From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
To: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>,
intel-gfx@lists.freedesktop.org
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Subject: Re: [Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission
Date: Mon, 21 Jun 2021 15:28:02 +0200 [thread overview]
Message-ID: <5caf2c40-1a88-2b9c-c867-4abc849457f6@linux.intel.com> (raw)
In-Reply-To: <ecadb3a4-fb8a-9533-81ad-6b2daaaa9fa6@linux.intel.com>
Op 21-06-2021 om 15:20 schreef Tvrtko Ursulin:
>
> On 21/06/2021 14:12, Tvrtko Ursulin wrote:
>>
>> On 21/06/2021 14:07, Maarten Lankhorst wrote:
>>> Op 21-06-2021 om 14:52 schreef Tvrtko Ursulin:
>>>>
>>>> On 21/06/2021 13:08, Tvrtko Ursulin wrote:
>>>>>
>>>>> I had some questions on the trybot mailing list, let me copy&paste..
>>>>>
>>>>> On 21/06/2021 12:41, Maarten Lankhorst wrote:
>>>>>> It doesn't work for legacy ring submission, and is in the best case
>>>>>> ignored.
>>>>>
>>>>> Looks rejected instead of ignored:
>>>>>
>>>>> static int set_ringsize(struct i915_gem_context *ctx,
>>>>> struct drm_i915_gem_context_param *args)
>>>>> {
>>>>> if (!HAS_LOGICAL_RING_CONTEXTS(ctx->i915))
>>>>> return -ENODEV;
>>>>>>
>>>>>> In the worst case we end up freeing engine->legacy.ring for all other
>>>>>> active engines, resulting in a use-after-free.
>>>>>
>>>>> Worst case is cloning because ring_context_alloc is not taking a reference to engine->legacy.ring, or something else?
>>>>
>>>> No can't be that, it was my incomplete analysis last week. Since ring_context_destroy does not actually free the legacy ring I don't see any use after free paths.
>>>>
>>>> Regards,
>>>
>>> Hmm, it gets stuck inside intel_context_set_ring_size when cloning engines..
>>>
>>> I guess it can't happen in practice, just the code introduces the race by preallocating
>>> inside intel_context_lock_pinned()..
>>
>> "The code" being the rest of your series? Haven't looked in there, but can't find a problem in upstream. Since as you say, copy_ring_size will run but intel_context_set_ring_size will not free-and-allocate old/new ring since cloned context does not have a state allocated yet.
>
> P.S. Putting a HAS_LOGICAL_RING_CONTEXTS check in copy_ring_size would be a bit unfortunate because layering is a bit broken at the moment and that wouldn't make it better.
>
> To clarify my thinking: At the moment allocating the ring is responsibility of a backend specific hook. Apart from the generic intel_context_set_ring_size which breaks that by allocating in the layer above the backend. So proper fix could be to introduce backend specific hooks for ring allocation/freeing.
>
> *If* you need to allocate the state so early.. not sure about that. I'd first need to understand why. If you say it is a race then it was all accidental?
I noticed it mostly when debugging. I fixed it currenly by not allocating state in set_ring_size unnecessarily, hence this patch is no longer needed. :)
So if that's the only thing, I can just drop this patch entirely.
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2021-06-21 13:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 11:41 [Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission Maarten Lankhorst
2021-06-21 11:41 ` [Intel-gfx] [PATCH 2/3] drm/i915: Use intel_context->pin_mutex only for context allocation Maarten Lankhorst
2021-06-21 11:41 ` [Intel-gfx] [PATCH 3/3] drm/i915: Remove intel_context->ops->(pre_pin/post_unpin) Maarten Lankhorst
2021-06-21 12:08 ` [Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission Tvrtko Ursulin
2021-06-21 12:49 ` Maarten Lankhorst
2021-06-21 12:52 ` Tvrtko Ursulin
2021-06-21 13:07 ` Maarten Lankhorst
2021-06-21 13:12 ` Tvrtko Ursulin
2021-06-21 13:20 ` Tvrtko Ursulin
2021-06-21 13:28 ` Maarten Lankhorst [this message]
2021-06-21 12:14 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for series starting with [1/3] " Patchwork
2021-06-21 12:45 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-06-21 15:04 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5caf2c40-1a88-2b9c-c867-4abc849457f6@linux.intel.com \
--to=maarten.lankhorst@linux.intel.com \
--cc=chris@chris-wilson.co.uk \
--cc=intel-gfx@lists.freedesktop.org \
--cc=tvrtko.ursulin@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.