From: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
To: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
intel-gfx@lists.freedesktop.org
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Subject: Re: [Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission
Date: Mon, 21 Jun 2021 14:12:27 +0100 [thread overview]
Message-ID: <7c012b08-eebc-ceba-7fa7-be2a0a830b25@linux.intel.com> (raw)
In-Reply-To: <1d7486eb-27df-17cd-e4a6-3ac45ecf7a36@linux.intel.com>
On 21/06/2021 14:07, Maarten Lankhorst wrote:
> Op 21-06-2021 om 14:52 schreef Tvrtko Ursulin:
>>
>> On 21/06/2021 13:08, Tvrtko Ursulin wrote:
>>>
>>> I had some questions on the trybot mailing list, let me copy&paste..
>>>
>>> On 21/06/2021 12:41, Maarten Lankhorst wrote:
>>>> It doesn't work for legacy ring submission, and is in the best case
>>>> ignored.
>>>
>>> Looks rejected instead of ignored:
>>>
>>> static int set_ringsize(struct i915_gem_context *ctx,
>>> struct drm_i915_gem_context_param *args)
>>> {
>>> if (!HAS_LOGICAL_RING_CONTEXTS(ctx->i915))
>>> return -ENODEV;
>>>>
>>>> In the worst case we end up freeing engine->legacy.ring for all other
>>>> active engines, resulting in a use-after-free.
>>>
>>> Worst case is cloning because ring_context_alloc is not taking a reference to engine->legacy.ring, or something else?
>>
>> No can't be that, it was my incomplete analysis last week. Since ring_context_destroy does not actually free the legacy ring I don't see any use after free paths.
>>
>> Regards,
>
> Hmm, it gets stuck inside intel_context_set_ring_size when cloning engines..
>
> I guess it can't happen in practice, just the code introduces the race by preallocating
> inside intel_context_lock_pinned()..
"The code" being the rest of your series? Haven't looked in there, but
can't find a problem in upstream. Since as you say, copy_ring_size will
run but intel_context_set_ring_size will not free-and-allocate old/new
ring since cloned context does not have a state allocated yet.
Regards,
Tvrtko
> copy_ring_size() should only be called for HAS_LOGICAL_RING_CONTEXTS().
> I guess that makes this patch obsolete. It can safely be dropped from the series,
> I think I should probably introduce a check to only set the size when HAS_LOGICAL_RING_CONTEXTS
> evaluates to true, but that wouldn't block the rest of this series.
>
> ~Maarten
>
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2021-06-21 13:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 11:41 [Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission Maarten Lankhorst
2021-06-21 11:41 ` [Intel-gfx] [PATCH 2/3] drm/i915: Use intel_context->pin_mutex only for context allocation Maarten Lankhorst
2021-06-21 11:41 ` [Intel-gfx] [PATCH 3/3] drm/i915: Remove intel_context->ops->(pre_pin/post_unpin) Maarten Lankhorst
2021-06-21 12:08 ` [Intel-gfx] [PATCH 1/3] drm/i915/gt: Do not allow setting ring size for legacy ring submission Tvrtko Ursulin
2021-06-21 12:49 ` Maarten Lankhorst
2021-06-21 12:52 ` Tvrtko Ursulin
2021-06-21 13:07 ` Maarten Lankhorst
2021-06-21 13:12 ` Tvrtko Ursulin [this message]
2021-06-21 13:20 ` Tvrtko Ursulin
2021-06-21 13:28 ` Maarten Lankhorst
2021-06-21 12:14 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for series starting with [1/3] " Patchwork
2021-06-21 12:45 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-06-21 15:04 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7c012b08-eebc-ceba-7fa7-be2a0a830b25@linux.intel.com \
--to=tvrtko.ursulin@linux.intel.com \
--cc=chris@chris-wilson.co.uk \
--cc=intel-gfx@lists.freedesktop.org \
--cc=maarten.lankhorst@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox