Google Git
Sign in
android-kvm / linux / 98d2722a85c4ad5f2baf2272cbb0fab67f797b69 / . / drivers / gpu / drm / i915 / gt / uc / intel_huc.c
blob: 4c8592a281f2015fa1289218e7b9a8e971de3819 [file] [log] [blame]
// SPDX-License-Identifier: MIT
/*
* Copyright © 2016-2019 Intel Corporation
*/
#include <linux/types.h>
#include "gt/intel_gt.h"
#include "intel_guc_reg.h"
#include "intel_huc.h"
#include "intel_huc_print.h"
#include "i915_drv.h"
#include "i915_reg.h"
#include <linux/device/bus.h>
#include <linux/mei_aux.h>
/**
* DOC: HuC
*
* The HuC is a dedicated microcontroller for usage in media HEVC (High
* Efficiency Video Coding) operations. Userspace can directly use the firmware
* capabilities by adding HuC specific commands to batch buffers.
*
* The kernel driver is only responsible for loading the HuC firmware and
* triggering its security authentication. This is done differently depending
* on the platform:
* - older platforms (from Gen9 to most Gen12s): the load is performed via DMA
* and the authentication via GuC
* - DG2: load and authentication are both performed via GSC.
* - MTL and newer platforms: the load is performed via DMA (same as with
* not-DG2 older platforms), while the authentication is done in 2-steps,
* a first auth for clear-media workloads via GuC and a second one for all
* workloads via GSC.
* On platforms where the GuC does the authentication, to correctly do so the
* HuC binary must be loaded before the GuC one.
* Loading the HuC is optional; however, not using the HuC might negatively
* impact power usage and/or performance of media workloads, depending on the
* use-cases.
* HuC must be reloaded on events that cause the WOPCM to lose its contents
* (S3/S4, FLR); on older platforms the HuC must also be reloaded on GuC/GT
* reset, while on newer ones it will survive that.
*
* See https://github.com/intel/media-driver for the latest details on HuC
* functionality.
*/
/**
* DOC: HuC Memory Management
*
* Similarly to the GuC, the HuC can't do any memory allocations on its own,
* with the difference being that the allocations for HuC usage are handled by
* the userspace driver instead of the kernel one. The HuC accesses the memory
* via the PPGTT belonging to the context loaded on the VCS executing the
* HuC-specific commands.
*/
/*
* MEI-GSC load is an async process. The probing of the exposed aux device
* (see intel_gsc.c) usually happens a few seconds after i915 probe, depending
* on when the kernel schedules it. Unless something goes terribly wrong, we're
* guaranteed for this to happen during boot, so the big timeout is a safety net
* that we never expect to need.
* MEI-PXP + HuC load usually takes ~300ms, but if the GSC needs to be resumed
* and/or reset, this can take longer. Note that the kernel might schedule
* other work between the i915 init/resume and the MEI one, which can add to
* the delay.
*/
#define GSC_INIT_TIMEOUT_MS 10000
#define PXP_INIT_TIMEOUT_MS 5000
static int sw_fence_dummy_notify(struct i915_sw_fence *sf,
enum i915_sw_fence_notify state)
{
return NOTIFY_DONE;
}
static void __delayed_huc_load_complete(struct intel_huc *huc)
{
if (!i915_sw_fence_done(&huc->delayed_load.fence))
i915_sw_fence_complete(&huc->delayed_load.fence);
}
static void delayed_huc_load_complete(struct intel_huc *huc)
{
hrtimer_cancel(&huc->delayed_load.timer);
__delayed_huc_load_complete(huc);
}
static void __gsc_init_error(struct intel_huc *huc)
{
huc->delayed_load.status = INTEL_HUC_DELAYED_LOAD_ERROR;
__delayed_huc_load_complete(huc);
}
static void gsc_init_error(struct intel_huc *huc)
{
hrtimer_cancel(&huc->delayed_load.timer);
__gsc_init_error(huc);
}
static void gsc_init_done(struct intel_huc *huc)
{
hrtimer_cancel(&huc->delayed_load.timer);
/* MEI-GSC init is done, now we wait for MEI-PXP to bind */
huc->delayed_load.status = INTEL_HUC_WAITING_ON_PXP;
if (!i915_sw_fence_done(&huc->delayed_load.fence))
hrtimer_start(&huc->delayed_load.timer,
ms_to_ktime(PXP_INIT_TIMEOUT_MS),
HRTIMER_MODE_REL);
}
static enum hrtimer_restart huc_delayed_load_timer_callback(struct hrtimer *hrtimer)
{
struct intel_huc *huc = container_of(hrtimer, struct intel_huc, delayed_load.timer);
if (!intel_huc_is_authenticated(huc, INTEL_HUC_AUTH_BY_GSC)) {
if (huc->delayed_load.status == INTEL_HUC_WAITING_ON_GSC)
huc_notice(huc, "timed out waiting for MEI GSC\n");
else if (huc->delayed_load.status == INTEL_HUC_WAITING_ON_PXP)
huc_notice(huc, "timed out waiting for MEI PXP\n");
else
MISSING_CASE(huc->delayed_load.status);
__gsc_init_error(huc);
}
return HRTIMER_NORESTART;
}
static void huc_delayed_load_start(struct intel_huc *huc)
{
ktime_t delay;
GEM_BUG_ON(intel_huc_is_authenticated(huc, INTEL_HUC_AUTH_BY_GSC));
/*
* On resume we don't have to wait for MEI-GSC to be re-probed, but we
* do need to wait for MEI-PXP to reset & re-bind
*/
switch (huc->delayed_load.status) {
case INTEL_HUC_WAITING_ON_GSC:
delay = ms_to_ktime(GSC_INIT_TIMEOUT_MS);
break;
case INTEL_HUC_WAITING_ON_PXP:
delay = ms_to_ktime(PXP_INIT_TIMEOUT_MS);
break;
default:
gsc_init_error(huc);
return;
}
/*
* This fence is always complete unless we're waiting for the
* GSC device to come up to load the HuC. We arm the fence here
* and complete it when we confirm that the HuC is loaded from
* the PXP bind callback.
*/
GEM_BUG_ON(!i915_sw_fence_done(&huc->delayed_load.fence));
i915_sw_fence_fini(&huc->delayed_load.fence);
i915_sw_fence_reinit(&huc->delayed_load.fence);
i915_sw_fence_await(&huc->delayed_load.fence);
i915_sw_fence_commit(&huc->delayed_load.fence);
hrtimer_start(&huc->delayed_load.timer, delay, HRTIMER_MODE_REL);
}
static int gsc_notifier(struct notifier_block *nb, unsigned long action, void *data)
{
struct device *dev = data;
struct intel_huc *huc = container_of(nb, struct intel_huc, delayed_load.nb);
struct intel_gsc_intf *intf = &huc_to_gt(huc)->gsc.intf[0];
if (!intf->adev || &intf->adev->aux_dev.dev != dev)
return 0;
switch (action) {
case BUS_NOTIFY_BOUND_DRIVER: /* mei driver bound to aux device */
gsc_init_done(huc);
break;
case BUS_NOTIFY_DRIVER_NOT_BOUND: /* mei driver fails to be bound */
case BUS_NOTIFY_UNBIND_DRIVER: /* mei driver about to be unbound */
huc_info(huc, "MEI driver not bound, disabling load\n");
gsc_init_error(huc);
break;
}
return 0;
}
void intel_huc_register_gsc_notifier(struct intel_huc *huc, const struct bus_type *bus)
{
int ret;
if (!intel_huc_is_loaded_by_gsc(huc))
return;
huc->delayed_load.nb.notifier_call = gsc_notifier;
ret = bus_register_notifier(bus, &huc->delayed_load.nb);
if (ret) {
huc_err(huc, "failed to register GSC notifier %pe\n", ERR_PTR(ret));
huc->delayed_load.nb.notifier_call = NULL;
gsc_init_error(huc);
}
}
void intel_huc_unregister_gsc_notifier(struct intel_huc *huc, const struct bus_type *bus)
{
if (!huc->delayed_load.nb.notifier_call)
return;
delayed_huc_load_complete(huc);
bus_unregister_notifier(bus, &huc->delayed_load.nb);
huc->delayed_load.nb.notifier_call = NULL;
}
static void delayed_huc_load_init(struct intel_huc *huc)
{
/*
* Initialize fence to be complete as this is expected to be complete
* unless there is a delayed HuC load in progress.
*/
i915_sw_fence_init(&huc->delayed_load.fence,
sw_fence_dummy_notify);
i915_sw_fence_commit(&huc->delayed_load.fence);
hrtimer_init(&huc->delayed_load.timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
huc->delayed_load.timer.function = huc_delayed_load_timer_callback;
}
static void delayed_huc_load_fini(struct intel_huc *huc)
{
/*
* the fence is initialized in init_early, so we need to clean it up
* even if HuC loading is off.
