From: Peter Senna Tschudin <me@petersenna.com>
To: igt-dev@lists.freedesktop.org, kamil.konieczny@linux.intel.com,
andi.shyti@linux.intel.com
Subject: [PATCH i-g-t v6 1/2] tests/intel/gem_exec_capture: Fix many-* subtests
Date: Sat, 30 Mar 2024 15:19:31 +0100 [thread overview]
Message-ID: <20240330141951.84598-1-me@petersenna.com> (raw)
In-Reply-To: <20240327065928.5522-1-me@petersenna.com>
Currently trying to run `gem_exec_capture --run-subtest
many-4K-incremental` or `gem_exec_capture --run-subtest many-4K-zero`
will fail with:
(gem_exec_capture:81999) i915/gem_engine_topology-CRITICAL: Test
assertion failure function gem_engine_properties_configure, file
../lib/i915/gem_engine_topology.c:577:
(gem_exec_capture:81999) i915/gem_engine_topology-CRITICAL: Failed assertion: ret == 1
(gem_exec_capture:81999) i915/gem_engine_topology-CRITICAL: Last errno: 9, Bad file descriptor
(gem_exec_capture:81999) i915/gem_engine_topology-CRITICAL: error: -1 != 1
This problem happens inside the macro find_first_available_engine()
when:
1. for_each_ctx_engine() allocates an struct intel_engine_data 'ed'
inside a for loop. The core of the issue is that ed only exists
inside the for loop. As soon as the for loop ends, ed is out of scope
and after it's lifetime.
2. intel_get_current_engine() sets '*e' to an address of ed. This is ok
while inside the for loop, and is undefined behavior after the for
loop ends.
3. configure_hangs() uses '*e' after the lifetime of 'ed' has ended
leading to undefined behavior
4. After the call to find_first_available_engine() __captureN() will
fail as it expects '*e' to be valid. This is also undefined
behavior.
This patch fixes the issue in two steps:
1. Moves the call to configure_hangs() to inside the for loop, where
'*e' is valid because there are no issues with scope and lifetime of
'ed'.
2. Adds `e = &saved.engine;` to the end of
find_first_available_engine(). The reason why this works is twofold:
First 'saved' has the same content as e had when there were no
variable scope and lifetime issues. Second both '*e' and 'saved' are
defined in many() meaning that they both have the same scope and
lifetime.
v6: new commit message; moves igt_assert(e); to before the call to
configure_hangs(). This check is there because '*e' is set by
intel_get_current_engine() which will return NULL if ed->n >=
ed->nengines.
Signed-off-by: Peter Senna Tschudin <me@petersenna.com>
---
tests/intel/gem_exec_capture.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/tests/intel/gem_exec_capture.c b/tests/intel/gem_exec_capture.c
index 57b178f3e..a8348f21b 100644
--- a/tests/intel/gem_exec_capture.c
+++ b/tests/intel/gem_exec_capture.c
@@ -665,10 +665,12 @@ static bool needs_recoverable_ctx(int fd)
ctx = intel_ctx_create_all_physical(fd); \
igt_assert(ctx); \
for_each_ctx_engine(fd, ctx, e) \
- for_each_if(gem_class_can_store_dword(fd, e->class)) \
+ for_each_if(gem_class_can_store_dword(fd, e->class)) { \
+ igt_assert(e); \
+ saved = configure_hangs(fd, e, ctx->id); \
break; \
- igt_assert(e); \
- saved = configure_hangs(fd, e, ctx->id); \
+ } \
+ e = &saved.engine; \
} while(0)
static void many(int fd, int dir, uint64_t size, unsigned int flags)
--
2.44.0
next prev parent reply other threads:[~2024-03-30 14:20 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-27 6:59 [PATCH i-g-t v4] Fix memory access issue due to variable block scope Peter Senna Tschudin
2024-03-27 7:51 ` ✓ CI.xeBAT: success for Fix memory access issue due to variable block scope (rev4) Patchwork
2024-03-27 7:59 ` ✗ Fi.CI.BAT: failure " Patchwork
2024-03-27 18:43 ` [PATCH i-g-t v4] Fix memory access issue due to variable block scope Kamil Konieczny
2024-03-28 6:55 ` Peter Senna Tschudin
2024-03-28 7:10 ` Peter Senna Tschudin
2024-03-28 6:27 ` ✗ GitLab.Pipeline: warning for Fix memory access issue due to variable block scope (rev5) Patchwork
2024-03-28 7:03 ` ✓ CI.xeBAT: success " Patchwork
2024-03-28 12:42 ` [PATCH i-g-t v5] tests/intel/gem_exec_capture: Fix many-* subtests Peter Senna Tschudin
2024-03-28 15:49 ` Kamil Konieczny
2024-03-30 14:26 ` Peter Senna Tschudin
2024-03-28 18:59 ` ✗ Fi.CI.BAT: failure for Fix memory access issue due to variable block scope (rev6) Patchwork
2024-03-30 14:19 ` Peter Senna Tschudin [this message]
2024-03-30 14:19 ` [PATCH i-g-t v6 2/2] Skip the test when no engines are found Peter Senna Tschudin
2024-04-02 16:17 ` Kamil Konieczny
2024-04-03 13:58 ` Peter Senna Tschudin
2024-04-02 16:06 ` [PATCH i-g-t v6 1/2] tests/intel/gem_exec_capture: Fix many-* subtests Kamil Konieczny
2024-03-30 15:02 ` ✓ CI.xeBAT: success for Fix memory access issue due to variable block scope (rev7) Patchwork
2024-03-30 15:03 ` ✗ Fi.CI.BAT: failure " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240330141951.84598-1-me@petersenna.com \
--to=me@petersenna.com \
--cc=andi.shyti@linux.intel.com \
--cc=igt-dev@lists.freedesktop.org \
--cc=kamil.konieczny@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox