uint32_t bits) 158{ 159 struct kfd_event *ev; 160 161 if (!p->signal_page || id >= KFD_SIGNAL_EVENT_LIMIT) 162 return NULL; 163 164 /* Fast path for the common case that @id is not a partial ID 165 * and we only need a single lookup. 166 */ 167 if (bits > 31 || (1U << bits) >= KFD_SIGNAL_EVENT_LIMIT) { 168 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT) 169 return NULL; 170 171 return idr_find(&p->event_idr, id); 172 } 173 174 /* General case for partial IDs: Iterate over all matching IDs 175 * and find the first one that has signaled. 176 */ 177 for (ev = NULL; id < KFD_SIGNAL_EVENT_LIMIT && !ev; id += 1U << bits) { 178 if (page_slots(p->signal_page)[id] == UNSIGNALED_EVENT_SLOT) 179 continue; 180 181 ev = idr_find(&p->event_idr, id); 182 } 183 184 return ev; 185} 186 187static int create_signal_event(struct file *devkfd, struct kfd_process *p, 188 struct kfd_event *ev, const int *restore_id) 189{ 190 int ret; 191 192 if (p->signal_mapped_size && 193 p->signal_event_count == p->signal_mapped_size / 8) { 194 if (!p->signal_event_limit_reached) { 195 pr_debug("Signal event wasn't created because limit was reached\n"); 196 p->signal_event_limit_reached = true; 197 } 198 return -ENOSPC; 199 } 200 201 ret = allocate_event_notification_slot(p, ev, restore_id); 202 if (ret) { 203 pr_warn("Signal event wasn't created because out of kernel memory\n"); 204 return ret; 205 } 206 207 p->signal_event_count++; 208 209 ev->user_signal_address = &p->signal_page->user_address[ev->event_id]; 210 pr_debug("Signal event number %zu created with id %d, address %p\n", 211 p->signal_event_count, ev->event_id, 212 ev->user_signal_address); 213 214 return 0; 215} 216 217static int create_other_event(struct kfd_process *p, struct kfd_event *ev, const int *restore_id) 218{ 219 int id; 220 221 if (restore_id) 222 id = idr_alloc(&p->event_idr, ev, *restore_id, *restore_id + 1, 223 GFP_KERNEL); 224 else 225 /* Cast KFD_LAST_NONSIGNAL_EVENT to uint32_t. This allows an 226 * intentional integer overflow to -1 without a compiler 227 * warning. idr_alloc treats a negative value as "maximum 228 * signed integer". 229 */ 230 id = idr_alloc(&p->event_idr, ev, KFD_FIRST_NONSIGNAL_EVENT_ID, 231 (uint32_t)KFD_LAST_NONSIGNAL_EVENT_ID + 1, 232 GFP_KERNEL); 233 234 if (id < 0) 235 return id; 236 ev->event_id = id; 237 238 return 0; 239} 240 241int kfd_event_init_process(struct kfd_process *p) 242{ 243 int id; 244 245 mutex_init(&p->event_mutex); 246 idr_init(&p->event_idr); 247 p->signal_page = NULL; 248 p->signal_event_count = 1; 249 /* Allocate event ID 0. It is used for a fast path to ignore bogus events 250 * that are sent by the CP without a context ID 251 */ 252 id = idr_alloc(&p->event_idr, NULL, 0, 1, GFP_KERNEL); 253 if (id < 0) { 254 idr_destroy(&p->event_idr); 255 mutex_destroy(&p->event_mutex); 256 return id; 257 } 258 return 0; 259} 260 261static void destroy_event(struct kfd_process *p, struct kfd_event *ev) 262{ 263 struct kfd_event_waiter *waiter; 264 265 /* Wake up pending waiters. They will return failure */ 266 spin_lock(&ev->lock); 267 list_for_each_entry(waiter, &ev->wq.head, wait.entry) 268 WRITE_ONCE(waiter->event, NULL); 269 wake_up_all(&ev->wq); 270 spin_unlock(&ev->lock); 271 272 if (ev->type == KFD_EVENT_TYPE_SIGNAL || 273 ev->type == KFD_EVENT_TYPE_DEBUG) 274 p->signal_event_count--; 275 276 idr_remove(&p->event_idr, ev->event_id); 277 kfree_rcu(ev, rcu); 278} 279 280static void destroy_events(struct kfd_process *p) 281{ 282 struct kfd_event *ev; 283 uint32_t id; 284 285 idr_for_each_entry(&p->event_idr, ev, id) 286 if (ev) 287 destroy_event(p, ev); 288 idr_destroy(&p->event_idr); 289 mutex_destroy(&p->event_mutex); 290} 291 292/* 293 * We assume that the process is being destroyed and there is no need to 294 * unmap the pages or keep bookkeeping data in order. 295 */ 296static void shutdown_signal_page(struct kfd_process *p) 297{ 298 struct kfd_signal_page *page = p->signal_page; 299 300 if (page) { 301 if (page->need_to_free_pages) 302 free_pages((unsigned long)page->kernel_address, 303 get_order(KFD_SIGNAL_EVENT_LIMIT * 8)); 304 kfree(page); 305 } 306} 307 308void kfd_event_free_process(struct kfd_process *p) 309{ 310 destroy_events(p); 311 shutdown_signal_page(p); 312} 313 314static bool event_can_be_gpu_signaled(const struct kfd_event *ev) 315{ 316 return ev->type == KFD_EVENT_TYPE_SIGNAL || 317 ev->type == KFD_EVENT_TYPE_DEBUG; 318} 319 320static bool event_can_be_cpu_signaled(const struct kfd_event *ev) 321{ 322 return ev->type == KFD_EVENT_TYPE_SIGNAL; 323} 324 325static int kfd_event_page_set(struct kfd_process *p, void *kernel_address, 326 uint64_t size, uint64_t user_handle) 327{ 328 struct kfd_signal_page *page; 329 330 if (p->signal_page) 331 return -EBUSY; 332 333 page = kzalloc(sizeof(*page), GFP_KERNEL); 334 if (!page) 335 return -ENOMEM; 336 337 /* Initialize all events to unsignaled */ 338 memset(kernel_address, (uint8_t) UNSIGNALED_EVENT_SLOT, 339 KFD_SIGNAL_EVENT_LIMIT * 8); 340 341 page->kernel_address = kernel_address; 342 343 p->signal_page = page; 344 p->signal_mapped_size = size; 345 p->signal_handle = user_handle; 346 return 0; 347} 348 349int kfd_kmap_event_page(struct kfd_process *p, uint64_t event_page_offset) 350{ 351 struct kfd_dev *kfd; 352 struct kfd_process_device *pdd; 353 void *mem, *kern_addr; 354 uint64_t size; 355 int err = 0; 356 357 if (p->signal_page) { 358 pr_err("Event page is already set\n"); 359 return -EINVAL; 360 } 361 362 pdd = kfd_process_device_data_by_id(p, GET_GPU_ID(event_page_offset)); 363 if (!pdd) { 364 pr_err("Getting device by id failed in %s\n", __func__); 365 return -EINVAL; 366 } 367 kfd = pdd->dev; 368 369 pdd = kfd_bind_process_to_device(kfd, p); 370 if (IS_ERR(pdd)) 371 return PTR_ERR(pdd); 372 373 mem = kfd_process_device_translate_handle(pdd, 374 GET_IDR_HANDLE(event_page_offset)); 375 if (!mem) { 376 pr_err("Can't find BO, offset is 0x%llx\n", event_page_offset); 377 return -EINVAL; 378 } 379 380 err = amdgpu_amdkfd_gpuvm_map_gtt_bo_to_kernel(kfd->adev, 381 mem, &kern_addr, &size); 382 if (err) { 383 pr_err("Failed to map event page to kernel\n"); 384 return err; 385 } 386 387 err = kfd_event_page_set(p, kern_addr, size, event_page_offset); 388 if (err) { 389 pr_err("Failed to set event page\n"); 390 amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel(kfd->adev, mem); 391 return err; 392 } 393 return err; 394} 395 396int kfd_event_create(struct file *devkfd, struct kfd_process *p, 397 uint32_t event_type, bool auto_reset, uint32_t node_id, 398 uint32_t *event_id, uint32_t *event_trigger_data, 399 uint64_t *event_page_offset, uint32_t *event_slot_index) 400{ 401 int ret = 0; 402 struct kfd_event *ev = kzalloc(sizeof(*ev), GFP_KERNEL); 403 404 if (!ev) 405 return -ENOMEM; 406 407 ev->type = event_type; 408 ev->auto_reset = auto_reset; 409 ev->signaled = false; 410 411 spin_lock_init(&ev->lock); 412 init_waitqueue_head(&ev->wq); 413 414 *event_page_offset = 0; 415 416 mutex_lock(&p->event_mutex); 417 418 switch (event_type) { 419 case KFD_EVENT_TYPE_SIGNAL: 420 case KFD_EVENT_TYPE_DEBUG: 421 ret = create_signal_event(devkfd, p, ev, NULL); 422 if (!ret) { 423 *event_page_offset = KFD_MMAP_TYPE_EVENTS; 424 *event_slot_index = ev->event_id; 425 } 426 break; 427 default: 428 ret = create_other_event(p, ev, NULL); 429 break; 430 } 431 432 if (!ret) { 433 *event_id = ev->event_id; 434 *event_trigger_data = ev->event_id; 435 } else { 436 kfree(ev); 437 } 438 439 mutex_unlock(&p->event_mutex); 440 441 return ret; 442} 443 444int kfd_criu_restore_event(struct file *devkfd, 445 struct kfd_process *p, 446 uint8_t __user *user_priv_ptr, 447 uint64_t *priv_data_offset, 448 uint64_t max_priv_data_size) 449{ 450 struct kfd_criu_event_priv_data *ev_priv; 451 struct kfd_event *ev = NULL; 452 int ret = 0; 453 454 ev_priv = kmalloc(sizeof(*ev_priv), GFP_KERNEL); 455 if (!ev_priv) 456 return -ENOMEM; 457 458 ev = kzalloc(sizeof(*ev), GFP_KERNEL); 459 if (!ev) { 460 ret = -ENOMEM; 461 goto exit; 462 } 463 464 if (*priv_data_offset + sizeof(*ev_priv) > max_priv_data_size) { 465 ret = -EINVAL; 466 goto exit; 467 } 468 469 ret = copy_from_user(ev_priv, user_priv_ptr + *priv_data_offset, sizeof(*ev_priv)); 470 if (ret) { 471 ret = -EFAULT; 472 goto exit; 473 } 474 *priv_data_offset += sizeof(*ev_priv); 475 476 if (ev_priv->user_handle) { 477 ret = kfd_kmap_event_page(p, ev_priv->user_handle); 478 if (ret) 479 goto exit; 480 } 481 482 ev->type = ev_priv->type; 483 ev->auto_reset = ev_priv->auto_reset; 484 ev->signaled = ev_priv->signaled; 485 486 spin_lock_init(&ev->lock); 487 init_waitqueue_head(&ev->wq); 488 489 mutex_lock(&p->event_mutex); 490 switch (ev->type) { 491 case KFD_EVENT_TYPE_SIGNAL: 492 case KFD_EVENT_TYPE_DEBUG: 493 ret = create_signal_event(devkfd, p, ev, &ev_priv->event_id); 494 break; 495 case KFD_EVENT_TYPE_MEMORY: 496 memcpy(&ev->memory_exception_data, 497 &ev_priv->memory_exception_data, 498 sizeof(struct kfd_hsa_memory_exception_data)); 499 500 ret = create_other_event(p, ev, &ev_priv->event_id); 501 break; 502 case KFD_EVENT_TYPE_HW_EXCEPTION: 503 memcpy(&ev->hw_exception_data, 504 &ev_priv->hw_exception_data, 505 sizeof(struct kfd_hsa_hw_exception_data)); 506 507 ret = create_other_event(p, ev, &ev_priv->event_id); 508 break; 509 } 510 511exit: 512 if (ret) 513 kfree(ev); 514 515 kfree(ev_priv); 516 517 mutex_unlock(&p->event_mutex); 518 519 return ret; 520} 521 522int kfd_criu_checkpoint_events(struct kfd_process *p, 523 uint8_t __user *user_priv_data, 524 uint64_t *priv_data_offset) 525{ 526 struct kfd_criu_event_priv_data *ev_privs; 527 int i = 0; 528 int ret = 0; 529 struct kfd_event *ev; 530 uint32_t ev_id; 531 532 uint32_t num_events = kfd_get_num_events(p); 533 534 if (!num_events) 535 return 0; 536 537 ev_privs = kvzalloc(num_events * sizeof(*ev_privs), GFP_KERNEL); 538 if (!ev_privs) 539 return -ENOMEM; 540 541 542 idr_for_each_entry(&p->event_idr, ev, ev_id) { 543 struct kfd_criu_event_priv_data *ev_priv; 544 545 /* 546 * Currently, all events have same size of private_data, but the current ioctl's 547 * and CRIU plugin supports private_data of variable sizes 548 */ 549 ev_priv = &ev_privs[i]; 550 551 ev_priv->object_type = KFD_CRIU_OBJECT_TYPE_EVENT; 552 553 /* We store the user_handle with the first event */ 554 if (i == 0 && p->signal_page) 555 ev_priv->user_handle = p->signal_handle; 556 557 ev_priv->event_id = ev->event_id; 558 ev_priv->auto_reset = ev->auto_reset; 559 ev_priv->type = ev->type; 560 ev_priv->signaled = ev->signaled; 561 562 if (ev_priv->type == KFD_EVENT_TYPE_MEMORY) 563 memcpy(&ev_priv->memory_exception_data, 564 &ev->memory_exception_data, 565 sizeof(struct kfd_hsa_memory_exception_data)); 566 else if (ev_priv->type == KFD_EVENT_TYPE_HW_EXCEPTION) 567 memcpy(&ev_priv->hw_exception_data, 568 &ev->hw_exception_data, 569 sizeof(struct kfd_hsa_hw_exception_data)); 570 571 pr_debug("Checkpointed event[%d] id = 0x%08x auto_reset = %x type = %x signaled = %x\n", 572 i, 573 ev_priv->event_id, 574 ev_priv->auto_reset, 575 ev_priv->type, 576 ev_priv->signaled); 577 i++; 578 } 579 580 ret = copy_to_user(user_priv_data + *priv_data_offset, 581 ev_privs, num_events * sizeof(*ev_privs)); 582 if (ret) { 583 pr_err("Failed to copy events priv to user\n"); 584 ret = -EFAULT; 585 } 586 587 *priv_data_offset += num_events * sizeof(*ev_privs); 588 589 kvfree(ev_privs); 590 return ret; 591} 592 593int kfd_get_num_events(struct kfd_process *p) 594{ 595 struct kfd_event *ev; 596 uint32_t id; 597 u32 num_events = 0; 598 599 idr_for_each_entry(&p->event_idr, ev, id) 600 num_events++; 601 602 return num_events; 603} 604 605/* Assumes that p is current. */ 606int kfd_event_destroy(struct kfd_process *p, uint32_t event_id) 607{ 608 struct kfd_event *ev; 609 int ret = 0; 610 611 mutex_lock(&p->event_mutex); 612 613 ev = lookup_event_by_id(p, event_id); 614 615 if (ev) 616 destroy_event(p, ev); 617 else 618 ret = -EINVAL; 619 620 mutex_unlock(&p->event_mutex); 621 return ret; 622} 623 624static void set_event(struct kfd_event *ev) 625{ 626 struct kfd_event_waiter *waiter; 627 628 /* Auto reset if the list is non-empty and we're waking 629 * someone. waitqueue_active is safe here because we're 630 * protected by the ev->lock, which is also held when 631 * updating the wait queues in kfd_wait_on_events. 632 */ 633 ev->signaled = !ev->auto_reset || !waitqueue_active(&ev->wq); 634 635 list_for_each_entry(waiter, &ev->wq.head, wait.entry) 636 WRITE_ONCE(waiter->activated, true); 637 638 wake_up_all(&ev->wq); 639} 640 641/* Assumes that p is current. */ 642int kfd_set_event(struct kfd_process *p, uint32_t event_id) 643{ 644 int ret = 0; 645 struct kfd_event *ev; 646 647 rcu_read_lock(); 648 649 ev = lookup_event_by_id(p, event_id); 650 if (!ev) { 651 ret = -EINVAL; 652 goto unlock_rcu; 653 } 654 spin_lock(&ev->lock); 655 656 if (event_can_be_cpu_signaled(ev)) 657 set_event(ev); 658 else 659 ret = -EINVAL; 660 661 spin_unlock(&ev->lock); 662unlock_rcu: 663 rcu_read_unlock(); 664 return ret; 665} 666 667static void