*/
delayed_huc_load_complete(huc);
i915_sw_fence_fini(&huc->delayed_load.fence);
}
int intel_huc_sanitize(struct intel_huc *huc)
{
delayed_huc_load_complete(huc);
intel_uc_fw_sanitize(&huc->fw);
return 0;
}
static bool vcs_supported(struct intel_gt *gt)
{
intel_engine_mask_t mask = gt->info.engine_mask;
/*
* We reach here from i915_driver_early_probe for the primary GT before
* its engine mask is set, so we use the device info engine mask for it;
* this means we're not taking VCS fusing into account, but if the
* primary GT supports VCS engines we expect at least one of them to
* remain unfused so we're fine.
* For other GTs we expect the GT-specific mask to be set before we
* call this function.
*/
GEM_BUG_ON(!gt_is_root(gt) && !gt->info.engine_mask);
if (gt_is_root(gt))
mask = RUNTIME_INFO(gt->i915)->platform_engine_mask;
else
mask = gt->info.engine_mask;
return __ENGINE_INSTANCES_MASK(mask, VCS0, I915_MAX_VCS);
}
void intel_huc_init_early(struct intel_huc *huc)
{
struct drm_i915_private *i915 = huc_to_gt(huc)->i915;
struct intel_gt *gt = huc_to_gt(huc);
intel_uc_fw_init_early(&huc->fw, INTEL_UC_FW_TYPE_HUC, true);
/*
* we always init the fence as already completed, even if HuC is not
* supported. This way we don't have to distinguish between HuC not
* supported/disabled or already loaded, and can focus on if the load
* is currently in progress (fence not complete) or not, which is what
* we care about for stalling userspace submissions.
*/
delayed_huc_load_init(huc);
if (!vcs_supported(gt)) {
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_NOT_SUPPORTED);
return;
}
if (GRAPHICS_VER(i915) >= 11) {
huc->status[INTEL_HUC_AUTH_BY_GUC].reg = GEN11_HUC_KERNEL_LOAD_INFO;
huc->status[INTEL_HUC_AUTH_BY_GUC].mask = HUC_LOAD_SUCCESSFUL;
huc->status[INTEL_HUC_AUTH_BY_GUC].value = HUC_LOAD_SUCCESSFUL;
} else {
huc->status[INTEL_HUC_AUTH_BY_GUC].reg = HUC_STATUS2;
huc->status[INTEL_HUC_AUTH_BY_GUC].mask = HUC_FW_VERIFIED;
huc->status[INTEL_HUC_AUTH_BY_GUC].value = HUC_FW_VERIFIED;
}
if (IS_DG2(i915)) {
huc->status[INTEL_HUC_AUTH_BY_GSC].reg = GEN11_HUC_KERNEL_LOAD_INFO;
huc->status[INTEL_HUC_AUTH_BY_GSC].mask = HUC_LOAD_SUCCESSFUL;
huc->status[INTEL_HUC_AUTH_BY_GSC].value = HUC_LOAD_SUCCESSFUL;
} else {
huc->status[INTEL_HUC_AUTH_BY_GSC].reg = HECI_FWSTS5(MTL_GSC_HECI1_BASE);
huc->status[INTEL_HUC_AUTH_BY_GSC].mask = HECI_FWSTS5_HUC_AUTH_DONE;
huc->status[INTEL_HUC_AUTH_BY_GSC].value = HECI_FWSTS5_HUC_AUTH_DONE;
}
}
#define HUC_LOAD_MODE_STRING(x) (x ? "GSC" : "legacy")
static int check_huc_loading_mode(struct intel_huc *huc)
{
struct intel_gt *gt = huc_to_gt(huc);
bool gsc_enabled = huc->fw.has_gsc_headers;
/*
* The fuse for HuC load via GSC is only valid on platforms that have
* GuC deprivilege.
*/
if (HAS_GUC_DEPRIVILEGE(gt->i915))
huc->loaded_via_gsc = intel_uncore_read(gt->uncore, GUC_SHIM_CONTROL2) &
GSC_LOADS_HUC;
if (huc->loaded_via_gsc && !gsc_enabled) {
huc_err(huc, "HW requires a GSC-enabled blob, but we found a legacy one\n");
return -ENOEXEC;
}
/*
* On newer platforms we have GSC-enabled binaries but we load the HuC
* via DMA. To do so we need to find the location of the legacy-style
* binary inside the GSC-enabled one, which we do at fetch time. Make
* sure that we were able to do so if the fuse says we need to load via
* DMA and the binary is GSC-enabled.
*/
if (!huc->loaded_via_gsc && gsc_enabled && !huc->fw.dma_start_offset) {
huc_err(huc, "HW in DMA mode, but we have an incompatible GSC-enabled blob\n");
return -ENOEXEC;
}
/*
* If the HuC is loaded via GSC, we need to be able to access the GSC.
* On DG2 this is done via the mei components, while on newer platforms
* it is done via the GSCCS,
*/
if (huc->loaded_via_gsc) {
if (IS_DG2(gt->i915)) {
if (!IS_ENABLED(CONFIG_INTEL_MEI_PXP) ||
!IS_ENABLED(CONFIG_INTEL_MEI_GSC)) {
huc_info(huc, "can't load due to missing mei modules\n");
return -EIO;
}
} else {
if (!HAS_ENGINE(gt, GSC0)) {
huc_info(huc, "can't load due to missing GSCCS\n");
return -EIO;
}
}
}
huc_dbg(huc, "loaded by GSC = %s\n", str_yes_no(huc->loaded_via_gsc));
return 0;
}
int intel_huc_init(struct intel_huc *huc)
{
int err;
err = check_huc_loading_mode(huc);
if (err)
goto out;
err = intel_uc_fw_init(&huc->fw);
if (err)
goto out;
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_LOADABLE);
return 0;
out:
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_INIT_FAIL);
huc_info(huc, "initialization failed %pe\n", ERR_PTR(err));
return err;
}
void intel_huc_fini(struct intel_huc *huc)
{
/*
* the fence is initialized in init_early, so we need to clean it up
* even if HuC loading is off.
*/
delayed_huc_load_fini(huc);
if (intel_uc_fw_is_loadable(&huc->fw))
intel_uc_fw_fini(&huc->fw);
}
void intel_huc_suspend(struct intel_huc *huc)
{
if (!intel_uc_fw_is_loadable(&huc->fw))
return;
/*
* in the unlikely case that we're suspending before the GSC has
* completed its loading sequence, just stop waiting. We'll restart
* on resume.
*/
delayed_huc_load_complete(huc);
}
static const char *auth_mode_string(struct intel_huc *huc,
enum intel_huc_authentication_type type)
{
bool partial = huc->fw.has_gsc_headers && type == INTEL_HUC_AUTH_BY_GUC;
return partial ? "clear media" : "all workloads";
}
int intel_huc_wait_for_auth_complete(struct intel_huc *huc,
enum intel_huc_authentication_type type)
{
struct intel_gt *gt = huc_to_gt(huc);
int ret;
ret = __intel_wait_for_register(gt->uncore,
huc->status[type].reg,
huc->status[type].mask,
huc->status[type].value,
2, 50, NULL);
/* mark the load process as complete even if the wait failed */
delayed_huc_load_complete(huc);
if (ret) {
huc_err(huc, "firmware not verified for %s: %pe\n",
auth_mode_string(huc, type), ERR_PTR(ret));
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_LOAD_FAIL);
return ret;
}
intel_uc_fw_change_status(&huc->fw, INTEL_UC_FIRMWARE_RUNNING);
huc_info(huc, "authenticated for %s\n", auth_mode_string(huc, type));
return 0;
}
/**
* intel_huc_auth() - Authenticate HuC uCode
* @huc: intel_huc structure
*
* Called after HuC and GuC firmware loading during intel_uc_init_hw().
*
* This function invokes the GuC action to authenticate the HuC firmware,
* passing the offset of the RSA signature to intel_guc_auth_huc(). It then
* waits for up to 50ms for firmware verification ACK.
