* [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
@ 2020-04-22 7:20 ` Chris Wilson
0 siblings, 0 replies; 8+ messages in thread
From: Chris Wilson @ 2020-04-22 7:20 UTC (permalink / raw)
To: intel-gfx; +Cc: Chris Wilson, Dave Airlie, Tvrtko Ursulin, stable
While the ggtt vma are protected by their object lifetime, the list
continues until it hits a non-ggtt vma, and that vma is not protected
and may be freed as we inspect it. Hence, we require the obj->vma.lock
to protect the list as we iterate.
An example of forgetting to hold the obj->vma.lock is
[1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
[1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
[1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
[1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
[1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
[1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
[1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
[1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
[1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
[1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
[1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
[1642834.465034] FS: 00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
[1642834.465036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
[1642834.465038] Call Trace:
[1642834.465083] i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
[1642834.465121] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465151] drm_ioctl_kernel+0x86/0xd0 [drm]
[1642834.465156] ? avc_has_perm+0x3b/0x160
[1642834.465178] drm_ioctl+0x206/0x390 [drm]
[1642834.465216] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465221] ? selinux_file_ioctl+0x122/0x1c0
[1642834.465226] ? __do_munmap+0x24b/0x4d0
[1642834.465231] ksys_ioctl+0x82/0xc0
[1642834.465235] __x64_sys_ioctl+0x16/0x20
[1642834.465238] do_syscall_64+0x5b/0xf0
[1642834.465243] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[1642834.465245] RIP: 0033:0x7f6a3d7b047b
[1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
[1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
[1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
[1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
[1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
[1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30
Now to take the spinlock during the list iteration, we need to break it
down into two phases. In the first phase under the lock, we cannot sleep
and so must defer the actual work to a second list, protected by the
ggtt->mutex.
We also need to hold the spinlock during creation of a new spinlock to
serialise updates of the tiling on the object.
Reported-by: Dave Airlie <airlied@redhat.com>
Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: <stable@vger.kernel.org> # v5.5+
---
drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 15 ++++++++++++++-
drivers/gpu/drm/i915/i915_vma.c | 10 ++++++----
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
index 37f77aee1212..0deb66d2858e 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
@@ -182,21 +182,32 @@ i915_gem_object_fence_prepare(struct drm_i915_gem_object *obj,
int tiling_mode, unsigned int stride)
{
struct i915_ggtt *ggtt = &to_i915(obj->base.dev)->ggtt;
- struct i915_vma *vma;
+ struct i915_vma *vma, *vn;
+ LIST_HEAD(unbind);
int ret = 0;
if (tiling_mode == I915_TILING_NONE)
return 0;
mutex_lock(&ggtt->vm.mutex);
+
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
+ GEM_BUG_ON(vma->vm != &ggtt->vm);
+
if (i915_vma_fence_prepare(vma, tiling_mode, stride))
continue;
+ list_move(&vma->vm_link, &unbind);
+ }
+ spin_unlock(&obj->vma.lock);
+
+ list_for_each_entry_safe(vma, vn, &unbind, vm_link) {
ret = __i915_vma_unbind(vma);
if (ret)
break;
}
+
mutex_unlock(&ggtt->vm.mutex);
return ret;
@@ -268,6 +279,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
}
mutex_unlock(&obj->mm.lock);
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
vma->fence_size =
i915_gem_fence_size(i915, vma->size, tiling, stride);
@@ -278,6 +290,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
if (vma->fence)
vma->fence->dirty = true;
}
+ spin_unlock(&obj->vma.lock);
obj->tiling_and_stride = tiling | stride;
i915_gem_object_unlock(obj);
diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
index f0383a68c981..20fe5a134d92 100644
--- a/drivers/gpu/drm/i915/i915_vma.c
+++ b/drivers/gpu/drm/i915/i915_vma.c
@@ -158,16 +158,18 @@ vma_create(struct drm_i915_gem_object *obj,
GEM_BUG_ON(!IS_ALIGNED(vma->size, I915_GTT_PAGE_SIZE));
+ spin_lock(&obj->vma.lock);
+
if (i915_is_ggtt(vm)) {
if (unlikely(overflows_type(vma->size, u32)))
- goto err_vma;
+ goto err_unlock;
vma->fence_size = i915_gem_fence_size(vm->i915, vma->size,
i915_gem_object_get_tiling(obj),
i915_gem_object_get_stride(obj));
if (unlikely(vma->fence_size < vma->size || /* overflow */
vma->fence_size > vm->total))
- goto err_vma;
+ goto err_unlock;
GEM_BUG_ON(!IS_ALIGNED(vma->fence_size, I915_GTT_MIN_ALIGNMENT));
@@ -179,8 +181,6 @@ vma_create(struct drm_i915_gem_object *obj,
__set_bit(I915_VMA_GGTT_BIT, __i915_vma_flags(vma));
}
- spin_lock(&obj->vma.lock);
-
rb = NULL;
p = &obj->vma.tree.rb_node;
while (*p) {
@@ -225,6 +225,8 @@ vma_create(struct drm_i915_gem_object *obj,
return vma;
+err_unlock:
+ spin_unlock(&obj->vma.lock);
err_vma:
i915_vma_free(vma);
return ERR_PTR(-E2BIG);
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Intel-gfx] [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
@ 2020-04-22 7:20 ` Chris Wilson
0 siblings, 0 replies; 8+ messages in thread
From: Chris Wilson @ 2020-04-22 7:20 UTC (permalink / raw)
To: intel-gfx; +Cc: Dave Airlie, stable, Chris Wilson
While the ggtt vma are protected by their object lifetime, the list
continues until it hits a non-ggtt vma, and that vma is not protected
and may be freed as we inspect it. Hence, we require the obj->vma.lock
to protect the list as we iterate.
An example of forgetting to hold the obj->vma.lock is
[1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
[1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
[1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
[1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
[1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
[1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
[1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
[1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
[1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
[1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
[1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
[1642834.465034] FS: 00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
[1642834.465036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
[1642834.465038] Call Trace:
[1642834.465083] i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
[1642834.465121] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465151] drm_ioctl_kernel+0x86/0xd0 [drm]
[1642834.465156] ? avc_has_perm+0x3b/0x160
[1642834.465178] drm_ioctl+0x206/0x390 [drm]
[1642834.465216] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465221] ? selinux_file_ioctl+0x122/0x1c0
[1642834.465226] ? __do_munmap+0x24b/0x4d0
[1642834.465231] ksys_ioctl+0x82/0xc0
[1642834.465235] __x64_sys_ioctl+0x16/0x20
[1642834.465238] do_syscall_64+0x5b/0xf0
[1642834.465243] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[1642834.465245] RIP: 0033:0x7f6a3d7b047b
[1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
[1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
[1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
[1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
[1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
[1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30
Now to take the spinlock during the list iteration, we need to break it
down into two phases. In the first phase under the lock, we cannot sleep
and so must defer the actual work to a second list, protected by the
ggtt->mutex.
We also need to hold the spinlock during creation of a new spinlock to
serialise updates of the tiling on the object.
Reported-by: Dave Airlie <airlied@redhat.com>
Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: <stable@vger.kernel.org> # v5.5+
---
drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 15 ++++++++++++++-
drivers/gpu/drm/i915/i915_vma.c | 10 ++++++----
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
index 37f77aee1212..0deb66d2858e 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
@@ -182,21 +182,32 @@ i915_gem_object_fence_prepare(struct drm_i915_gem_object *obj,
int tiling_mode, unsigned int stride)
{
struct i915_ggtt *ggtt = &to_i915(obj->base.dev)->ggtt;
- struct i915_vma *vma;
+ struct i915_vma *vma, *vn;
+ LIST_HEAD(unbind);
int ret = 0;
if (tiling_mode == I915_TILING_NONE)
return 0;
mutex_lock(&ggtt->vm.mutex);
+
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
+ GEM_BUG_ON(vma->vm != &ggtt->vm);
+
if (i915_vma_fence_prepare(vma, tiling_mode, stride))
continue;
+ list_move(&vma->vm_link, &unbind);
+ }
+ spin_unlock(&obj->vma.lock);
+
+ list_for_each_entry_safe(vma, vn, &unbind, vm_link) {
ret = __i915_vma_unbind(vma);
if (ret)
break;
}
+
mutex_unlock(&ggtt->vm.mutex);
return ret;
@@ -268,6 +279,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
}
mutex_unlock(&obj->mm.lock);
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
vma->fence_size =
i915_gem_fence_size(i915, vma->size, tiling, stride);
@@ -278,6 +290,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
if (vma->fence)
vma->fence->dirty = true;
}
+ spin_unlock(&obj->vma.lock);
obj->tiling_and_stride = tiling | stride;
i915_gem_object_unlock(obj);
diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
index f0383a68c981..20fe5a134d92 100644
--- a/drivers/gpu/drm/i915/i915_vma.c
+++ b/drivers/gpu/drm/i915/i915_vma.c
@@ -158,16 +158,18 @@ vma_create(struct drm_i915_gem_object *obj,
GEM_BUG_ON(!IS_ALIGNED(vma->size, I915_GTT_PAGE_SIZE));
+ spin_lock(&obj->vma.lock);
+
if (i915_is_ggtt(vm)) {
if (unlikely(overflows_type(vma->size, u32)))
- goto err_vma;
+ goto err_unlock;
vma->fence_size = i915_gem_fence_size(vm->i915, vma->size,
i915_gem_object_get_tiling(obj),
i915_gem_object_get_stride(obj));
if (unlikely(vma->fence_size < vma->size || /* overflow */
vma->fence_size > vm->total))
- goto err_vma;
+ goto err_unlock;
GEM_BUG_ON(!IS_ALIGNED(vma->fence_size, I915_GTT_MIN_ALIGNMENT));
@@ -179,8 +181,6 @@ vma_create(struct drm_i915_gem_object *obj,
__set_bit(I915_VMA_GGTT_BIT, __i915_vma_flags(vma));
}
- spin_lock(&obj->vma.lock);
-
rb = NULL;
p = &obj->vma.tree.rb_node;
while (*p) {
@@ -225,6 +225,8 @@ vma_create(struct drm_i915_gem_object *obj,
return vma;
+err_unlock:
+ spin_unlock(&obj->vma.lock);
err_vma:
i915_vma_free(vma);
return ERR_PTR(-E2BIG);
--
2.20.1
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
2020-04-22 7:20 ` [Intel-gfx] " Chris Wilson
@ 2020-04-22 7:28 ` Chris Wilson
-1 siblings, 0 replies; 8+ messages in thread
From: Chris Wilson @ 2020-04-22 7:28 UTC (permalink / raw)
To: intel-gfx; +Cc: Chris Wilson, Dave Airlie, Tvrtko Ursulin, stable
While the ggtt vma are protected by their object lifetime, the list
continues until it hits a non-ggtt vma, and that vma is not protected
and may be freed as we inspect it. Hence, we require the obj->vma.lock
to protect the list as we iterate.
An example of forgetting to hold the obj->vma.lock is
[1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
[1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
[1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
[1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
[1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
[1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
[1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
[1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
[1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
[1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
[1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
[1642834.465034] FS: 00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
[1642834.465036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
[1642834.465038] Call Trace:
[1642834.465083] i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
[1642834.465121] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465151] drm_ioctl_kernel+0x86/0xd0 [drm]
[1642834.465156] ? avc_has_perm+0x3b/0x160
[1642834.465178] drm_ioctl+0x206/0x390 [drm]
[1642834.465216] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465221] ? selinux_file_ioctl+0x122/0x1c0
[1642834.465226] ? __do_munmap+0x24b/0x4d0
[1642834.465231] ksys_ioctl+0x82/0xc0
[1642834.465235] __x64_sys_ioctl+0x16/0x20
[1642834.465238] do_syscall_64+0x5b/0xf0
[1642834.465243] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[1642834.465245] RIP: 0033:0x7f6a3d7b047b
[1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
[1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
[1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
[1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
[1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
[1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30
Now to take the spinlock during the list iteration, we need to break it
down into two phases. In the first phase under the lock, we cannot sleep
and so must defer the actual work to a second list, protected by the
ggtt->mutex.
We also need to hold the spinlock during creation of a new spinlock to
serialise updates of the tiling on the object.
Reported-by: Dave Airlie <airlied@redhat.com>
Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: <stable@vger.kernel.org> # v5.5+
---
drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 20 ++++++++++++++++++--
drivers/gpu/drm/i915/i915_vma.c | 10 ++++++----
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
index 37f77aee1212..0158e49bf9bb 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
@@ -182,21 +182,35 @@ i915_gem_object_fence_prepare(struct drm_i915_gem_object *obj,
int tiling_mode, unsigned int stride)
{
struct i915_ggtt *ggtt = &to_i915(obj->base.dev)->ggtt;
- struct i915_vma *vma;
+ struct i915_vma *vma, *vn;
+ LIST_HEAD(unbind);
int ret = 0;
if (tiling_mode == I915_TILING_NONE)
return 0;
mutex_lock(&ggtt->vm.mutex);
+
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
+ GEM_BUG_ON(vma->vm != &ggtt->vm);
+
if (i915_vma_fence_prepare(vma, tiling_mode, stride))
continue;
+ list_move(&vma->vm_link, &unbind);
+ }
+ spin_unlock(&obj->vma.lock);
+
+ list_for_each_entry_safe(vma, vn, &unbind, vm_link) {
ret = __i915_vma_unbind(vma);
- if (ret)
+ if (ret) {
+ /* Restore the remaining vma on an error */
+ list_splice(&unbind, &ggtt->vm.bound_list);
break;
+ }
}
+
mutex_unlock(&ggtt->vm.mutex);
return ret;
@@ -268,6 +282,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
}
mutex_unlock(&obj->mm.lock);
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
vma->fence_size =
i915_gem_fence_size(i915, vma->size, tiling, stride);
@@ -278,6 +293,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
if (vma->fence)
vma->fence->dirty = true;
}
+ spin_unlock(&obj->vma.lock);
obj->tiling_and_stride = tiling | stride;
i915_gem_object_unlock(obj);
diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
index f0383a68c981..20fe5a134d92 100644
--- a/drivers/gpu/drm/i915/i915_vma.c
+++ b/drivers/gpu/drm/i915/i915_vma.c
@@ -158,16 +158,18 @@ vma_create(struct drm_i915_gem_object *obj,
GEM_BUG_ON(!IS_ALIGNED(vma->size, I915_GTT_PAGE_SIZE));
+ spin_lock(&obj->vma.lock);
+
if (i915_is_ggtt(vm)) {
if (unlikely(overflows_type(vma->size, u32)))
- goto err_vma;
+ goto err_unlock;
vma->fence_size = i915_gem_fence_size(vm->i915, vma->size,
i915_gem_object_get_tiling(obj),
i915_gem_object_get_stride(obj));
if (unlikely(vma->fence_size < vma->size || /* overflow */
vma->fence_size > vm->total))
- goto err_vma;
+ goto err_unlock;
GEM_BUG_ON(!IS_ALIGNED(vma->fence_size, I915_GTT_MIN_ALIGNMENT));
@@ -179,8 +181,6 @@ vma_create(struct drm_i915_gem_object *obj,
__set_bit(I915_VMA_GGTT_BIT, __i915_vma_flags(vma));
}
- spin_lock(&obj->vma.lock);
-
rb = NULL;
p = &obj->vma.tree.rb_node;
while (*p) {
@@ -225,6 +225,8 @@ vma_create(struct drm_i915_gem_object *obj,
return vma;
+err_unlock:
+ spin_unlock(&obj->vma.lock);
err_vma:
i915_vma_free(vma);
return ERR_PTR(-E2BIG);
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Intel-gfx] [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
@ 2020-04-22 7:28 ` Chris Wilson
0 siblings, 0 replies; 8+ messages in thread
From: Chris Wilson @ 2020-04-22 7:28 UTC (permalink / raw)
To: intel-gfx; +Cc: Dave Airlie, stable, Chris Wilson
While the ggtt vma are protected by their object lifetime, the list
continues until it hits a non-ggtt vma, and that vma is not protected
and may be freed as we inspect it. Hence, we require the obj->vma.lock
to protect the list as we iterate.
An example of forgetting to hold the obj->vma.lock is
[1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
[1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
[1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
[1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
[1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
[1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
[1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
[1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
[1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
[1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
[1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
[1642834.465034] FS: 00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
[1642834.465036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
[1642834.465038] Call Trace:
[1642834.465083] i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
[1642834.465121] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465151] drm_ioctl_kernel+0x86/0xd0 [drm]
[1642834.465156] ? avc_has_perm+0x3b/0x160
[1642834.465178] drm_ioctl+0x206/0x390 [drm]
[1642834.465216] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465221] ? selinux_file_ioctl+0x122/0x1c0
[1642834.465226] ? __do_munmap+0x24b/0x4d0
[1642834.465231] ksys_ioctl+0x82/0xc0
[1642834.465235] __x64_sys_ioctl+0x16/0x20
[1642834.465238] do_syscall_64+0x5b/0xf0
[1642834.465243] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[1642834.465245] RIP: 0033:0x7f6a3d7b047b
[1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
[1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
[1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
[1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
[1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
[1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30
Now to take the spinlock during the list iteration, we need to break it
down into two phases. In the first phase under the lock, we cannot sleep
and so must defer the actual work to a second list, protected by the
ggtt->mutex.
We also need to hold the spinlock during creation of a new spinlock to
serialise updates of the tiling on the object.
Reported-by: Dave Airlie <airlied@redhat.com>
Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: <stable@vger.kernel.org> # v5.5+
---
drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 20 ++++++++++++++++++--
drivers/gpu/drm/i915/i915_vma.c | 10 ++++++----
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
index 37f77aee1212..0158e49bf9bb 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
@@ -182,21 +182,35 @@ i915_gem_object_fence_prepare(struct drm_i915_gem_object *obj,
int tiling_mode, unsigned int stride)
{
struct i915_ggtt *ggtt = &to_i915(obj->base.dev)->ggtt;
- struct i915_vma *vma;
+ struct i915_vma *vma, *vn;
+ LIST_HEAD(unbind);
int ret = 0;
if (tiling_mode == I915_TILING_NONE)
return 0;
mutex_lock(&ggtt->vm.mutex);
+
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
+ GEM_BUG_ON(vma->vm != &ggtt->vm);
+
if (i915_vma_fence_prepare(vma, tiling_mode, stride))
continue;
+ list_move(&vma->vm_link, &unbind);
+ }
+ spin_unlock(&obj->vma.lock);
+
+ list_for_each_entry_safe(vma, vn, &unbind, vm_link) {
ret = __i915_vma_unbind(vma);
- if (ret)
+ if (ret) {
+ /* Restore the remaining vma on an error */
+ list_splice(&unbind, &ggtt->vm.bound_list);
break;
+ }
}
+
mutex_unlock(&ggtt->vm.mutex);
return ret;
@@ -268,6 +282,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
}
mutex_unlock(&obj->mm.lock);
+ spin_lock(&obj->vma.lock);
for_each_ggtt_vma(vma, obj) {
vma->fence_size =
i915_gem_fence_size(i915, vma->size, tiling, stride);
@@ -278,6 +293,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
if (vma->fence)
vma->fence->dirty = true;
}
+ spin_unlock(&obj->vma.lock);
obj->tiling_and_stride = tiling | stride;
i915_gem_object_unlock(obj);
diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
index f0383a68c981..20fe5a134d92 100644
--- a/drivers/gpu/drm/i915/i915_vma.c
+++ b/drivers/gpu/drm/i915/i915_vma.c
@@ -158,16 +158,18 @@ vma_create(struct drm_i915_gem_object *obj,
GEM_BUG_ON(!IS_ALIGNED(vma->size, I915_GTT_PAGE_SIZE));
+ spin_lock(&obj->vma.lock);
+
if (i915_is_ggtt(vm)) {
if (unlikely(overflows_type(vma->size, u32)))
- goto err_vma;
+ goto err_unlock;
vma->fence_size = i915_gem_fence_size(vm->i915, vma->size,
i915_gem_object_get_tiling(obj),
i915_gem_object_get_stride(obj));
if (unlikely(vma->fence_size < vma->size || /* overflow */
vma->fence_size > vm->total))
- goto err_vma;
+ goto err_unlock;
GEM_BUG_ON(!IS_ALIGNED(vma->fence_size, I915_GTT_MIN_ALIGNMENT));
@@ -179,8 +181,6 @@ vma_create(struct drm_i915_gem_object *obj,
__set_bit(I915_VMA_GGTT_BIT, __i915_vma_flags(vma));
}
- spin_lock(&obj->vma.lock);
-
rb = NULL;
p = &obj->vma.tree.rb_node;
while (*p) {
@@ -225,6 +225,8 @@ vma_create(struct drm_i915_gem_object *obj,
return vma;
+err_unlock:
+ spin_unlock(&obj->vma.lock);
err_vma:
i915_vma_free(vma);
return ERR_PTR(-E2BIG);
--
2.20.1
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Intel-gfx] ✓ Fi.CI.BAT: success for drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() (rev2)
2020-04-22 7:20 ` [Intel-gfx] " Chris Wilson
(?)
(?)
@ 2020-04-22 8:12 ` Patchwork
-1 siblings, 0 replies; 8+ messages in thread
From: Patchwork @ 2020-04-22 8:12 UTC (permalink / raw)
To: Chris Wilson; +Cc: intel-gfx
== Series Details ==
Series: drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() (rev2)
URL : https://patchwork.freedesktop.org/series/76309/
State : success
== Summary ==
CI Bug Log - changes from CI_DRM_8347 -> Patchwork_17413
====================================================
Summary
-------
**SUCCESS**
No regressions found.
External URL: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/index.html
Known issues
------------
Here are the changes found in Patchwork_17413 that come from known issues:
### IGT changes ###
#### Issues hit ####
* igt@i915_selftest@live@active:
- fi-skl-lmem: [PASS][1] -> [DMESG-FAIL][2] ([i915#666])
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/fi-skl-lmem/igt@i915_selftest@live@active.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/fi-skl-lmem/igt@i915_selftest@live@active.html
#### Possible fixes ####
* igt@i915_selftest@live@execlists:
- fi-icl-y: [DMESG-FAIL][3] ([i915#1314]) -> [PASS][4]
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/fi-icl-y/igt@i915_selftest@live@execlists.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/fi-icl-y/igt@i915_selftest@live@execlists.html
[i915#1314]: https://gitlab.freedesktop.org/drm/intel/issues/1314
[i915#666]: https://gitlab.freedesktop.org/drm/intel/issues/666
Participating hosts (49 -> 43)
------------------------------
Missing (6): fi-cml-u2 fi-hsw-4200u fi-byt-squawks fi-bsw-cyan fi-byt-clapper fi-bdw-samus
Build changes
-------------
* CI: CI-20190529 -> None
* Linux: CI_DRM_8347 -> Patchwork_17413
CI-20190529: 20190529
CI_DRM_8347: 4acd2fd67fbcfe23e07130bab11a47d4b43d0bd4 @ git://anongit.freedesktop.org/gfx-ci/linux
IGT_5604: 18cc19ece602ba552a8386222b49e7e82820f9aa @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
Patchwork_17413: de20c07a5fce12bd62692b8df4c4de8f8c3fa1fc @ git://anongit.freedesktop.org/gfx-ci/linux
== Linux commits ==
de20c07a5fce drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/index.html
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Intel-gfx] ✓ Fi.CI.IGT: success for drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() (rev2)
2020-04-22 7:20 ` [Intel-gfx] " Chris Wilson
` (2 preceding siblings ...)
(?)
@ 2020-04-22 9:12 ` Patchwork
-1 siblings, 0 replies; 8+ messages in thread
From: Patchwork @ 2020-04-22 9:12 UTC (permalink / raw)
To: Chris Wilson; +Cc: intel-gfx
== Series Details ==
Series: drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() (rev2)
URL : https://patchwork.freedesktop.org/series/76309/
State : success
== Summary ==
CI Bug Log - changes from CI_DRM_8347_full -> Patchwork_17413_full
====================================================
Summary
-------
**SUCCESS**
No regressions found.
Known issues
------------
Here are the changes found in Patchwork_17413_full that come from known issues:
### IGT changes ###
#### Issues hit ####
* igt@gem_exec_whisper@basic-queues-forked:
- shard-kbl: [PASS][1] -> [FAIL][2] ([i915#1479])
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-kbl6/igt@gem_exec_whisper@basic-queues-forked.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-kbl7/igt@gem_exec_whisper@basic-queues-forked.html
* igt@gem_workarounds@suspend-resume-context:
- shard-kbl: [PASS][3] -> [DMESG-WARN][4] ([i915#180])
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-kbl3/igt@gem_workarounds@suspend-resume-context.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-kbl3/igt@gem_workarounds@suspend-resume-context.html
* igt@i915_selftest@live@late_gt_pm:
- shard-snb: [PASS][5] -> [FAIL][6] ([i915#1763])
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-snb2/igt@i915_selftest@live@late_gt_pm.html
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-snb6/igt@i915_selftest@live@late_gt_pm.html
* igt@i915_selftest@live@requests:
- shard-tglb: [PASS][7] -> [INCOMPLETE][8] ([i915#1531] / [i915#1658])
[7]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-tglb1/igt@i915_selftest@live@requests.html
[8]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-tglb7/igt@i915_selftest@live@requests.html
* igt@kms_cursor_crc@pipe-a-cursor-64x64-onscreen:
- shard-kbl: [PASS][9] -> [FAIL][10] ([i915#54] / [i915#93] / [i915#95])
[9]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-kbl4/igt@kms_cursor_crc@pipe-a-cursor-64x64-onscreen.html
[10]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-kbl4/igt@kms_cursor_crc@pipe-a-cursor-64x64-onscreen.html
* igt@kms_cursor_crc@pipe-c-cursor-suspend:
- shard-skl: [PASS][11] -> [INCOMPLETE][12] ([i915#300])
[11]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-skl2/igt@kms_cursor_crc@pipe-c-cursor-suspend.html
[12]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-skl6/igt@kms_cursor_crc@pipe-c-cursor-suspend.html
* igt@kms_flip_tiling@flip-to-y-tiled:
- shard-tglb: [PASS][13] -> [INCOMPLETE][14] ([i915#516])
[13]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-tglb6/igt@kms_flip_tiling@flip-to-y-tiled.html
[14]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-tglb6/igt@kms_flip_tiling@flip-to-y-tiled.html
* igt@kms_hdr@bpc-switch-dpms:
- shard-skl: [PASS][15] -> [FAIL][16] ([i915#1188]) +2 similar issues
[15]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-skl6/igt@kms_hdr@bpc-switch-dpms.html
[16]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-skl9/igt@kms_hdr@bpc-switch-dpms.html
* igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes:
- shard-apl: [PASS][17] -> [DMESG-WARN][18] ([i915#180]) +3 similar issues
[17]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-apl2/igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes.html
[18]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-apl1/igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes.html
* igt@kms_plane_alpha_blend@pipe-c-constant-alpha-min:
- shard-skl: [PASS][19] -> [FAIL][20] ([fdo#108145] / [i915#265]) +1 similar issue
[19]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-skl7/igt@kms_plane_alpha_blend@pipe-c-constant-alpha-min.html
[20]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-skl2/igt@kms_plane_alpha_blend@pipe-c-constant-alpha-min.html
* igt@kms_psr@no_drrs:
- shard-iclb: [PASS][21] -> [FAIL][22] ([i915#173])
[21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-iclb6/igt@kms_psr@no_drrs.html
[22]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-iclb1/igt@kms_psr@no_drrs.html
* igt@kms_psr@psr2_cursor_blt:
- shard-iclb: [PASS][23] -> [SKIP][24] ([fdo#109441])
[23]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-iclb2/igt@kms_psr@psr2_cursor_blt.html
[24]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-iclb7/igt@kms_psr@psr2_cursor_blt.html
* igt@kms_setmode@basic:
- shard-apl: [PASS][25] -> [FAIL][26] ([i915#31])
[25]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-apl8/igt@kms_setmode@basic.html
[26]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-apl8/igt@kms_setmode@basic.html
- shard-kbl: [PASS][27] -> [FAIL][28] ([i915#31] / [i915#93] / [i915#95])
[27]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-kbl7/igt@kms_setmode@basic.html
[28]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-kbl6/igt@kms_setmode@basic.html
#### Possible fixes ####
* {igt@gem_ctx_isolation@preservation-s3@vcs0}:
- shard-kbl: [DMESG-WARN][29] ([i915#180]) -> [PASS][30] +7 similar issues
[29]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-kbl2/igt@gem_ctx_isolation@preservation-s3@vcs0.html
[30]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-kbl6/igt@gem_ctx_isolation@preservation-s3@vcs0.html
* {igt@kms_flip@flip-vs-suspend@a-dp1}:
- shard-apl: [DMESG-WARN][31] ([i915#180]) -> [PASS][32] +3 similar issues
[31]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-apl4/igt@kms_flip@flip-vs-suspend@a-dp1.html
[32]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-apl3/igt@kms_flip@flip-vs-suspend@a-dp1.html
* igt@kms_plane_alpha_blend@pipe-b-coverage-7efc:
- shard-skl: [FAIL][33] ([fdo#108145] / [i915#265]) -> [PASS][34]
[33]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-skl1/igt@kms_plane_alpha_blend@pipe-b-coverage-7efc.html
[34]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-skl4/igt@kms_plane_alpha_blend@pipe-b-coverage-7efc.html
* igt@kms_plane_lowres@pipe-a-tiling-x:
- shard-glk: [FAIL][35] ([i915#899]) -> [PASS][36]
[35]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-glk2/igt@kms_plane_lowres@pipe-a-tiling-x.html
[36]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-glk5/igt@kms_plane_lowres@pipe-a-tiling-x.html
* igt@kms_psr@psr2_cursor_mmap_cpu:
- shard-iclb: [SKIP][37] ([fdo#109441]) -> [PASS][38] +2 similar issues
[37]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-iclb6/igt@kms_psr@psr2_cursor_mmap_cpu.html
[38]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-iclb2/igt@kms_psr@psr2_cursor_mmap_cpu.html
#### Warnings ####
* igt@i915_pm_rc6_residency@rc6-idle:
- shard-iclb: [FAIL][39] ([i915#1515]) -> [WARN][40] ([i915#1515])
[39]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-iclb8/igt@i915_pm_rc6_residency@rc6-idle.html
[40]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-iclb2/igt@i915_pm_rc6_residency@rc6-idle.html
* igt@kms_fbcon_fbt@fbc-suspend:
- shard-kbl: [DMESG-FAIL][41] ([i915#180] / [i915#95]) -> [FAIL][42] ([i915#93] / [i915#95])
[41]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_8347/shard-kbl4/igt@kms_fbcon_fbt@fbc-suspend.html
[42]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/shard-kbl2/igt@kms_fbcon_fbt@fbc-suspend.html
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
[fdo#108145]: https://bugs.freedesktop.org/show_bug.cgi?id=108145
[fdo#109441]: https://bugs.freedesktop.org/show_bug.cgi?id=109441
[i915#1188]: https://gitlab.freedesktop.org/drm/intel/issues/1188
[i915#1479]: https://gitlab.freedesktop.org/drm/intel/issues/1479
[i915#1515]: https://gitlab.freedesktop.org/drm/intel/issues/1515
[i915#1531]: https://gitlab.freedesktop.org/drm/intel/issues/1531
[i915#1542]: https://gitlab.freedesktop.org/drm/intel/issues/1542
[i915#1658]: https://gitlab.freedesktop.org/drm/intel/issues/1658
[i915#173]: https://gitlab.freedesktop.org/drm/intel/issues/173
[i915#1763]: https://gitlab.freedesktop.org/drm/intel/issues/1763
[i915#180]: https://gitlab.freedesktop.org/drm/intel/issues/180
[i915#198]: https://gitlab.freedesktop.org/drm/intel/issues/198
[i915#265]: https://gitlab.freedesktop.org/drm/intel/issues/265
[i915#300]: https://gitlab.freedesktop.org/drm/intel/issues/300
[i915#31]: https://gitlab.freedesktop.org/drm/intel/issues/31
[i915#516]: https://gitlab.freedesktop.org/drm/intel/issues/516
[i915#54]: https://gitlab.freedesktop.org/drm/intel/issues/54
[i915#79]: https://gitlab.freedesktop.org/drm/intel/issues/79
[i915#899]: https://gitlab.freedesktop.org/drm/intel/issues/899
[i915#93]: https://gitlab.freedesktop.org/drm/intel/issues/93
[i915#95]: https://gitlab.freedesktop.org/drm/intel/issues/95
Participating hosts (10 -> 10)
------------------------------
No changes in participating hosts
Build changes
-------------
* CI: CI-20190529 -> None
* Linux: CI_DRM_8347 -> Patchwork_17413
CI-20190529: 20190529
CI_DRM_8347: 4acd2fd67fbcfe23e07130bab11a47d4b43d0bd4 @ git://anongit.freedesktop.org/gfx-ci/linux
IGT_5604: 18cc19ece602ba552a8386222b49e7e82820f9aa @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
Patchwork_17413: de20c07a5fce12bd62692b8df4c4de8f8c3fa1fc @ git://anongit.freedesktop.org/gfx-ci/linux
piglit_4509: fdc5a4ca11124ab8413c7988896eec4c97336694 @ git://anongit.freedesktop.org/piglit
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_17413/index.html
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Intel-gfx] [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
2020-04-22 7:20 ` [Intel-gfx] " Chris Wilson
@ 2020-04-22 13:59 ` Tvrtko Ursulin
-1 siblings, 0 replies; 8+ messages in thread
From: Tvrtko Ursulin @ 2020-04-22 13:59 UTC (permalink / raw)
To: Chris Wilson, intel-gfx; +Cc: Dave Airlie, stable
On 22/04/2020 08:20, Chris Wilson wrote:
> While the ggtt vma are protected by their object lifetime, the list
> continues until it hits a non-ggtt vma, and that vma is not protected
> and may be freed as we inspect it. Hence, we require the obj->vma.lock
> to protect the list as we iterate.
>
> An example of forgetting to hold the obj->vma.lock is
>
> [1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
> [1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
> [1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
> [1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
> [1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
> [1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
> [1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
> [1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
> [1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
> [1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
> [1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
> [1642834.465034] FS: 00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
> [1642834.465036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
> [1642834.465038] Call Trace:
> [1642834.465083] i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
> [1642834.465121] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
> [1642834.465151] drm_ioctl_kernel+0x86/0xd0 [drm]
> [1642834.465156] ? avc_has_perm+0x3b/0x160
> [1642834.465178] drm_ioctl+0x206/0x390 [drm]
> [1642834.465216] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
> [1642834.465221] ? selinux_file_ioctl+0x122/0x1c0
> [1642834.465226] ? __do_munmap+0x24b/0x4d0
> [1642834.465231] ksys_ioctl+0x82/0xc0
> [1642834.465235] __x64_sys_ioctl+0x16/0x20
> [1642834.465238] do_syscall_64+0x5b/0xf0
> [1642834.465243] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [1642834.465245] RIP: 0033:0x7f6a3d7b047b
> [1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
> [1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> [1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
> [1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
> [1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
> [1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
> [1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30
>
> Now to take the spinlock during the list iteration, we need to break it
> down into two phases. In the first phase under the lock, we cannot sleep
> and so must defer the actual work to a second list, protected by the
> ggtt->mutex.
>
> We also need to hold the spinlock during creation of a new spinlock to
s/new spinlock/new vma/
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Regards,
Tvrtko
> serialise updates of the tiling on the object.
>
> Reported-by: Dave Airlie <airlied@redhat.com>
> Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: Dave Airlie <airlied@redhat.com>
> Cc: <stable@vger.kernel.org> # v5.5+
> ---
> drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 15 ++++++++++++++-
> drivers/gpu/drm/i915/i915_vma.c | 10 ++++++----
> 2 files changed, 20 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
> index 37f77aee1212..0deb66d2858e 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
> @@ -182,21 +182,32 @@ i915_gem_object_fence_prepare(struct drm_i915_gem_object *obj,
> int tiling_mode, unsigned int stride)
> {
> struct i915_ggtt *ggtt = &to_i915(obj->base.dev)->ggtt;
> - struct i915_vma *vma;
> + struct i915_vma *vma, *vn;
> + LIST_HEAD(unbind);
> int ret = 0;
>
> if (tiling_mode == I915_TILING_NONE)
> return 0;
>
> mutex_lock(&ggtt->vm.mutex);
> +
> + spin_lock(&obj->vma.lock);
> for_each_ggtt_vma(vma, obj) {
> + GEM_BUG_ON(vma->vm != &ggtt->vm);
> +
> if (i915_vma_fence_prepare(vma, tiling_mode, stride))
> continue;
>
> + list_move(&vma->vm_link, &unbind);
> + }
> + spin_unlock(&obj->vma.lock);
> +
> + list_for_each_entry_safe(vma, vn, &unbind, vm_link) {
> ret = __i915_vma_unbind(vma);
> if (ret)
> break;
> }
> +
> mutex_unlock(&ggtt->vm.mutex);
>
> return ret;
> @@ -268,6 +279,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
> }
> mutex_unlock(&obj->mm.lock);
>
> + spin_lock(&obj->vma.lock);
> for_each_ggtt_vma(vma, obj) {
> vma->fence_size =
> i915_gem_fence_size(i915, vma->size, tiling, stride);
> @@ -278,6 +290,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
> if (vma->fence)
> vma->fence->dirty = true;
> }
> + spin_unlock(&obj->vma.lock);
>
> obj->tiling_and_stride = tiling | stride;
> i915_gem_object_unlock(obj);
> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
> index f0383a68c981..20fe5a134d92 100644
> --- a/drivers/gpu/drm/i915/i915_vma.c
> +++ b/drivers/gpu/drm/i915/i915_vma.c
> @@ -158,16 +158,18 @@ vma_create(struct drm_i915_gem_object *obj,
>
> GEM_BUG_ON(!IS_ALIGNED(vma->size, I915_GTT_PAGE_SIZE));
>
> + spin_lock(&obj->vma.lock);
> +
> if (i915_is_ggtt(vm)) {
> if (unlikely(overflows_type(vma->size, u32)))
> - goto err_vma;
> + goto err_unlock;
>
> vma->fence_size = i915_gem_fence_size(vm->i915, vma->size,
> i915_gem_object_get_tiling(obj),
> i915_gem_object_get_stride(obj));
> if (unlikely(vma->fence_size < vma->size || /* overflow */
> vma->fence_size > vm->total))
> - goto err_vma;
> + goto err_unlock;
>
> GEM_BUG_ON(!IS_ALIGNED(vma->fence_size, I915_GTT_MIN_ALIGNMENT));
>
> @@ -179,8 +181,6 @@ vma_create(struct drm_i915_gem_object *obj,
> __set_bit(I915_VMA_GGTT_BIT, __i915_vma_flags(vma));
> }
>
> - spin_lock(&obj->vma.lock);
> -
> rb = NULL;
> p = &obj->vma.tree.rb_node;
> while (*p) {
> @@ -225,6 +225,8 @@ vma_create(struct drm_i915_gem_object *obj,
>
> return vma;
>
> +err_unlock:
> + spin_unlock(&obj->vma.lock);
> err_vma:
> i915_vma_free(vma);
> return ERR_PTR(-E2BIG);
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Intel-gfx] [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma()
@ 2020-04-22 13:59 ` Tvrtko Ursulin
0 siblings, 0 replies; 8+ messages in thread
From: Tvrtko Ursulin @ 2020-04-22 13:59 UTC (permalink / raw)
To: Chris Wilson, intel-gfx; +Cc: Dave Airlie, stable
On 22/04/2020 08:20, Chris Wilson wrote:
> While the ggtt vma are protected by their object lifetime, the list
> continues until it hits a non-ggtt vma, and that vma is not protected
> and may be freed as we inspect it. Hence, we require the obj->vma.lock
> to protect the list as we iterate.
>
> An example of forgetting to hold the obj->vma.lock is
>
> [1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
> [1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
> [1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
> [1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
> [1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
> [1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
> [1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
> [1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
> [1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
> [1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
> [1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
> [1642834.465034] FS: 00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
> [1642834.465036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
> [1642834.465038] Call Trace:
> [1642834.465083] i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
> [1642834.465121] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
> [1642834.465151] drm_ioctl_kernel+0x86/0xd0 [drm]
> [1642834.465156] ? avc_has_perm+0x3b/0x160
> [1642834.465178] drm_ioctl+0x206/0x390 [drm]
> [1642834.465216] ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
> [1642834.465221] ? selinux_file_ioctl+0x122/0x1c0
> [1642834.465226] ? __do_munmap+0x24b/0x4d0
> [1642834.465231] ksys_ioctl+0x82/0xc0
> [1642834.465235] __x64_sys_ioctl+0x16/0x20
> [1642834.465238] do_syscall_64+0x5b/0xf0
> [1642834.465243] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [1642834.465245] RIP: 0033:0x7f6a3d7b047b
> [1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
> [1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> [1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
> [1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
> [1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
> [1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
> [1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30
>
> Now to take the spinlock during the list iteration, we need to break it
> down into two phases. In the first phase under the lock, we cannot sleep
> and so must defer the actual work to a second list, protected by the
> ggtt->mutex.
>
> We also need to hold the spinlock during creation of a new spinlock to
s/new spinlock/new vma/
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Regards,
Tvrtko
> serialise updates of the tiling on the object.
>
> Reported-by: Dave Airlie <airlied@redhat.com>
> Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: Dave Airlie <airlied@redhat.com>
> Cc: <stable@vger.kernel.org> # v5.5+
> ---
> drivers/gpu/drm/i915/gem/i915_gem_tiling.c | 15 ++++++++++++++-
> drivers/gpu/drm/i915/i915_vma.c | 10 ++++++----
> 2 files changed, 20 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
> index 37f77aee1212..0deb66d2858e 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_tiling.c
> @@ -182,21 +182,32 @@ i915_gem_object_fence_prepare(struct drm_i915_gem_object *obj,
> int tiling_mode, unsigned int stride)
> {
> struct i915_ggtt *ggtt = &to_i915(obj->base.dev)->ggtt;
> - struct i915_vma *vma;
> + struct i915_vma *vma, *vn;
> + LIST_HEAD(unbind);
> int ret = 0;
>
> if (tiling_mode == I915_TILING_NONE)
> return 0;
>
> mutex_lock(&ggtt->vm.mutex);
> +
> + spin_lock(&obj->vma.lock);
> for_each_ggtt_vma(vma, obj) {
> + GEM_BUG_ON(vma->vm != &ggtt->vm);
> +
> if (i915_vma_fence_prepare(vma, tiling_mode, stride))
> continue;
>
> + list_move(&vma->vm_link, &unbind);
> + }
> + spin_unlock(&obj->vma.lock);
> +
> + list_for_each_entry_safe(vma, vn, &unbind, vm_link) {
> ret = __i915_vma_unbind(vma);
> if (ret)
> break;
> }
> +
> mutex_unlock(&ggtt->vm.mutex);
>
> return ret;
> @@ -268,6 +279,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
> }
> mutex_unlock(&obj->mm.lock);
>
> + spin_lock(&obj->vma.lock);
> for_each_ggtt_vma(vma, obj) {
> vma->fence_size =
> i915_gem_fence_size(i915, vma->size, tiling, stride);
> @@ -278,6 +290,7 @@ i915_gem_object_set_tiling(struct drm_i915_gem_object *obj,
> if (vma->fence)
> vma->fence->dirty = true;
> }
> + spin_unlock(&obj->vma.lock);
>
> obj->tiling_and_stride = tiling | stride;
> i915_gem_object_unlock(obj);
> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c
> index f0383a68c981..20fe5a134d92 100644
> --- a/drivers/gpu/drm/i915/i915_vma.c
> +++ b/drivers/gpu/drm/i915/i915_vma.c
> @@ -158,16 +158,18 @@ vma_create(struct drm_i915_gem_object *obj,
>
> GEM_BUG_ON(!IS_ALIGNED(vma->size, I915_GTT_PAGE_SIZE));
>
> + spin_lock(&obj->vma.lock);
> +
> if (i915_is_ggtt(vm)) {
> if (unlikely(overflows_type(vma->size, u32)))
> - goto err_vma;
> + goto err_unlock;
>
> vma->fence_size = i915_gem_fence_size(vm->i915, vma->size,
> i915_gem_object_get_tiling(obj),
> i915_gem_object_get_stride(obj));
> if (unlikely(vma->fence_size < vma->size || /* overflow */
> vma->fence_size > vm->total))
> - goto err_vma;
> + goto err_unlock;
>
> GEM_BUG_ON(!IS_ALIGNED(vma->fence_size, I915_GTT_MIN_ALIGNMENT));
>
> @@ -179,8 +181,6 @@ vma_create(struct drm_i915_gem_object *obj,
> __set_bit(I915_VMA_GGTT_BIT, __i915_vma_flags(vma));
> }
>
> - spin_lock(&obj->vma.lock);
> -
> rb = NULL;
> p = &obj->vma.tree.rb_node;
> while (*p) {
> @@ -225,6 +225,8 @@ vma_create(struct drm_i915_gem_object *obj,
>
> return vma;
>
> +err_unlock:
> + spin_unlock(&obj->vma.lock);
> err_vma:
> i915_vma_free(vma);
> return ERR_PTR(-E2BIG);
>
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-04-22 13:59 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-22 7:20 [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() Chris Wilson
2020-04-22 7:20 ` [Intel-gfx] " Chris Wilson
2020-04-22 7:28 ` Chris Wilson
2020-04-22 7:28 ` [Intel-gfx] " Chris Wilson
2020-04-22 8:12 ` [Intel-gfx] ✓ Fi.CI.BAT: success for drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() (rev2) Patchwork
2020-04-22 9:12 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
2020-04-22 13:59 ` [Intel-gfx] [PATCH] drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() Tvrtko Ursulin
2020-04-22 13:59 ` Tvrtko Ursulin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.