From: Gustavo Padovan <gustavo@padovan.org>
To: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Daniel Vetter <daniel.vetter@intel.com>,
intel-gfx@lists.freedesktop.org,
Sumit Semwal <sumit.semwal@linaro.org>,
dri-devel@lists.freedesktop.org
Subject: Re: [PATCH] dma-buf/fence: Avoid use of uninitialised timestamp
Date: Fri, 14 Jul 2017 16:20:19 -0300 [thread overview]
Message-ID: <20170714192019.GA19264@jade> (raw)
In-Reply-To: <149979298144.26523.16320053072903900783@mail.alporthouse.com>
2017-07-11 Chris Wilson <chris@chris-wilson.co.uk>:
> Quoting Chris Wilson (2017-02-14 12:40:01)
> > [ 236.821534] WARNING: kmemcheck: Caught 64-bit read from uninitialized memory (ffff8802538683d0)
> > [ 236.828642] 420000001e7f0000000000000000000000080000000000000000000000000000
> > [ 236.839543] i i i i u u u u i i i i i i i i u u u u u u u u u u u u u u u u
> > [ 236.850420] ^
> > [ 236.854123] RIP: 0010:[<ffffffff81396f07>] [<ffffffff81396f07>] fence_signal+0x17/0xd0
> > [ 236.861313] RSP: 0018:ffff88024acd7ba0 EFLAGS: 00010282
> > [ 236.865027] RAX: ffffffff812f6a90 RBX: ffff8802527ca800 RCX: ffff880252cb30e0
> > [ 236.868801] RDX: ffff88024ac5d918 RSI: ffff880252f780e0 RDI: ffff880253868380
> > [ 236.872579] RBP: ffff88024acd7bc0 R08: ffff88024acd7be0 R09: 0000000000000000
> > [ 236.876407] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880253868380
> > [ 236.880185] R13: ffff8802538684d0 R14: ffff880253868380 R15: ffff88024cd48e00
> > [ 236.883983] FS: 00007f1646d1a740(0000) GS:ffff88025d000000(0000) knlGS:0000000000000000
> > [ 236.890959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 236.894702] CR2: ffff880251360318 CR3: 000000024ad21000 CR4: 00000000001406f0
> > [ 236.898481] [<ffffffff8130d1ad>] i915_gem_request_retire+0x1cd/0x230
> > [ 236.902439] [<ffffffff8130e2b3>] i915_gem_request_alloc+0xa3/0x2f0
> > [ 236.906435] [<ffffffff812fb1bd>] i915_gem_do_execbuffer.isra.41+0xb6d/0x18b0
> > [ 236.910434] [<ffffffff812fc265>] i915_gem_execbuffer2+0x95/0x1e0
> > [ 236.914390] [<ffffffff812ad625>] drm_ioctl+0x1e5/0x460
> > [ 236.918275] [<ffffffff8110d4cf>] do_vfs_ioctl+0x8f/0x5c0
> > [ 236.922168] [<ffffffff8110da3c>] SyS_ioctl+0x3c/0x70
> > [ 236.926090] [<ffffffff814b7a5f>] entry_SYSCALL_64_fastpath+0x17/0x93
> > [ 236.930045] [<ffffffffffffffff>] 0xffffffffffffffff
>
> Ah something that I didn't take into account, and indeed gives this a bit
> more urgency than I realised, is that the timestamp is exposed to
> userspace. As such we are feeding it garbage, at best.
>
> The trivial option is just to clear it in dma_fence_init(). I still have
> the slight preference for the extra complication here (for the reader) as
> it should be quicker for the more common path of signaling the fence.
>
> > We only set the timestamp before we mark the fence as signaled. It is
> > done before to avoid observers having a window in which they may see the
> > fence as complete but no timestamp. Having it does incur a potential for
> > the timestamp to be written twice, and even for it to be corrupted if
> > the u64 write is not atomic. Instead use a new bit to record the
> > presence of the timestamp, and teach the readers to wait until it is set
> > if the fence is complete. There still remains a race where the timestamp
> > for the signaled fence may be shown before the fence is reported as
> > signaled, but that's a pre-existing error.
>
> Now deserves a
> Reported-by: Rafael Antognolli <rafael.antognolli@intel.com>
>
> > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> > Cc: Sumit Semwal <sumit.semwal@linaro.org>
> > Cc: Gustavo Padovan <gustavo@padovan.org>
> > Cc: Daniel Vetter <daniel.vetter@intel.com>
> Cc: Rafael Antognolli <rafael.antognolli@intel.com>
>
> > ---
> > drivers/dma-buf/dma-fence.c | 17 ++++++-----------
> > drivers/dma-buf/sync_debug.c | 2 +-
> > drivers/dma-buf/sync_file.c | 8 +++++++-
> > include/linux/dma-fence.h | 2 ++
> > 4 files changed, 16 insertions(+), 13 deletions(-)
Finally pushed this one to drm-misc-fixes. Thanks.
Gustavo
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
prev parent reply other threads:[~2017-07-14 19:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-14 12:40 [PATCH] dma-buf/fence: Avoid use of uninitialised timestamp Chris Wilson
2017-02-14 13:40 ` Gustavo Padovan
2017-02-14 13:52 ` Chris Wilson
2017-02-14 14:22 ` Gustavo Padovan
2017-02-14 14:28 ` Chris Wilson
2017-02-14 15:52 ` ✓ Fi.CI.BAT: success for " Patchwork
2017-07-11 17:09 ` [PATCH] " Chris Wilson
2017-07-14 19:20 ` Gustavo Padovan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170714192019.GA19264@jade \
--to=gustavo@padovan.org \
--cc=chris@chris-wilson.co.uk \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=sumit.semwal@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox