Re: [PATCH] drm/i915: Gracefully handle obj not bound to GGTT in is_pin_display

public inbox for intel-gfx@lists.freedesktop.org
 help / color / mirror / Atom feed

From: Daniel Vetter <daniel@ffwll.ch>
To: "Mateo Lozano, Oscar" <oscar.mateo@intel.com>
Cc: "intel-gfx@lists.freedesktop.org" <intel-gfx@lists.freedesktop.org>
Subject: Re: [PATCH] drm/i915: Gracefully handle obj not bound to GGTT in is_pin_display
Date: Mon, 12 May 2014 18:14:53 +0200	[thread overview]
Message-ID: <20140512161453.GI25056@phenom.ffwll.local> (raw)
In-Reply-To: <20140512161118.GH25056@phenom.ffwll.local>

On Mon, May 12, 2014 at 06:11:18PM +0200, Daniel Vetter wrote:
> On Mon, May 12, 2014 at 09:05:45AM +0000, Mateo Lozano, Oscar wrote:
> > Hi Daniel,
> > 
> > Sorry, this fell through the cracks:
> > 
> > > Subject: Re: [Intel-gfx] [PATCH] drm/i915: Gracefully handle obj not bound to
> > > GGTT in is_pin_display
> > > 
> > > On Wed, Apr 02, 2014 at 07:21:01PM +0100, oscar.mateo@intel.com wrote:
> > > > From: Oscar Mateo <oscar.mateo@intel.com>
> > > >
> > > > Otherwise, we do a NULL pointer dereference.
> > > >
> > > > I've seen this happen while handling an error in
> > > > i915_gem_object_pin_to_display_plane():
> > > >
> > > > If i915_gem_object_set_cache_level() fails, we call is_pin_display()
> > > > to handle the error. At this point, the object is still not pinned to
> > > > GGTT and maybe not even bound, so we have to check before we
> > > > dereference its GGTT vma.
> > > >
> > > > Issue: VIZ-3772
> > > > Signed-off-by: Oscar Mateo <oscar.mateo@intel.com>
> > > 
> > > Have you looked into provoking this with an igt testcase? On a hunch a busy
> > > load (to extend the race window) plus the usual interruptor trick to jump out of
> > > wait_seqno calls should be able to make this go kaboom on command. But I
> > > haven't analyzed the bug in detail.
> > 
> > AFAICT, the only sequence where this likely to happen (because we are handling a recently created object) is:
> > 
> > intelfb_alloc -> intel_pin_and_fence_fb_obj -> i915_gem_object_pin_to_display_plane -> i915_gem_object_set_cache_level -> is_pin_display
> 
> Pageflipping to a freshly allocated BO without ever touching it beforehand
> should be able to achive the same. If this is really all that's needed.
> 
> But looking at the code a better way should be:
> 1. Create new bo, wrap it in a kms fb.
> 2. Slap busy load onto that bo, e.g. reapeatedly fill it with the blitter.
> 3. Enable evil interruptor (igt_fork_signal_helper).
> 4. Submit pageflip
> 
> -> Boom since the set_cache_level will block, get interrupted and exit
> early with -EINTR.
> 
> Given sufficient overkill in 2. this should be 100% reliable to reproduce.

Aside: Those kinds of tricks are a big reason why I think igts aren't just
useful as testcases, but also to really understand how a bug comes about.
At least ime finally figuring out the last ingredient to make an igt fully
reliably often resulted in a suddenly much clearer understanding of the
bug at hand.

I call this "review by asking for an igt" ;-)
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch

next prev parent reply	other threads:[~2014-05-12 16:14 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-02 18:21 [PATCH] drm/i915: Gracefully handle obj not bound to GGTT in is_pin_display oscar.mateo
2014-04-02 17:59 ` Chris Wilson
2014-04-03  9:34 ` Daniel Vetter
2014-05-12  9:05   ` Mateo Lozano, Oscar
2014-05-12 10:09     ` Chris Wilson
2014-05-12 10:30       ` Mateo Lozano, Oscar
2014-05-12 10:37         ` Chris Wilson
2014-05-12 16:11     ` Daniel Vetter
2014-05-12 16:14       ` Daniel Vetter [this message]
2014-05-12 17:10         ` Mateo Lozano, Oscar
2014-05-15 13:14         ` Mateo Lozano, Oscar
2014-05-15 13:33           ` Ville Syrjälä
2014-05-16 10:43             ` Mateo Lozano, Oscar
2014-05-15 13:45           ` Daniel Vetter
2014-05-16 11:08 ` [PATCH v2] " oscar.mateo
2014-05-16 11:26   ` Chris Wilson
2014-05-16 13:20   ` [PATCH v3] " oscar.mateo
2014-05-16 14:25     ` Daniel Vetter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140512161453.GI25056@phenom.ffwll.local \
    --to=daniel@ffwll.ch \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=oscar.mateo@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox