diff mbox

[1/6] drm: pre allocate node for create_block

Message ID 1372887926-1147-1-git-send-email-ben@bwidawsk.net (mailing list archive)
State New, archived
Headers show

Commit Message

Ben Widawsky July 3, 2013, 9:45 p.m. UTC
For an upcoming patch where we introduce the i915 VMA, it's ideal to
have the drm_mm_node as part of the VMA struct (ie. it's pre-allocated).
Part of the conversion to VMAs is to kill off obj->gtt_space. Doing this
will break a bunch of code, but amongst them are 2 callers of
drm_mm_create_block(), both related to stolen memory.

It also allows us to embed the drm_mm_node into the object currently
which provides a nice transition over to the new code.

v2: Reordered to do before ripping out obj->gtt_offset.
Some minor cleanups made available because of reordering.

CC: <dri-devel@lists.freedesktop.org>
Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
---
 drivers/gpu/drm/drm_mm.c               | 16 +++++----------
 drivers/gpu/drm/i915/i915_gem_gtt.c    | 18 +++++++++++++----
 drivers/gpu/drm/i915/i915_gem_stolen.c | 36 +++++++++++++++++++++++-----------
 include/drm/drm_mm.h                   |  9 +++++----
 4 files changed, 49 insertions(+), 30 deletions(-)

Comments

David Herrmann July 4, 2013, 9:19 a.m. UTC | #1
Hi

On Wed, Jul 3, 2013 at 11:45 PM, Ben Widawsky <ben@bwidawsk.net> wrote:
> For an upcoming patch where we introduce the i915 VMA, it's ideal to
> have the drm_mm_node as part of the VMA struct (ie. it's pre-allocated).
> Part of the conversion to VMAs is to kill off obj->gtt_space. Doing this
> will break a bunch of code, but amongst them are 2 callers of
> drm_mm_create_block(), both related to stolen memory.
>
> It also allows us to embed the drm_mm_node into the object currently
> which provides a nice transition over to the new code.
>
> v2: Reordered to do before ripping out obj->gtt_offset.
> Some minor cleanups made available because of reordering.
>
> CC: <dri-devel@lists.freedesktop.org>
> Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
> ---
>  drivers/gpu/drm/drm_mm.c               | 16 +++++----------
>  drivers/gpu/drm/i915/i915_gem_gtt.c    | 18 +++++++++++++----
>  drivers/gpu/drm/i915/i915_gem_stolen.c | 36 +++++++++++++++++++++++-----------
>  include/drm/drm_mm.h                   |  9 +++++----
>  4 files changed, 49 insertions(+), 30 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
> index 07cf99c..9e8dfbc 100644
> --- a/drivers/gpu/drm/drm_mm.c
> +++ b/drivers/gpu/drm/drm_mm.c
> @@ -147,12 +147,10 @@ static void drm_mm_insert_helper(struct drm_mm_node *hole_node,
>         }
>  }
>
> -struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> -                                       unsigned long start,
> -                                       unsigned long size,
> -                                       bool atomic)
> +int drm_mm_create_block(struct drm_mm *mm, struct drm_mm_node *node,
> +                       unsigned long start, unsigned long size)
>  {
> -       struct drm_mm_node *hole, *node;
> +       struct drm_mm_node *hole;
>         unsigned long end = start + size;
>         unsigned long hole_start;
>         unsigned long hole_end;
> @@ -161,10 +159,6 @@ struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
>                 if (hole_start > start || hole_end < end)
>                         continue;
>
> -               node = drm_mm_kmalloc(mm, atomic);
> -               if (unlikely(node == NULL))
> -                       return NULL;
> -
>                 node->start = start;
>                 node->size = size;
>                 node->mm = mm;
> @@ -184,11 +178,11 @@ struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
>                         node->hole_follows = 1;
>                 }
>
> -               return node;
> +               return 0;
>         }
>
>         WARN(1, "no hole found for block 0x%lx + 0x%lx\n", start, size);
> -       return NULL;
> +       return -ENOSPC;
>  }
>  EXPORT_SYMBOL(drm_mm_create_block);
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 66929ea..5c6fc0e 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -629,14 +629,24 @@ void i915_gem_setup_global_gtt(struct drm_device *dev,
>
>         /* Mark any preallocated objects as occupied */
>         list_for_each_entry(obj, &dev_priv->mm.bound_list, global_list) {
> +               int ret;
>                 DRM_DEBUG_KMS("reserving preallocated space: %x + %zx\n",
>                               obj->gtt_offset, obj->base.size);
>
>                 BUG_ON(obj->gtt_space != I915_GTT_RESERVED);
> -               obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
> -                                                    obj->gtt_offset,
> -                                                    obj->base.size,
> -                                                    false);
> +               obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
> +               if (!obj->gtt_space) {
> +                       DRM_ERROR("Failed to preserve all objects\n");
> +                       break;
> +               }
> +               ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
> +                                         obj->gtt_space,
> +                                         obj->gtt_offset,
> +                                         obj->base.size);
> +               if (ret) {
> +                       DRM_DEBUG_KMS("Reservation failed\n");
> +                       kfree(obj->gtt_space);

Are you sure you don't need:
  obj->gtt_space = NULL;
here?
I am no expert in i915 gem handling, but looking at i915_gem.c I think
you might run into bugs if not.

Also, why did you add the "break;" above, but not here? I am confused.

> +               }
>                 obj->has_global_gtt_mapping = 1;
>         }
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_stolen.c b/drivers/gpu/drm/i915/i915_gem_stolen.c
> index 8e02344..f9db84a 100644
> --- a/drivers/gpu/drm/i915/i915_gem_stolen.c
> +++ b/drivers/gpu/drm/i915/i915_gem_stolen.c
> @@ -330,6 +330,7 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>         struct drm_i915_private *dev_priv = dev->dev_private;
>         struct drm_i915_gem_object *obj;
>         struct drm_mm_node *stolen;
> +       int ret;
>
>         if (dev_priv->mm.stolen_base == 0)
>                 return NULL;
> @@ -344,11 +345,15 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>         if (WARN_ON(size == 0))
>                 return NULL;
>
> -       stolen = drm_mm_create_block(&dev_priv->mm.stolen,
> -                                    stolen_offset, size,
> -                                    false);
> -       if (stolen == NULL) {
> +       stolen = kzalloc(sizeof(*stolen), GFP_KERNEL);
> +       if (!stolen)
> +               return NULL;
> +
> +       ret = drm_mm_create_block(&dev_priv->mm.stolen, stolen, stolen_offset,
> +                                 size);
> +       if (ret) {
>                 DRM_DEBUG_KMS("failed to allocate stolen space\n");
> +               kfree(stolen);
>                 return NULL;
>         }
>
> @@ -369,13 +374,18 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>          * later.
>          */
>         if (drm_mm_initialized(&dev_priv->mm.gtt_space)) {
> -               obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
> -                                                    gtt_offset, size,
> -                                                    false);
> -               if (obj->gtt_space == NULL) {
> +               obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
> +               if (!obj->gtt_space) {
> +                       DRM_DEBUG_KMS("-ENOMEM stolen GTT space\n");
> +                       goto unref_out;
> +               }
> +
> +               ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
> +                                         obj->gtt_space,
> +                                         gtt_offset, size);
> +               if (ret) {
>                         DRM_DEBUG_KMS("failed to allocate stolen GTT space\n");
> -                       drm_gem_object_unreference(&obj->base);
> -                       return NULL;
> +                       goto unref_out;

Again:
  kfree(obj->gtt_space);
  obj->gtt_space = NULL;
Otherwise, if gem-cleanup calls drm_mm_put_block() on an already
removed node, you end up with NULL-derefs in drm_mm.c

>                 }
>         } else
>                 obj->gtt_space = I915_GTT_RESERVED;
> @@ -385,8 +395,12 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>
>         list_add_tail(&obj->global_list, &dev_priv->mm.bound_list);
>         list_add_tail(&obj->mm_list, &dev_priv->mm.inactive_list);
> -
>         return obj;
> +
> +unref_out:
> +       drm_gem_object_unreference(&obj->base);
> +       drm_mm_put_block(stolen);

"stolen" is already cleared by drm_gem_object_unreference(). So that's
a double-free here.

The drm_mm_create_block() change looks good.
Cheers
David

> +       return NULL;
>  }
>
>  void
> diff --git a/include/drm/drm_mm.h b/include/drm/drm_mm.h
> index 88591ef..d8b56b7 100644
> --- a/include/drm/drm_mm.h
> +++ b/include/drm/drm_mm.h
> @@ -138,10 +138,10 @@ static inline unsigned long drm_mm_hole_node_end(struct drm_mm_node *hole_node)
>  /*
>   * Basic range manager support (drm_mm.c)
>   */
> -extern struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> -                                              unsigned long start,
> -                                              unsigned long size,
> -                                              bool atomic);
> +extern int drm_mm_create_block(struct drm_mm *mm,
> +                              struct drm_mm_node *node,
> +                              unsigned long start,
> +                              unsigned long size);
>  extern struct drm_mm_node *drm_mm_get_block_generic(struct drm_mm_node *node,
>                                                     unsigned long size,
>                                                     unsigned alignment,
> @@ -155,6 +155,7 @@ extern struct drm_mm_node *drm_mm_get_block_range_generic(
>                                                 unsigned long start,
>                                                 unsigned long end,
>                                                 int atomic);
> +
>  static inline struct drm_mm_node *drm_mm_get_block(struct drm_mm_node *parent,
>                                                    unsigned long size,
>                                                    unsigned alignment)
> --
> 1.8.3.2
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
David Herrmann July 4, 2013, 9:22 a.m. UTC | #2
Hi