reset_event(struct kfd_event *ev) 668{ 669 ev->signaled = false; 670} 671 672/* Assumes that p is current. */ 673int kfd_reset_event(struct kfd_process *p, uint32_t event_id) 674{ 675 int ret = 0; 676 struct kfd_event *ev; 677 678 rcu_read_lock(); 679 680 ev = lookup_event_by_id(p, event_id); 681 if (!ev) { 682 ret = -EINVAL; 683 goto unlock_rcu; 684 } 685 spin_lock(&ev->lock); 686 687 if (event_can_be_cpu_signaled(ev)) 688 reset_event(ev); 689 else 690 ret = -EINVAL; 691 692 spin_unlock(&ev->lock); 693unlock_rcu: 694 rcu_read_unlock(); 695 return ret; 696 697} 698 699static void acknowledge_signal(struct kfd_process *p, struct kfd_event *ev) 700{ 701 WRITE_ONCE(page_slots(p->signal_page)[ev->event_id], UNSIGNALED_EVENT_SLOT); 702} 703 704static void set_event_from_interrupt(struct kfd_process *p, 705 struct kfd_event *ev) 706{ 707 if (ev && event_can_be_gpu_signaled(ev)) { 708 acknowledge_signal(p, ev); 709 spin_lock(&ev->lock); 710 set_event(ev); 711 spin_unlock(&ev->lock); 712 } 713} 714 715void kfd_signal_event_interrupt(u32 pasid, uint32_t partial_id, 716 uint32_t valid_id_bits) 717{ 718 struct kfd_event *ev = NULL; 719 720 /* 721 * Because we are called from arbitrary context (workqueue) as opposed 722 * to process context, kfd_process could attempt to exit while we are 723 * running so the lookup function increments the process ref count. 724 */ 725 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 726 727 if (!p) 728 return; /* Presumably process exited. */ 729 730 rcu_read_lock(); 731 732 if (valid_id_bits) 733 ev = lookup_signaled_event_by_partial_id(p, partial_id, 734 valid_id_bits); 735 if (ev) { 736 set_event_from_interrupt(p, ev); 737 } else if (p->signal_page) { 738 /* 739 * Partial ID lookup failed. Assume that the event ID 740 * in the interrupt payload was invalid and do an 741 * exhaustive search of signaled events. 742 */ 743 uint64_t *slots = page_slots(p->signal_page); 744 uint32_t id; 745 746 if (valid_id_bits) 747 pr_debug_ratelimited("Partial ID invalid: %u (%u valid bits)\n", 748 partial_id, valid_id_bits); 749 750 if (p->signal_event_count < KFD_SIGNAL_EVENT_LIMIT / 64) { 751 /* With relatively few events, it's faster to 752 * iterate over the event IDR 753 */ 754 idr_for_each_entry(&p->event_idr, ev, id) { 755 if (id >= KFD_SIGNAL_EVENT_LIMIT) 756 break; 757 758 if (READ_ONCE(slots[id]) != UNSIGNALED_EVENT_SLOT) 759 set_event_from_interrupt(p, ev); 760 } 761 } else { 762 /* With relatively many events, it's faster to 763 * iterate over the signal slots and lookup 764 * only signaled events from the IDR. 765 */ 766 for (id = 1; id < KFD_SIGNAL_EVENT_LIMIT; id++) 767 if (READ_ONCE(slots[id]) != UNSIGNALED_EVENT_SLOT) { 768 ev = lookup_event_by_id(p, id); 769 set_event_from_interrupt(p, ev); 770 } 771 } 772 } 773 774 rcu_read_unlock(); 775 kfd_unref_process(p); 776} 777 778static struct kfd_event_waiter *alloc_event_waiters(uint32_t num_events) 779{ 780 struct kfd_event_waiter *event_waiters; 781 uint32_t i; 782 783 event_waiters = kmalloc_array(num_events, 784 sizeof(struct kfd_event_waiter), 785 GFP_KERNEL); 786 if (!event_waiters) 787 return NULL; 788 789 for (i = 0; (event_waiters) && (i < num_events) ; i++) { 790 init_wait(&event_waiters[i].wait); 791 event_waiters[i].activated = false; 792 } 793 794 return event_waiters; 795} 796 797static int init_event_waiter(struct kfd_process *p, 798 struct kfd_event_waiter *waiter, 799 uint32_t event_id) 800{ 801 struct kfd_event *ev = lookup_event_by_id(p, event_id); 802 803 if (!ev) 804 return -EINVAL; 805 806 spin_lock(&ev->lock); 807 waiter->event = ev; 808 waiter->activated = ev->signaled; 809 ev->signaled = ev->signaled && !ev->auto_reset; 810 if (!waiter->activated) 811 add_wait_queue(&ev->wq, &waiter->wait); 812 spin_unlock(&ev->lock); 813 814 return 0; 815} 816 817/* test_event_condition - Test condition of events being waited for 818 * @all: Return completion only if all events have signaled 819 * @num_events: Number of events to wait for 820 * @event_waiters: Array of event waiters, one per event 821 * 822 * Returns KFD_IOC_WAIT_RESULT_COMPLETE if all (or one) event(s) have 823 * signaled. Returns KFD_IOC_WAIT_RESULT_TIMEOUT if no (or not all) 824 * events have signaled. Returns KFD_IOC_WAIT_RESULT_FAIL if any of 825 * the events have been destroyed. 826 */ 827static uint32_t test_event_condition(bool all, uint32_t num_events, 828 struct kfd_event_waiter *event_waiters) 829{ 830 uint32_t i; 831 uint32_t activated_count = 0; 832 833 for (i = 0; i < num_events; i++) { 834 if (!READ_ONCE(event_waiters[i].event)) 835 return KFD_IOC_WAIT_RESULT_FAIL; 836 837 if (READ_ONCE(event_waiters[i].activated)) { 838 if (!all) 839 return KFD_IOC_WAIT_RESULT_COMPLETE; 840 841 activated_count++; 842 } 843 } 844 845 return activated_count == num_events ? 846 KFD_IOC_WAIT_RESULT_COMPLETE : KFD_IOC_WAIT_RESULT_TIMEOUT; 847} 848 849/* 850 * Copy event specific data, if defined. 851 * Currently only memory exception events have additional data to copy to user 852 */ 853static int copy_signaled_event_data(uint32_t num_events, 854 struct kfd_event_waiter *event_waiters, 855 struct kfd_event_data __user *data) 856{ 857 struct kfd_hsa_memory_exception_data *src; 858 struct kfd_hsa_memory_exception_data __user *dst; 859 struct kfd_event_waiter *waiter; 860 struct kfd_event *event; 861 uint32_t i; 862 863 for (i = 0; i < num_events; i++) { 864 waiter = &event_waiters[i]; 865 event = waiter->event; 866 if (!event) 867 return -EINVAL; /* event was destroyed */ 868 if (waiter->activated && event->type == KFD_EVENT_TYPE_MEMORY) { 869 dst = &data[i].memory_exception_data; 870 src = &event->memory_exception_data; 871 if (copy_to_user(dst, src, 872 sizeof(struct kfd_hsa_memory_exception_data))) 873 return -EFAULT; 874 } 875 } 876 877 return 0; 878} 879 880static long user_timeout_to_jiffies(uint32_t user_timeout_ms) 881{ 882 if (user_timeout_ms == KFD_EVENT_TIMEOUT_IMMEDIATE) 883 return 0; 884 885 if (user_timeout_ms == KFD_EVENT_TIMEOUT_INFINITE) 886 return MAX_SCHEDULE_TIMEOUT; 887 888 /* 889 * msecs_to_jiffies interprets all values above 2^31-1 as infinite, 890 * but we consider them finite. 891 * This hack is wrong, but nobody is likely to notice. 892 */ 893 user_timeout_ms = min_t(uint32_t, user_timeout_ms, 0x7FFFFFFF); 894 895 return msecs_to_jiffies(user_timeout_ms) + 1; 896} 897 898static void free_waiters(uint32_t num_events, struct kfd_event_waiter *waiters) 899{ 900 uint32_t i; 901 902 for (i = 0; i < num_events; i++) 903 if (waiters[i].event) { 904 spin_lock(&waiters[i].event->lock); 905 remove_wait_queue(&waiters[i].event->wq, 906 &waiters[i].wait); 907 spin_unlock(&waiters[i].event->lock); 908 } 909 910 kfree(waiters); 911} 912 913int kfd_wait_on_events(struct kfd_process *p, 914 uint32_t num_events, void __user *data, 915 bool all, uint32_t user_timeout_ms, 916 uint32_t *wait_result) 917{ 918 struct kfd_event_data __user *events = 919 (struct kfd_event_data __user *) data; 920 uint32_t i; 921 int ret = 0; 922 923 struct kfd_event_waiter *event_waiters = NULL; 924 long timeout = user_timeout_to_jiffies(user_timeout_ms); 925 926 event_waiters = alloc_event_waiters(num_events); 927 if (!event_waiters) { 928 ret = -ENOMEM; 929 goto out; 930 } 931 932 /* Use p->event_mutex here to protect against concurrent creation and 933 * destruction of events while we initialize event_waiters. 934 */ 935 mutex_lock(&p->event_mutex); 936 937 for (i = 0; i < num_events; i++) { 938 struct kfd_event_data event_data; 939 940 if (copy_from_user(&event_data, &events[i], 941 sizeof(struct kfd_event_data))) { 942 ret = -EFAULT; 943 goto out_unlock; 944 } 945 946 ret = init_event_waiter(p, &event_waiters[i], 947 event_data.event_id); 948 if (ret) 949 goto out_unlock; 950 } 951 952 /* Check condition once. */ 953 *wait_result = test_event_condition(all, num_events, event_waiters); 954 if (*wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) { 955 ret = copy_signaled_event_data(num_events, 956 event_waiters, events); 957 goto out_unlock; 958 } else if (WARN_ON(*wait_result == KFD_IOC_WAIT_RESULT_FAIL)) { 959 /* This should not happen. Events shouldn't be 960 * destroyed while we're holding the event_mutex 961 */ 962 goto out_unlock; 963 } 964 965 mutex_unlock(&p->event_mutex); 966 967 while (true) { 968 if (fatal_signal_pending(current)) { 969 ret = -EINTR; 970 break; 971 } 972 973 if (signal_pending(current)) { 974 /* 975 * This is wrong when a nonzero, non-infinite timeout 976 * is specified. We need to use 977 * ERESTARTSYS_RESTARTBLOCK, but struct restart_block 978 * contains a union with data for each user and it's 979 * in generic kernel code that I don't want to 980 * touch yet. 981 */ 982 ret = -ERESTARTSYS; 983 break; 984 } 985 986 /* Set task state to interruptible sleep before 987 * checking wake-up conditions. A concurrent wake-up 988 * will put the task back into runnable state. In that 989 * case schedule_timeout will not put the task to 990 * sleep and we'll get a chance to re-check the 991 * updated conditions almost immediately. Otherwise, 992 * this race condition would lead to a soft hang or a 993 * very long sleep. 994 */ 995 set_current_state(TASK_INTERRUPTIBLE); 996 997 *wait_result = test_event_condition(all, num_events, 998 event_waiters); 999 if (*wait_result != KFD_IOC_WAIT_RESULT_TIMEOUT) 1000 break; 1001 1002 if (timeout <= 0) 1003 break; 1004 1005 timeout = schedule_timeout(timeout); 1006 } 1007 __set_current_state(TASK_RUNNING); 1008 1009 mutex_lock(&p->event_mutex); 1010 /* copy_signaled_event_data may sleep. So this has to happen 1011 * after the task state is set back to RUNNING. 1012 * 1013 * The event may also have been destroyed after signaling. So 1014 * copy_signaled_event_data also must confirm that the event 1015 * still exists. Therefore this must be under the p->event_mutex 1016 * which is also held when events are destroyed. 1017 */ 1018 if (!ret && *wait_result == KFD_IOC_WAIT_RESULT_COMPLETE) 1019 ret = copy_signaled_event_data(num_events, 1020 event_waiters, events); 1021 1022out_unlock: 1023 free_waiters(num_events, event_waiters); 1024 mutex_unlock(&p->event_mutex); 1025out: 1026 if (ret) 1027 *wait_result = KFD_IOC_WAIT_RESULT_FAIL; 1028 else if (*wait_result == KFD_IOC_WAIT_RESULT_FAIL) 1029 ret = -EIO; 1030 1031 return ret; 1032} 1033 1034int kfd_event_mmap(struct kfd_process *p, struct vm_area_struct *vma) 1035{ 1036 unsigned long pfn; 1037 struct kfd_signal_page *page; 1038 int ret; 1039 1040 /* check required size doesn't exceed the allocated size */ 1041 if (get_order(KFD_SIGNAL_EVENT_LIMIT * 8) < 1042 get_order(vma->vm_end - vma->vm_start)) { 1043 pr_err("Event page mmap requested illegal size\n"); 1044 return -EINVAL; 1045 } 1046 1047 page = p->signal_page; 1048 if (!page) { 1049 /* Probably KFD bug, but mmap is user-accessible. */ 1050 pr_debug("Signal page could not be found\n"); 1051 return -EINVAL; 1052 } 1053 1054 pfn = __pa(page->kernel_address); 1055 pfn >>= PAGE_SHIFT; 1056 1057 vma->vm_flags |= VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE 1058 | VM_DONTDUMP | VM_PFNMAP; 1059 1060 pr_debug("Mapping signal page\n"); 1061 pr_debug(" start user address == 0x%08lx\n", vma->vm_start); 1062 pr_debug(" end user address == 0x%08lx\n", vma->vm_end); 1063 pr_debug(" pfn == 0x%016lX\n", pfn); 1064 pr_debug(" vm_flags == 0x%08lX\n", vma->vm_flags); 1065 pr_debug(" size == 0x%08lX\n", 1066 vma->vm_end - vma->vm_start); 1067 1068 page->user_address = (uint64_t __user *)vma->vm_start; 1069 1070 /* mapping the page to user process */ 1071 ret = remap_pfn_range(vma, vma->vm_start, pfn, 1072 vma->vm_end - vma->vm_start, vma->vm_page_prot); 1073 if (!ret) 1074 p->signal_mapped_size = vma->vm_end - vma->vm_start; 1075 1076 return ret; 1077} 1078 1079/* 1080 * Assumes that p is not going away. 1081 */ 1082static void lookup_events_by_type_and_signal(struct kfd_process *p, 1083 int type, void *event_data) 1084{ 1085 struct kfd_hsa_memory_exception_data *ev_data; 1086 struct kfd_event *ev; 1087 uint32_t id; 1088 bool send_signal = true; 1089 1090 ev_data = (struct kfd_hsa_memory_exception_data *) event_data; 1091 1092 rcu_read_lock(); 1093 1094 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1095 idr_for_each_entry_continue(&p->event_idr, ev, id) 1096 if (ev->type == type) { 1097 send_signal = false; 1098 dev_dbg(kfd_device, 1099 "Event found: id %X type %d", 1100 ev->event_id, ev->type); 1101 spin_lock(&ev->lock); 1102 set_event(ev); 1103 if (ev->type == KFD_EVENT_TYPE_MEMORY && ev_data) 1104 ev->memory_exception_data = *ev_data; 1105 spin_unlock(&ev->lock); 1106 } 1107 1108 if (type == KFD_EVENT_TYPE_MEMORY) { 1109 dev_warn(kfd_device, 1110 "Sending SIGSEGV to process %d (pasid 0x%x)", 1111 p->lead_thread->pid, p->pasid); 1112 send_sig(SIGSEGV, p->lead_thread, 0); 1113 } 1114 1115 /* Send SIGTERM no event of type "type" has been found*/ 1116 if (send_signal) { 1117 if (send_sigterm) { 1118 dev_warn(kfd_device, 1119 "Sending SIGTERM to process %d (pasid 0x%x)", 1120 