Re: [PATCH v15 17/23] drm/shmem-helper: Add and use drm_gem_shmem_resv_assert_held() helper

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Boris Brezillon <boris.brezillon@collabora.com>
To: "Christian König" <christian.koenig@amd.com>
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>,
	David Airlie <airlied@gmail.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Gurchetan Singh <gurchetansingh@chromium.org>,
	Chia-I Wu <olvaffe@gmail.com>, Daniel Vetter <daniel@ffwll.ch>,
	Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
	Maxime Ripard <mripard@kernel.org>,
	Thomas Zimmermann <tzimmermann@suse.de>,
	Qiang Yu <yuq825@gmail.com>, Steven Price <steven.price@arm.com>,
	Emma Anholt <emma@anholt.net>, Melissa Wen <mwen@igalia.com>,
	Will Deacon <will@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Boqun Feng <boqun.feng@gmail.com>,
	Mark Rutland <mark.rutland@arm.com>,
	dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
	kernel@collabora.com, virtualization@lists.linux-foundation.org,
	intel-gfx@lists.freedesktop.org
Subject: Re: [PATCH v15 17/23] drm/shmem-helper: Add and use drm_gem_shmem_resv_assert_held() helper
Date: Tue, 29 Aug 2023 11:44:13 +0200	[thread overview]
Message-ID: <20230829114413.7adc9709@collabora.com> (raw)
In-Reply-To: <0ff9b35a-3a44-6221-3017-e9efab2d33f2@amd.com>

On Tue, 29 Aug 2023 10:52:03 +0200
Christian König <christian.koenig@amd.com> wrote:

> Am 29.08.23 um 09:29 schrieb Boris Brezillon:
> > On Tue, 29 Aug 2023 05:34:23 +0300
> > Dmitry Osipenko <dmitry.osipenko@collabora.com> wrote:
> >  
> >> On 8/28/23 13:12, Boris Brezillon wrote:  
> >>> On Sun, 27 Aug 2023 20:54:43 +0300
> >>> Dmitry Osipenko <dmitry.osipenko@collabora.com> wrote:
> >>>      
> >>>> In a preparation of adding drm-shmem memory shrinker, move all reservation
> >>>> locking lockdep checks to use new drm_gem_shmem_resv_assert_held() that
> >>>> will resolve spurious lockdep warning about wrong locking order vs
> >>>> fs_reclam code paths during freeing of shmem GEM, where lockdep isn't
> >>>> aware that it's impossible to have locking contention with the fs_reclam
> >>>> at this special time.
> >>>>
> >>>> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
> >>>> ---
> >>>>   drivers/gpu/drm/drm_gem_shmem_helper.c | 37 +++++++++++++++++---------
> >>>>   1 file changed, 25 insertions(+), 12 deletions(-)
> >>>>
> >>>> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
> >>>> index d96fee3d6166..ca5da976aafa 100644
> >>>> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
> >>>> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
> >>>> @@ -128,6 +128,23 @@ struct drm_gem_shmem_object *drm_gem_shmem_create(struct drm_device *dev, size_t
> >>>>   }
> >>>>   EXPORT_SYMBOL_GPL(drm_gem_shmem_create);
> >>>>   
> >>>> +static void drm_gem_shmem_resv_assert_held(struct drm_gem_shmem_object *shmem)
> >>>> +{
> >>>> +	/*
> >>>> +	 * Destroying the object is a special case.. drm_gem_shmem_free()
> >>>> +	 * calls many things that WARN_ON if the obj lock is not held.  But
> >>>> +	 * acquiring the obj lock in drm_gem_shmem_free() can cause a locking
> >>>> +	 * order inversion between reservation_ww_class_mutex and fs_reclaim.
> >>>> +	 *
> >>>> +	 * This deadlock is not actually possible, because no one should
> >>>> +	 * be already holding the lock when drm_gem_shmem_free() is called.
> >>>> +	 * Unfortunately lockdep is not aware of this detail.  So when the
> >>>> +	 * refcount drops to zero, we pretend it is already locked.
> >>>> +	 */
> >>>> +	if (kref_read(&shmem->base.refcount))
> >>>> +		drm_gem_shmem_resv_assert_held(shmem);
> >>>> +}
> >>>> +
> >>>>   /**
> >>>>    * drm_gem_shmem_free - Free resources associated with a shmem GEM object
> >>>>    * @shmem: shmem GEM object to free
> >>>> @@ -142,8 +159,6 @@ void drm_gem_shmem_free(struct drm_gem_shmem_object *shmem)
> >>>>   	if (obj->import_attach) {
> >>>>   		drm_prime_gem_destroy(obj, shmem->sgt);
> >>>>   	} else if (!shmem->imported_sgt) {
> >>>> -		dma_resv_lock(shmem->base.resv, NULL);
> >>>> -
> >>>>   		drm_WARN_ON(obj->dev, kref_read(&shmem->vmap_use_count));
> >>>>   
> >>>>   		if (shmem->sgt) {
> >>>> @@ -156,8 +171,6 @@ void drm_gem_shmem_free(struct drm_gem_shmem_object *shmem)
> >>>>   			drm_gem_shmem_put_pages_locked(shmem);  
> >>> AFAICT, drm_gem_shmem_put_pages_locked() is the only function that's
> >>> called in the free path and would complain about resv-lock not being
> >>> held. I think I'd feel more comfortable if we were adding a
> >>> drm_gem_shmem_free_pages() function that did everything
> >>> drm_gem_shmem_put_pages_locked() does except for the lock_held() check
> >>> and the refcount dec, and have it called here (and in
> >>> drm_gem_shmem_put_pages_locked()). This way we can keep using
> >>> dma_resv_assert_held() instead of having our own variant.  
> >> It's not only drm_gem_shmem_free_pages(), but any drm-shmem function
> >> that drivers may use in the GEM's freeing callback.
> >>
> >> For example, panfrost_gem_free_object() may unpin shmem BO and then do
> >> drm_gem_shmem_free().  
> > Is this really a valid use case?  
> 
> I haven't followed the whole discussion, but I think it isn't a valid 
> use case.
> 
> That page_use_count is none zero while the GEM object is about to be 
> destroyed can only happen is someone managed to grab a reference to the 
> page without referencing the GEM object.

Actually, drm_gem_shmem_object is a bit special (weird?) in this regard.
drm_gem_shmem_get_pages_sgt_locked() creates the sgt and takes a
pages ref (pages_use_count++). The sgt itself is cached (next call to
drm_gem_shmem_get_pages_sgt_locked() will return the existing sgt) but
not refcounted, which means it will stay around until the GEM object is
destroyed or its pages are purged (GEM eviction). Because of that,
shmem->pages_use_count == 1 in drm_gem_shmem_free_pages() is valid iff
shmem->sgt != NULL. pages_use_count > 1 is invalid though, as should be
pages_pin_count after Dmitry's patches.

If we want to 'fix' that (not convinced this is a bug, more a design
choice), we need to refcount the sgt users and add
drm_gem_shmem_put_pages_sgt[_locked](), so drivers can reflect when
they're done using the sgt.

next prev parent reply	other threads:[~2023-08-29  9:45 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-27 17:54 [PATCH v15 00/23] Add generic memory shrinker to VirtIO-GPU and Panfrost DRM drivers Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 01/23] drm/shmem-helper: Fix UAF in error path when freeing SGT of imported GEM Dmitry Osipenko
2023-08-28 11:16   ` Boris Brezillon
2023-09-02 18:15     ` Dmitry Osipenko
2023-09-04  8:01       ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 02/23] drm/shmem-helper: Use flag for tracking page count bumped by get_pages_sgt() Dmitry Osipenko
2023-08-28 10:55   ` Boris Brezillon
2023-09-02 18:28     ` Dmitry Osipenko
2023-09-04  7:52       ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 03/23] drm/gem: Change locked/unlocked postfix of drm_gem_v/unmap() function names Dmitry Osipenko
2023-08-28 11:25   ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 04/23] drm/gem: Add _locked postfix to functions that have unlocked counterpart Dmitry Osipenko
2023-08-28 11:25   ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 05/23] drm/v3d: Replace open-coded drm_gem_shmem_free() with drm_gem_object_put() Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 06/23] drm/virtio: Replace " Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 07/23] drm/shmem-helper: Make all exported symbols GPL Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 08/23] drm/shmem-helper: Refactor locked/unlocked functions Dmitry Osipenko
2023-08-28 11:28   ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 09/23] drm/shmem-helper: Remove obsoleted is_iomem test Dmitry Osipenko
2023-08-28 11:29   ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 10/23] locking/refcount, kref: Add kref_put_ww_mutex() Dmitry Osipenko
2023-08-28  9:26   ` Boris Brezillon
2023-08-29  2:28     ` Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 11/23] dma-resv: Add kref_put_dma_resv() Dmitry Osipenko
2023-08-28 10:21   ` Christian König
2023-08-27 17:54 ` [PATCH v15 12/23] drm/shmem-helper: Add and use pages_pin_count Dmitry Osipenko
2023-08-28  9:38   ` Boris Brezillon
2023-08-28 11:46   ` Boris Brezillon
2023-08-29  2:30     ` Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 13/23] drm/shmem-helper: Use kref for pages_use_count Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 14/23] drm/shmem-helper: Add and use lockless drm_gem_shmem_get_pages() Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 15/23] drm/shmem-helper: Switch drm_gem_shmem_vmap/vunmap to use pin/unpin Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 16/23] drm/shmem-helper: Use kref for vmap_use_count Dmitry Osipenko
2023-08-28 10:00   ` Boris Brezillon
2023-09-02 20:22     ` Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 17/23] drm/shmem-helper: Add and use drm_gem_shmem_resv_assert_held() helper Dmitry Osipenko
2023-08-28 10:12   ` Boris Brezillon
2023-08-29  2:34     ` Dmitry Osipenko
2023-08-29  7:29       ` Boris Brezillon
2023-08-29  8:52         ` Christian König
2023-08-29  9:44           ` Boris Brezillon [this message]
2023-08-29 10:21             ` Boris Brezillon
2023-09-02 19:43         ` Dmitry Osipenko
2023-09-04  8:36           ` Boris Brezillon
2023-08-27 17:54 ` [PATCH v15 18/23] drm/shmem-helper: Add memory shrinker Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 19/23] drm/shmem-helper: Export drm_gem_shmem_get_pages_sgt_locked() Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 20/23] drm/virtio: Pin display framebuffer BO Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 21/23] drm/virtio: Attach shmem BOs dynamically Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 22/23] drm/virtio: Support memory shrinking Dmitry Osipenko
2023-08-27 17:54 ` [PATCH v15 23/23] drm/panfrost: Switch to generic memory shrinker Dmitry Osipenko
2023-08-28 14:37 ` [PATCH v15 00/23] Add generic memory shrinker to VirtIO-GPU and Panfrost DRM drivers Helen Mae Koike Fornazier
2023-08-28 15:24   ` Helen Mae Koike Fornazier
2023-08-29  2:36     ` Dmitry Osipenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230829114413.7adc9709@collabora.com \
    --to=boris.brezillon@collabora.com \
    --cc=airlied@gmail.com \
    --cc=boqun.feng@gmail.com \
    --cc=christian.koenig@amd.com \
    --cc=daniel@ffwll.ch \
    --cc=dmitry.osipenko@collabora.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=emma@anholt.net \
    --cc=gurchetansingh@chromium.org \
    --cc=intel-gfx@lists.freedesktop.org \
    --cc=kernel@collabora.com \
    --cc=kraxel@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maarten.lankhorst@linux.intel.com \
    --cc=mark.rutland@arm.com \
    --cc=mripard@kernel.org \
    --cc=mwen@igalia.com \
    --cc=olvaffe@gmail.com \
    --cc=peterz@infradead.org \
    --cc=steven.price@arm.com \
    --cc=tzimmermann@suse.de \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=will@kernel.org \
    --cc=yuq825@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox