From: Chris Wilson <chris@chris-wilson.co.uk>
To: intel-gfx@lists.freedesktop.org
Cc: tvrtko.ursulin@intel.com,
Lionel Landwerlin <lionel.g.landwerlin@intel.com>,
stable@vger.kernel.org
Subject: Re: [PATCH 1/5] drm/i915/userptr: Beware recursive lock_page()
Date: Wed, 06 Nov 2019 07:22:24 +0000 [thread overview]
Message-ID: <157302494441.18566.9645099809866368384@skylake-alporthouse-com> (raw)
In-Reply-To: <20190716124931.5870-1-chris@chris-wilson.co.uk>
Quoting Chris Wilson (2019-07-16 13:49:27)
> Following a try_to_unmap() we may want to remove the userptr and so call
> put_pages(). However, try_to_unmap() acquires the page lock and so we
> must avoid recursively locking the pages ourselves -- which means that
> we cannot safely acquire the lock around set_page_dirty(). Since we
> can't be sure of the lock, we have to risk skip dirtying the page, or
> else risk calling set_page_dirty() without a lock and so risk fs
> corruption.
>
> Reported-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
> Fixes: cb6d7c7dc7ff ("drm/i915/userptr: Acquire the page lock around set_page_dirty()")
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: stable@vger.kernel.org
> ---
> drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> index b9d2bb15e4a6..1ad2047a6dbd 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> @@ -672,7 +672,7 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj,
> obj->mm.dirty = false;
>
> for_each_sgt_page(page, sgt_iter, pages) {
> - if (obj->mm.dirty)
> + if (obj->mm.dirty && trylock_page(page)) {
> /*
> * As this may not be anonymous memory (e.g. shmem)
> * but exist on a real mapping, we have to lock
> @@ -680,8 +680,20 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj,
> * the page reference is not sufficient to
> * prevent the inode from being truncated.
> * Play safe and take the lock.
> + *
> + * However...!
> + *
> + * The mmu-notifier can be invalidated for a
> + * migrate_page, that is alreadying holding the lock
> + * on the page. Such a try_to_unmap() will result
> + * in us calling put_pages() and so recursively try
> + * to lock the page. We avoid that deadlock with
> + * a trylock_page() and in exchange we risk missing
> + * some page dirtying.
> */
> - set_page_dirty_lock(page);
> + set_page_dirty(page);
> + unlock_page(page);
> + }
It really seems like we have no choice but to only call set_page_dirty()
while under the page lock, and the only way we can guarantee that
without recursion is with a trylock...
https://bugs.freedesktop.org/show_bug.cgi?id=112012
-Chris
WARNING: multiple messages have this Message-ID (diff)
From: Chris Wilson <chris@chris-wilson.co.uk>
To: intel-gfx@lists.freedesktop.org
Cc: stable@vger.kernel.org
Subject: Re: [Intel-gfx] [PATCH 1/5] drm/i915/userptr: Beware recursive lock_page()
Date: Wed, 06 Nov 2019 07:22:24 +0000 [thread overview]
Message-ID: <157302494441.18566.9645099809866368384@skylake-alporthouse-com> (raw)
Message-ID: <20191106072224.IRfvoGpWBEMSX2WG5G8e32YPUKG_w4F72TLk5L0N6ME@z> (raw)
In-Reply-To: <20190716124931.5870-1-chris@chris-wilson.co.uk>
Quoting Chris Wilson (2019-07-16 13:49:27)
> Following a try_to_unmap() we may want to remove the userptr and so call
> put_pages(). However, try_to_unmap() acquires the page lock and so we
> must avoid recursively locking the pages ourselves -- which means that
> we cannot safely acquire the lock around set_page_dirty(). Since we
> can't be sure of the lock, we have to risk skip dirtying the page, or
> else risk calling set_page_dirty() without a lock and so risk fs
> corruption.
>
> Reported-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
> Fixes: cb6d7c7dc7ff ("drm/i915/userptr: Acquire the page lock around set_page_dirty()")
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: stable@vger.kernel.org
> ---
> drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> index b9d2bb15e4a6..1ad2047a6dbd 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
> @@ -672,7 +672,7 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj,
> obj->mm.dirty = false;
>
> for_each_sgt_page(page, sgt_iter, pages) {
> - if (obj->mm.dirty)
> + if (obj->mm.dirty && trylock_page(page)) {
> /*
> * As this may not be anonymous memory (e.g. shmem)
> * but exist on a real mapping, we have to lock
> @@ -680,8 +680,20 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj,
> * the page reference is not sufficient to
> * prevent the inode from being truncated.