p->lead_thread->pid, p->pasid); 1121 send_sig(SIGTERM, p->lead_thread, 0); 1122 } else { 1123 dev_err(kfd_device, 1124 "Process %d (pasid 0x%x) got unhandled exception", 1125 p->lead_thread->pid, p->pasid); 1126 } 1127 } 1128 1129 rcu_read_unlock(); 1130} 1131 1132#ifdef KFD_SUPPORT_IOMMU_V2 1133void kfd_signal_iommu_event(struct kfd_dev *dev, u32 pasid, 1134 unsigned long address, bool is_write_requested, 1135 bool is_execute_requested) 1136{ 1137 struct kfd_hsa_memory_exception_data memory_exception_data; 1138 struct vm_area_struct *vma; 1139 int user_gpu_id; 1140 1141 /* 1142 * Because we are called from arbitrary context (workqueue) as opposed 1143 * to process context, kfd_process could attempt to exit while we are 1144 * running so the lookup function increments the process ref count. 1145 */ 1146 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1147 struct mm_struct *mm; 1148 1149 if (!p) 1150 return; /* Presumably process exited. */ 1151 1152 /* Take a safe reference to the mm_struct, which may otherwise 1153 * disappear even while the kfd_process is still referenced. 1154 */ 1155 mm = get_task_mm(p->lead_thread); 1156 if (!mm) { 1157 kfd_unref_process(p); 1158 return; /* Process is exiting */ 1159 } 1160 1161 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1162 if (unlikely(user_gpu_id == -EINVAL)) { 1163 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1164 return; 1165 } 1166 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1167 1168 mmap_read_lock(mm); 1169 vma = find_vma(mm, address); 1170 1171 memory_exception_data.gpu_id = user_gpu_id; 1172 memory_exception_data.va = address; 1173 /* Set failure reason */ 1174 memory_exception_data.failure.NotPresent = 1; 1175 memory_exception_data.failure.NoExecute = 0; 1176 memory_exception_data.failure.ReadOnly = 0; 1177 if (vma && address >= vma->vm_start) { 1178 memory_exception_data.failure.NotPresent = 0; 1179 1180 if (is_write_requested && !(vma->vm_flags & VM_WRITE)) 1181 memory_exception_data.failure.ReadOnly = 1; 1182 else 1183 memory_exception_data.failure.ReadOnly = 0; 1184 1185 if (is_execute_requested && !(vma->vm_flags & VM_EXEC)) 1186 memory_exception_data.failure.NoExecute = 1; 1187 else 1188 memory_exception_data.failure.NoExecute = 0; 1189 } 1190 1191 mmap_read_unlock(mm); 1192 mmput(mm); 1193 1194 pr_debug("notpresent %d, noexecute %d, readonly %d\n", 1195 memory_exception_data.failure.NotPresent, 1196 memory_exception_data.failure.NoExecute, 1197 memory_exception_data.failure.ReadOnly); 1198 1199 /* Workaround on Raven to not kill the process when memory is freed 1200 * before IOMMU is able to finish processing all the excessive PPRs 1201 */ 1202 1203 if (KFD_GC_VERSION(dev) != IP_VERSION(9, 1, 0) && 1204 KFD_GC_VERSION(dev) != IP_VERSION(9, 2, 2) && 1205 KFD_GC_VERSION(dev) != IP_VERSION(9, 3, 0)) 1206 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_MEMORY, 1207 &memory_exception_data); 1208 1209 kfd_unref_process(p); 1210} 1211#endif /* KFD_SUPPORT_IOMMU_V2 */ 1212 1213void kfd_signal_hw_exception_event(u32 pasid) 1214{ 1215 /* 1216 * Because we are called from arbitrary context (workqueue) as opposed 1217 * to process context, kfd_process could attempt to exit while we are 1218 * running so the lookup function increments the process ref count. 1219 */ 1220 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1221 1222 if (!p) 1223 return; /* Presumably process exited. */ 1224 1225 lookup_events_by_type_and_signal(p, KFD_EVENT_TYPE_HW_EXCEPTION, NULL); 1226 kfd_unref_process(p); 1227} 1228 1229void kfd_signal_vm_fault_event(struct kfd_dev *dev, u32 pasid, 1230 struct kfd_vm_fault_info *info) 1231{ 1232 struct kfd_event *ev; 1233 uint32_t id; 1234 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1235 struct kfd_hsa_memory_exception_data memory_exception_data; 1236 int user_gpu_id; 1237 1238 if (!p) 1239 return; /* Presumably process exited. */ 1240 1241 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1242 if (unlikely(user_gpu_id == -EINVAL)) { 1243 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1244 return; 1245 } 1246 1247 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1248 memory_exception_data.gpu_id = user_gpu_id; 1249 memory_exception_data.failure.imprecise = true; 1250 /* Set failure reason */ 1251 if (info) { 1252 memory_exception_data.va = (info->page_addr) << PAGE_SHIFT; 1253 memory_exception_data.failure.NotPresent = 1254 info->prot_valid ? 