*/
int intel_huc_auth(struct intel_huc *huc)
{
struct intel_gt *gt = huc_to_gt(huc);
struct intel_guc *guc = &gt->uc.guc;
int ret;
if (!intel_uc_fw_is_loaded(&huc->fw))
return -ENOEXEC;
/* GSC will do the auth */
if (intel_huc_is_loaded_by_gsc(huc))
return -ENODEV;
ret = i915_inject_probe_error(gt->i915, -ENXIO);
if (ret)
goto fail;
GEM_BUG_ON(intel_uc_fw_is_running(&huc->fw));
ret = intel_guc_auth_huc(guc, intel_guc_ggtt_offset(guc, huc->fw.rsa_data));
if (ret) {
huc_err(huc, "authentication by GuC failed %pe\n", ERR_PTR(ret));
goto fail;
}
/* Check authentication status, it should be done by now */
ret = intel_huc_wait_for_auth_complete(huc, INTEL_HUC_AUTH_BY_GUC);
if (ret)
goto fail;
return 0;
fail:
huc_probe_error(huc, "authentication failed %pe\n", ERR_PTR(ret));
return ret;
}
bool intel_huc_is_authenticated(struct intel_huc *huc,
enum intel_huc_authentication_type type)
{
struct intel_gt *gt = huc_to_gt(huc);
intel_wakeref_t wakeref;
u32 status = 0;
with_intel_runtime_pm(gt->uncore->rpm, wakeref)
status = intel_uncore_read(gt->uncore, huc->status[type].reg);
return (status & huc->status[type].mask) == huc->status[type].value;
}
static bool huc_is_fully_authenticated(struct intel_huc *huc)
{
struct intel_uc_fw *huc_fw = &huc->fw;
if (!huc_fw->has_gsc_headers)
return intel_huc_is_authenticated(huc, INTEL_HUC_AUTH_BY_GUC);
else if (intel_huc_is_loaded_by_gsc(huc) || HAS_ENGINE(huc_to_gt(huc), GSC0))
return intel_huc_is_authenticated(huc, INTEL_HUC_AUTH_BY_GSC);
else
return false;
}
/**
* intel_huc_check_status() - check HuC status
* @huc: intel_huc structure
*
* This function reads status register to verify if HuC
* firmware was successfully loaded.
*
* The return values match what is expected for the I915_PARAM_HUC_STATUS
* getparam.
*/
int intel_huc_check_status(struct intel_huc *huc)
{
struct intel_uc_fw *huc_fw = &huc->fw;
switch (__intel_uc_fw_status(huc_fw)) {
case INTEL_UC_FIRMWARE_NOT_SUPPORTED:
return -ENODEV;
case INTEL_UC_FIRMWARE_DISABLED:
return -EOPNOTSUPP;
case INTEL_UC_FIRMWARE_MISSING:
return -ENOPKG;
case INTEL_UC_FIRMWARE_ERROR:
return -ENOEXEC;
case INTEL_UC_FIRMWARE_INIT_FAIL:
return -ENOMEM;
case INTEL_UC_FIRMWARE_LOAD_FAIL:
return -EIO;
default:
break;
}
/*
* GSC-enabled binaries loaded via DMA are first partially
* authenticated by GuC and then fully authenticated by GSC
*/
if (huc_is_fully_authenticated(huc))
return 1; /* full auth */
else if (huc_fw->has_gsc_headers && !intel_huc_is_loaded_by_gsc(huc) &&
intel_huc_is_authenticated(huc, INTEL_HUC_AUTH_BY_GUC))
return 2; /* clear media only */
else
return 0;
}
static bool huc_has_delayed_load(struct intel_huc *huc)
{
return intel_huc_is_loaded_by_gsc(huc) &&
(huc->delayed_load.status != INTEL_HUC_DELAYED_LOAD_ERROR);
}
void intel_huc_update_auth_status(struct intel_huc *huc)
{
if (!intel_uc_fw_is_loadable(&huc->fw))
return;
if (!huc->fw.has_gsc_headers)
return;
if (huc_is_fully_authenticated(huc))
intel_uc_fw_change_status(&huc->fw,
INTEL_UC_FIRMWARE_RUNNING);
else if (huc_has_delayed_load(huc))
huc_delayed_load_start(huc);
}
/**
* intel_huc_load_status - dump information about HuC load status
* @huc: the HuC
* @p: the &drm_printer
*
* Pretty printer for HuC load status.
*/
void intel_huc_load_status(struct intel_huc *huc, struct drm_printer *p)
{
struct intel_gt *gt = huc_to_gt(huc);
intel_wakeref_t wakeref;
if (!intel_huc_is_supported(huc)) {
drm_printf(p, "HuC not supported\n");
return;
}
if (!intel_huc_is_wanted(huc)) {
drm_printf(p, "HuC disabled\n");
return;
}
intel_uc_fw_dump(&huc->fw, p);
with_intel_runtime_pm(gt->uncore->rpm, wakeref)
drm_printf(p, "HuC status: 0x%08x\n",
intel_uncore_read(gt->uncore, huc->status[INTEL_HUC_AUTH_BY_GUC].reg));
}