* [PATCH] drm/radeon: fix race condition in radeon_crtc_page_flip
@ 2014-06-18 17:11 Christian König
2014-06-19 3:49 ` Michel Dänzer
0 siblings, 1 reply; 3+ messages in thread
From: Christian König @ 2014-06-18 17:11 UTC (permalink / raw)
To: stable; +Cc: dri-devel
From: Christian König <christian.koenig@amd.com>
radeon_crtc_handle_flip can be called concurrently and if
we set the unpin_work to early try to flip an unpinned BO or
worse.
Signed-off-by: Christian König <christian.koenig@amd.com>
Cc: stable@vger.kernel.org
---
drivers/gpu/drm/radeon/radeon_display.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
index 356b733..cf22741 100644
--- a/drivers/gpu/drm/radeon/radeon_display.c
+++ b/drivers/gpu/drm/radeon/radeon_display.c
@@ -393,17 +393,6 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
INIT_WORK(&work->work, radeon_unpin_work_func);
- /* We borrow the event spin lock for protecting unpin_work */
- spin_lock_irqsave(&dev->event_lock, flags);
- if (radeon_crtc->unpin_work) {
- DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
- r = -EBUSY;
- goto unlock_free;
- }
- radeon_crtc->unpin_work = work;
- radeon_crtc->deferred_flip_completion = 0;
- spin_unlock_irqrestore(&dev->event_lock, flags);
-
/* pin the new buffer */
DRM_DEBUG_DRIVER("flip-ioctl() cur_fbo = %p, cur_bbo = %p\n",
work->old_rbo, rbo);
@@ -461,10 +450,6 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
base &= ~7;
}
- spin_lock_irqsave(&dev->event_lock, flags);
- work->new_crtc_base = base;
- spin_unlock_irqrestore(&dev->event_lock, flags);
-
/* update crtc fb */
crtc->primary->fb = fb;
@@ -477,6 +462,22 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
/* set the proper interrupt */
radeon_pre_page_flip(rdev, radeon_crtc->crtc_id);
+ /* We borrow the event spin lock for protecting unpin_work */
+ spin_lock_irqsave(&dev->event_lock, flags);
+ if (radeon_crtc->unpin_work) {
+ spin_unlock_irqrestore(&dev->event_lock, flags);
+ radeon_post_page_flip(rdev, radeon_crtc->crtc_id);
+ drm_vblank_put(dev, radeon_crtc->crtc_id);
+
+ DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
+ r = -EBUSY;
+ goto pflip_cleanup1;
+ }
+ radeon_crtc->unpin_work = work;
+ radeon_crtc->deferred_flip_completion = 0;
+ work->new_crtc_base = base;
+ spin_unlock_irqrestore(&dev->event_lock, flags);
+
return 0;
pflip_cleanup1:
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] drm/radeon: fix race condition in radeon_crtc_page_flip
2014-06-18 17:11 [PATCH] drm/radeon: fix race condition in radeon_crtc_page_flip Christian König
@ 2014-06-19 3:49 ` Michel Dänzer
2014-06-19 9:25 ` Christian König
0 siblings, 1 reply; 3+ messages in thread
From: Michel Dänzer @ 2014-06-19 3:49 UTC (permalink / raw)
To: Christian König; +Cc: dri-devel, stable
This patch only applies to 3.15, right?
On 19.06.2014 02:11, Christian König wrote:
> From: Christian König <christian.koenig@amd.com>
>
> radeon_crtc_handle_flip can be called concurrently and if
> we set the unpin_work to early try to flip an unpinned BO or
> worse.
Spelling: 'too early'
Maybe something like:
radeon_crtc_handle_flip can be called concurrently, and if
we set the unpin_work too early, it may try to flip an unpinned BO or
worse.
> Signed-off-by: Christian König <christian.koenig@amd.com>
> Cc: stable@vger.kernel.org
> ---
> drivers/gpu/drm/radeon/radeon_display.c | 31 ++++++++++++++++---------------
> 1 file changed, 16 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
> index 356b733..cf22741 100644
> --- a/drivers/gpu/drm/radeon/radeon_display.c
> +++ b/drivers/gpu/drm/radeon/radeon_display.c
> @@ -393,17 +393,6 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
>
> INIT_WORK(&work->work, radeon_unpin_work_func);
>
> - /* We borrow the event spin lock for protecting unpin_work */
> - spin_lock_irqsave(&dev->event_lock, flags);
> - if (radeon_crtc->unpin_work) {
> - DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
> - r = -EBUSY;
> - goto unlock_free;
> - }
> - radeon_crtc->unpin_work = work;
> - radeon_crtc->deferred_flip_completion = 0;
> - spin_unlock_irqrestore(&dev->event_lock, flags);
> -
> /* pin the new buffer */
> DRM_DEBUG_DRIVER("flip-ioctl() cur_fbo = %p, cur_bbo = %p\n",
> work->old_rbo, rbo);
> @@ -461,10 +450,6 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
> base &= ~7;
> }
>
> - spin_lock_irqsave(&dev->event_lock, flags);
> - work->new_crtc_base = base;
> - spin_unlock_irqrestore(&dev->event_lock, flags);
> -
> /* update crtc fb */
> crtc->primary->fb = fb;
>
> @@ -477,6 +462,22 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
> /* set the proper interrupt */
> radeon_pre_page_flip(rdev, radeon_crtc->crtc_id);
>
> + /* We borrow the event spin lock for protecting unpin_work */
> + spin_lock_irqsave(&dev->event_lock, flags);
> + if (radeon_crtc->unpin_work) {
> + spin_unlock_irqrestore(&dev->event_lock, flags);
> + radeon_post_page_flip(rdev, radeon_crtc->crtc_id);
> + drm_vblank_put(dev, radeon_crtc->crtc_id);
> +
> + DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
> + r = -EBUSY;
> + goto pflip_cleanup1;
> + }
> + radeon_crtc->unpin_work = work;
> + radeon_crtc->deferred_flip_completion = 0;
> + work->new_crtc_base = base;
> + spin_unlock_irqrestore(&dev->event_lock, flags);
> +
This introduces a path where crtc->primary->fb is updated, but then we
return -EBUSY.
It also introduces a warning:
drivers/gpu/drm/radeon/radeon_display.c: In function ‘radeon_crtc_page_flip’:
drivers/gpu/drm/radeon/radeon_display.c:496:1: warning: label ‘unlock_free’ defined but not used [-Wunused-label]
unlock_free:
^
Apart from that, looks good.
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] drm/radeon: fix race condition in radeon_crtc_page_flip
2014-06-19 3:49 ` Michel Dänzer
@ 2014-06-19 9:25 ` Christian König
0 siblings, 0 replies; 3+ messages in thread
From: Christian König @ 2014-06-19 9:25 UTC (permalink / raw)
To: Michel Dänzer; +Cc: dri-devel, stable
Am 19.06.2014 05:49, schrieb Michel Dänzer:
> This patch only applies to 3.15, right?
Yes correct. For 3.16 we have the reworked flip which I think is still a
good idea to keep for now.
I've addresses your comments and send out a v2 to the list CCing you,
please review.
Thanks,
Christian.
>
>
> On 19.06.2014 02:11, Christian König wrote:
>> From: Christian König <christian.koenig@amd.com>
>>
>> radeon_crtc_handle_flip can be called concurrently and if
>> we set the unpin_work to early try to flip an unpinned BO or
>> worse.
> Spelling: 'too early'
>
> Maybe something like:
>
> radeon_crtc_handle_flip can be called concurrently, and if
> we set the unpin_work too early, it may try to flip an unpinned BO or
> worse.
>
>
>> Signed-off-by: Christian König <christian.koenig@amd.com>
>> Cc: stable@vger.kernel.org
>> ---
>> drivers/gpu/drm/radeon/radeon_display.c | 31 ++++++++++++++++---------------
>> 1 file changed, 16 insertions(+), 15 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
>> index 356b733..cf22741 100644
>> --- a/drivers/gpu/drm/radeon/radeon_display.c
>> +++ b/drivers/gpu/drm/radeon/radeon_display.c
>> @@ -393,17 +393,6 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
>>
>> INIT_WORK(&work->work, radeon_unpin_work_func);
>>
>> - /* We borrow the event spin lock for protecting unpin_work */
>> - spin_lock_irqsave(&dev->event_lock, flags);
>> - if (radeon_crtc->unpin_work) {
>> - DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
>> - r = -EBUSY;
>> - goto unlock_free;
>> - }
>> - radeon_crtc->unpin_work = work;
>> - radeon_crtc->deferred_flip_completion = 0;
>> - spin_unlock_irqrestore(&dev->event_lock, flags);
>> -
>> /* pin the new buffer */
>> DRM_DEBUG_DRIVER("flip-ioctl() cur_fbo = %p, cur_bbo = %p\n",
>> work->old_rbo, rbo);
>> @@ -461,10 +450,6 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
>> base &= ~7;
>> }
>>
>> - spin_lock_irqsave(&dev->event_lock, flags);
>> - work->new_crtc_base = base;
>> - spin_unlock_irqrestore(&dev->event_lock, flags);
>> -
>> /* update crtc fb */
>> crtc->primary->fb = fb;
>>
>> @@ -477,6 +462,22 @@ static int radeon_crtc_page_flip(struct drm_crtc *crtc,
>> /* set the proper interrupt */
>> radeon_pre_page_flip(rdev, radeon_crtc->crtc_id);
>>
>> + /* We borrow the event spin lock for protecting unpin_work */
>> + spin_lock_irqsave(&dev->event_lock, flags);
>> + if (radeon_crtc->unpin_work) {
>> + spin_unlock_irqrestore(&dev->event_lock, flags);
>> + radeon_post_page_flip(rdev, radeon_crtc->crtc_id);
>> + drm_vblank_put(dev, radeon_crtc->crtc_id);
>> +
>> + DRM_DEBUG_DRIVER("flip queue: crtc already busy\n");
>> + r = -EBUSY;
>> + goto pflip_cleanup1;
>> + }
>> + radeon_crtc->unpin_work = work;
>> + radeon_crtc->deferred_flip_completion = 0;
>> + work->new_crtc_base = base;
>> + spin_unlock_irqrestore(&dev->event_lock, flags);
>> +
> This introduces a path where crtc->primary->fb is updated, but then we
> return -EBUSY.
>
>
> It also introduces a warning:
>
> drivers/gpu/drm/radeon/radeon_display.c: In function ‘radeon_crtc_page_flip’:
> drivers/gpu/drm/radeon/radeon_display.c:496:1: warning: label ‘unlock_free’ defined but not used [-Wunused-label]
> unlock_free:
> ^
>
>
> Apart from that, looks good.
>
>
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-06-19 9:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-18 17:11 [PATCH] drm/radeon: fix race condition in radeon_crtc_page_flip Christian König
2014-06-19 3:49 ` Michel Dänzer
2014-06-19 9:25 ` Christian König
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.