1 : 0; 1255 memory_exception_data.failure.NoExecute = 1256 info->prot_exec ? 1 : 0; 1257 memory_exception_data.failure.ReadOnly = 1258 info->prot_write ? 1 : 0; 1259 memory_exception_data.failure.imprecise = 0; 1260 } 1261 1262 rcu_read_lock(); 1263 1264 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1265 idr_for_each_entry_continue(&p->event_idr, ev, id) 1266 if (ev->type == KFD_EVENT_TYPE_MEMORY) { 1267 spin_lock(&ev->lock); 1268 ev->memory_exception_data = memory_exception_data; 1269 set_event(ev); 1270 spin_unlock(&ev->lock); 1271 } 1272 1273 rcu_read_unlock(); 1274 kfd_unref_process(p); 1275} 1276 1277void kfd_signal_reset_event(struct kfd_dev *dev) 1278{ 1279 struct kfd_hsa_hw_exception_data hw_exception_data; 1280 struct kfd_hsa_memory_exception_data memory_exception_data; 1281 struct kfd_process *p; 1282 struct kfd_event *ev; 1283 unsigned int temp; 1284 uint32_t id, idx; 1285 int reset_cause = atomic_read(&dev->sram_ecc_flag) ? 1286 KFD_HW_EXCEPTION_ECC : 1287 KFD_HW_EXCEPTION_GPU_HANG; 1288 1289 /* Whole gpu reset caused by GPU hang and memory is lost */ 1290 memset(&hw_exception_data, 0, sizeof(hw_exception_data)); 1291 hw_exception_data.memory_lost = 1; 1292 hw_exception_data.reset_cause = reset_cause; 1293 1294 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1295 memory_exception_data.ErrorType = KFD_MEM_ERR_SRAM_ECC; 1296 memory_exception_data.failure.imprecise = true; 1297 1298 idx = srcu_read_lock(&kfd_processes_srcu); 1299 hash_for_each_rcu(kfd_processes_table, temp, p, kfd_processes) { 1300 int user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1301 1302 if (unlikely(user_gpu_id == -EINVAL)) { 1303 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1304 continue; 1305 } 1306 1307 rcu_read_lock(); 1308 1309 id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1310 idr_for_each_entry_continue(&p->event_idr, ev, id) { 1311 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) { 1312 spin_lock(&ev->lock); 1313 ev->hw_exception_data = hw_exception_data; 1314 ev->hw_exception_data.gpu_id = user_gpu_id; 1315 set_event(ev); 1316 spin_unlock(&ev->lock); 1317 } 1318 if (ev->type == KFD_EVENT_TYPE_MEMORY && 1319 reset_cause == KFD_HW_EXCEPTION_ECC) { 1320 spin_lock(&ev->lock); 1321 ev->memory_exception_data = memory_exception_data; 1322 ev->memory_exception_data.gpu_id = user_gpu_id; 1323 set_event(ev); 1324 spin_unlock(&ev->lock); 1325 } 1326 } 1327 1328 rcu_read_unlock(); 1329 } 1330 srcu_read_unlock(&kfd_processes_srcu, idx); 1331} 1332 1333void kfd_signal_poison_consumed_event(struct kfd_dev *dev, u32 pasid) 1334{ 1335 struct kfd_process *p = kfd_lookup_process_by_pasid(pasid); 1336 struct kfd_hsa_memory_exception_data memory_exception_data; 1337 struct kfd_hsa_hw_exception_data hw_exception_data; 1338 struct kfd_event *ev; 1339 uint32_t id = KFD_FIRST_NONSIGNAL_EVENT_ID; 1340 int user_gpu_id; 1341 1342 if (!p) 1343 return; /* Presumably process exited. */ 1344 1345 user_gpu_id = kfd_process_get_user_gpu_id(p, dev->id); 1346 if (unlikely(user_gpu_id == -EINVAL)) { 1347 WARN_ONCE(1, "Could not get user_gpu_id from dev->id:%x\n", dev->id); 1348 return; 1349 } 1350 1351 memset(&hw_exception_data, 0, sizeof(hw_exception_data)); 1352 hw_exception_data.gpu_id = user_gpu_id; 1353 hw_exception_data.memory_lost = 1; 1354 hw_exception_data.reset_cause = KFD_HW_EXCEPTION_ECC; 1355 1356 memset(&memory_exception_data, 0, sizeof(memory_exception_data)); 1357 memory_exception_data.ErrorType = KFD_MEM_ERR_POISON_CONSUMED; 1358 memory_exception_data.gpu_id = user_gpu_id; 1359 memory_exception_data.failure.imprecise = true; 1360 1361 rcu_read_lock(); 1362 1363 idr_for_each_entry_continue(&p->event_idr, ev, id) { 1364 if (ev->type == KFD_EVENT_TYPE_HW_EXCEPTION) { 1365 spin_lock(&ev->lock); 1366 ev->hw_exception_data = hw_exception_data; 1367 set_event(ev); 1368 spin_unlock(&ev->lock); 1369 } 1370 1371 if (ev->type == KFD_EVENT_TYPE_MEMORY) { 1372 spin_lock(&ev->lock); 1373 ev->memory_exception_data = memory_exception_data; 1374 set_event(ev); 1375 spin_unlock(&ev->lock); 1376 } 1377 } 1378 1379 rcu_read_unlock(); 1380 1381 /* user application will handle SIGBUS signal */ 1382 send_sig(SIGBUS, p->lead_thread, 0); 1383 1384 kfd_unref_process(p); 1385}