> * Play safe and take the lock.
> + *
> + * However...!
> + *
> + * The mmu-notifier can be invalidated for a
> + * migrate_page, that is alreadying holding the lock
> + * on the page. Such a try_to_unmap() will result
> + * in us calling put_pages() and so recursively try
> + * to lock the page. We avoid that deadlock with
> + * a trylock_page() and in exchange we risk missing
> + * some page dirtying.
> */
> - set_page_dirty_lock(page);
> + set_page_dirty(page);
> + unlock_page(page);
> + }
It really seems like we have no choice but to only call set_page_dirty()
while under the page lock, and the only way we can guarantee that
without recursion is with a trylock...
https://bugs.freedesktop.org/show_bug.cgi?id=112012
-Chris
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2019-11-06 7:22 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 12:49 [PATCH 1/5] drm/i915/userptr: Beware recursive lock_page() Chris Wilson
2019-07-16 12:49 ` [PATCH 2/5] drm/i915/gt: Push engine stopping into reset-prepare Chris Wilson
2019-07-17 13:04 ` Tvrtko Ursulin
2019-07-17 13:08 ` Chris Wilson
2019-07-17 13:21 ` Tvrtko Ursulin
2019-07-17 13:30 ` Chris Wilson
2019-07-17 13:42 ` Tvrtko Ursulin
2019-07-17 13:56 ` Chris Wilson
2019-07-17 17:29 ` Tvrtko Ursulin
2019-07-16 12:49 ` [PATCH 3/5] drm/i915/execlists: Process interrupted context on reset Chris Wilson
2019-07-17 13:31 ` Tvrtko Ursulin
2019-07-17 13:40 ` Chris Wilson
2019-07-17 13:43 ` Chris Wilson
2019-07-16 12:49 ` [PATCH 4/5] drm/i915/execlists: Cancel breadcrumb on preempting the virtual engine Chris Wilson
2019-07-17 13:40 ` Tvrtko Ursulin
2019-07-19 11:51 ` Chris Wilson
2019-07-16 12:49 ` [PATCH 5/5] drm/i915: Hide unshrinkable context objects from the shrinker Chris Wilson
2019-07-16 13:46 ` ✓ Fi.CI.BAT: success for series starting with [1/5] drm/i915/userptr: Beware recursive lock_page() Patchwork
2019-07-16 15:25 ` [Intel-gfx] [PATCH 1/5] " Tvrtko Ursulin
2019-07-16 15:25 ` Tvrtko Ursulin
2019-07-16 15:37 ` [Intel-gfx] " Chris Wilson
2019-07-17 13:09 ` Tvrtko Ursulin
2019-07-17 13:17 ` Chris Wilson
2019-07-17 13:23 ` Tvrtko Ursulin
2019-07-17 13:35 ` Chris Wilson
2019-07-17 13:46 ` Tvrtko Ursulin
2019-07-17 14:06 ` Chris Wilson
2019-07-17 18:09 ` Tvrtko Ursulin
2019-07-26 13:38 ` Lionel Landwerlin
2019-09-09 13:52 ` Chris Wilson
2019-09-11 11:31 ` Tvrtko Ursulin
2019-09-11 11:38 ` Chris Wilson
2019-09-11 12:10 ` Tvrtko Ursulin
2019-07-16 16:13 ` ✓ Fi.CI.IGT: success for series starting with [1/5] " Patchwork
2019-11-06 7:22 ` Chris Wilson [this message]
2019-11-06 7:22 ` [Intel-gfx] [PATCH 1/5] " Chris Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=157302494441.18566.9645099809866368384@skylake-alporthouse-com \
--to=chris@chris-wilson.co.uk \
--cc=intel-gfx@lists.freedesktop.org \
--cc=lionel.g.landwerlin@intel.com \
--cc=stable@vger.kernel.org \
--cc=tvrtko.ursulin@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.