From: Chris Wilson <chris@chris-wilson.co.uk>
To: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
Cc: David Airlie <airlied@linux.ie>,
intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org,
Jani Nikula <jani.nikula@linux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>
Subject: Re: [Intel-gfx] [PATCH] drm/i915: Fix context IDs not released on driver hot unbind
Date: Thu, 04 Apr 2019 11:43:46 +0100 [thread overview]
Message-ID: <155437462649.7532.18347010454266779928@skylake-alporthouse-com> (raw)
In-Reply-To: <c1a857b241020a44c070cfc6b57adb6e6aba00be.camel@linux.intel.com>
Quoting Janusz Krzysztofik (2019-04-04 11:40:24)
> On Thu, 2019-04-04 at 11:28 +0100, Chris Wilson wrote:
> > Quoting Janusz Krzysztofik (2019-04-04 11:24:45)
> > > From: Janusz Krzysztofik <janusz.krzysztofik@intel.com>
> > >
> > > In case the driver gets unbound while a device is open, kernel
> > > panic
> > > may be forced if a list of allocated context IDs is not empty.
> > >
> > > When a device is open, the list may happen to be not empty because
> > > a
> > > context ID, once allocated by a context ID allocator to a context
> > > assosiated with that open file descriptor, is released as late as
> > > on device close.
> > >
> > > On the other hand, there is a need to release all allocated context
> > > IDs
> > > and destroy the context ID allocator on driver unbind, even if a
> > > device
> > > is open, in order to free memory resources consumed and prevent
> > > from
> > > memory leaks. The purpose of the forced kernel panic was to
> > > protect
> > > the context ID allocator from being silently destroyed if not all
> > > allocated IDs had been released.
> >
> > Those open fd are still pointing into kernel memory where the driver
> > used to be. The panic is entirely correct, we should not be unloading
> > the module before those dangling pointers have been made safe.
> >
> > This is papering over the symptom. How is the module being unloaded
> > with
> > open fd?
>
> A user can play with the driver unbind or device remove sysfs
> interface.
Sure, but we must still follow all the steps before _unloading_ the
module or else the user is left pointing into reused kernel memory.
-Chris
WARNING: multiple messages have this Message-ID (diff)
From: Chris Wilson <chris@chris-wilson.co.uk>
To: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
Cc: David Airlie <airlied@linux.ie>,
intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org,
Rodrigo Vivi <rodrigo.vivi@intel.com>
Subject: Re: [Intel-gfx] [PATCH] drm/i915: Fix context IDs not released on driver hot unbind
Date: Thu, 04 Apr 2019 11:43:46 +0100 [thread overview]
Message-ID: <155437462649.7532.18347010454266779928@skylake-alporthouse-com> (raw)
In-Reply-To: <c1a857b241020a44c070cfc6b57adb6e6aba00be.camel@linux.intel.com>
Quoting Janusz Krzysztofik (2019-04-04 11:40:24)
> On Thu, 2019-04-04 at 11:28 +0100, Chris Wilson wrote:
> > Quoting Janusz Krzysztofik (2019-04-04 11:24:45)
> > > From: Janusz Krzysztofik <janusz.krzysztofik@intel.com>
> > >
> > > In case the driver gets unbound while a device is open, kernel
> > > panic
> > > may be forced if a list of allocated context IDs is not empty.
> > >
> > > When a device is open, the list may happen to be not empty because
> > > a
> > > context ID, once allocated by a context ID allocator to a context
> > > assosiated with that open file descriptor, is released as late as
> > > on device close.
> > >
> > > On the other hand, there is a need to release all allocated context
> > > IDs
> > > and destroy the context ID allocator on driver unbind, even if a
> > > device
> > > is open, in order to free memory resources consumed and prevent
> > > from
> > > memory leaks. The purpose of the forced kernel panic was to
> > > protect
> > > the context ID allocator from being silently destroyed if not all
> > > allocated IDs had been released.
> >
> > Those open fd are still pointing into kernel memory where the driver
> > used to be. The panic is entirely correct, we should not be unloading
> > the module before those dangling pointers have been made safe.
> >
> > This is papering over the symptom. How is the module being unloaded
> > with
> > open fd?
>
> A user can play with the driver unbind or device remove sysfs
> interface.
Sure, but we must still follow all the steps before _unloading_ the
module or else the user is left pointing into reused kernel memory.
-Chris
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2019-04-04 10:44 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-04 10:24 [PATCH] drm/i915: Fix context IDs not released on driver hot unbind Janusz Krzysztofik
2019-04-04 10:28 ` [Intel-gfx] " Chris Wilson
2019-04-04 10:28 ` Chris Wilson
2019-04-04 10:40 ` [Intel-gfx] " Janusz Krzysztofik
2019-04-04 10:40 ` Janusz Krzysztofik
2019-04-04 10:43 ` Chris Wilson [this message]
2019-04-04 10:43 ` Chris Wilson
2019-04-04 10:50 ` Janusz Krzysztofik
2019-04-04 10:53 ` Chris Wilson
2019-04-04 10:53 ` Chris Wilson
2019-04-04 13:47 ` Jani Nikula
2019-04-04 16:57 ` ✗ Fi.CI.BAT: failure for " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=155437462649.7532.18347010454266779928@skylake-alporthouse-com \
--to=chris@chris-wilson.co.uk \
--cc=airlied@linux.ie \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=janusz.krzysztofik@linux.intel.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rodrigo.vivi@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.