On Wed, Jul 3, 2013 at 11:45 PM, Ben Widawsky <ben@bwidawsk.net> wrote:
> For an upcoming patch where we introduce the i915 VMA, it's ideal to
> have the drm_mm_node as part of the VMA struct (ie. it's pre-allocated).
> Part of the conversion to VMAs is to kill off obj->gtt_space. Doing this
> will break a bunch of code, but amongst them are 2 callers of
> drm_mm_create_block(), both related to stolen memory.
>
> It also allows us to embed the drm_mm_node into the object currently
> which provides a nice transition over to the new code.
>
> v2: Reordered to do before ripping out obj->gtt_offset.
> Some minor cleanups made available because of reordering.
>
> CC: <dri-devel@lists.freedesktop.org>
> Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
> ---
>  drivers/gpu/drm/drm_mm.c               | 16 +++++----------
>  drivers/gpu/drm/i915/i915_gem_gtt.c    | 18 +++++++++++++----
>  drivers/gpu/drm/i915/i915_gem_stolen.c | 36 +++++++++++++++++++++++-----------
>  include/drm/drm_mm.h                   |  9 +++++----
>  4 files changed, 49 insertions(+), 30 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
> index 07cf99c..9e8dfbc 100644
> --- a/drivers/gpu/drm/drm_mm.c
> +++ b/drivers/gpu/drm/drm_mm.c
> @@ -147,12 +147,10 @@ static void drm_mm_insert_helper(struct drm_mm_node *hole_node,
>         }
>  }
>
> -struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> -                                       unsigned long start,
> -                                       unsigned long size,
> -                                       bool atomic)
> +int drm_mm_create_block(struct drm_mm *mm, struct drm_mm_node *node,
> +                       unsigned long start, unsigned long size)
>  {
> -       struct drm_mm_node *hole, *node;
> +       struct drm_mm_node *hole;
>         unsigned long end = start + size;
>         unsigned long hole_start;
>         unsigned long hole_end;
> @@ -161,10 +159,6 @@ struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
>                 if (hole_start > start || hole_end < end)
>                         continue;
>
> -               node = drm_mm_kmalloc(mm, atomic);
> -               if (unlikely(node == NULL))
> -                       return NULL;
> -
>                 node->start = start;
>                 node->size = size;
>                 node->mm = mm;
> @@ -184,11 +178,11 @@ struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
>                         node->hole_follows = 1;
>                 }
>
> -               return node;
> +               return 0;
>         }
>
>         WARN(1, "no hole found for block 0x%lx + 0x%lx\n", start, size);
> -       return NULL;
> +       return -ENOSPC;
>  }
>  EXPORT_SYMBOL(drm_mm_create_block);
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> index 66929ea..5c6fc0e 100644
> --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> @@ -629,14 +629,24 @@ void i915_gem_setup_global_gtt(struct drm_device *dev,
>
>         /* Mark any preallocated objects as occupied */
>         list_for_each_entry(obj, &dev_priv->mm.bound_list, global_list) {
> +               int ret;
>                 DRM_DEBUG_KMS("reserving preallocated space: %x + %zx\n",
>                               obj->gtt_offset, obj->base.size);
>
>                 BUG_ON(obj->gtt_space != I915_GTT_RESERVED);
> -               obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
> -                                                    obj->gtt_offset,
> -                                                    obj->base.size,
> -                                                    false);
> +               obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
> +               if (!obj->gtt_space) {
> +                       DRM_ERROR("Failed to preserve all objects\n");
> +                       break;
> +               }
> +               ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
> +                                         obj->gtt_space,
> +                                         obj->gtt_offset,
> +                                         obj->base.size);
> +               if (ret) {
> +                       DRM_DEBUG_KMS("Reservation failed\n");
> +                       kfree(obj->gtt_space);
> +               }
>                 obj->has_global_gtt_mapping = 1;
>         }
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_stolen.c b/drivers/gpu/drm/i915/i915_gem_stolen.c
> index 8e02344..f9db84a 100644
> --- a/drivers/gpu/drm/i915/i915_gem_stolen.c
> +++ b/drivers/gpu/drm/i915/i915_gem_stolen.c
> @@ -330,6 +330,7 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>         struct drm_i915_private *dev_priv = dev->dev_private;
>         struct drm_i915_gem_object *obj;
>         struct drm_mm_node *stolen;
> +       int ret;
>
>         if (dev_priv->mm.stolen_base == 0)
>                 return NULL;
> @@ -344,11 +345,15 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>         if (WARN_ON(size == 0))
>                 return NULL;
>
> -       stolen = drm_mm_create_block(&dev_priv->mm.stolen,
> -                                    stolen_offset, size,
> -                                    false);
> -       if (stolen == NULL) {
> +       stolen = kzalloc(sizeof(*stolen), GFP_KERNEL);
> +       if (!stolen)
> +               return NULL;
> +
> +       ret = drm_mm_create_block(&dev_priv->mm.stolen, stolen, stolen_offset,
> +                                 size);
> +       if (ret) {
>                 DRM_DEBUG_KMS("failed to allocate stolen space\n");
> +               kfree(stolen);
>                 return NULL;
>         }
>
> @@ -369,13 +374,18 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>          * later.
>          */
>         if (drm_mm_initialized(&dev_priv->mm.gtt_space)) {
> -               obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
> -                                                    gtt_offset, size,
> -                                                    false);
> -               if (obj->gtt_space == NULL) {
> +               obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
> +               if (!obj->gtt_space) {
> +                       DRM_DEBUG_KMS("-ENOMEM stolen GTT space\n");
> +                       goto unref_out;
> +               }
> +
> +               ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
> +                                         obj->gtt_space,
> +                                         gtt_offset, size);
> +               if (ret) {
>                         DRM_DEBUG_KMS("failed to allocate stolen GTT space\n");
> -                       drm_gem_object_unreference(&obj->base);
> -                       return NULL;
> +                       goto unref_out;
>                 }
>         } else
>                 obj->gtt_space = I915_GTT_RESERVED;
> @@ -385,8 +395,12 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
>
>         list_add_tail(&obj->global_list, &dev_priv->mm.bound_list);
>         list_add_tail(&obj->mm_list, &dev_priv->mm.inactive_list);
> -
>         return obj;
> +
> +unref_out:
> +       drm_gem_object_unreference(&obj->base);
> +       drm_mm_put_block(stolen);
> +       return NULL;
>  }
>
>  void
> diff --git a/include/drm/drm_mm.h b/include/drm/drm_mm.h
> index 88591ef..d8b56b7 100644
> --- a/include/drm/drm_mm.h
> +++ b/include/drm/drm_mm.h
> @@ -138,10 +138,10 @@ static inline unsigned long drm_mm_hole_node_end(struct drm_mm_node *hole_node)
>  /*
>   * Basic range manager support (drm_mm.c)
>   */
> -extern struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> -                                              unsigned long start,
> -                                              unsigned long size,
> -                                              bool atomic);
> +extern int drm_mm_create_block(struct drm_mm *mm,
> +                              struct drm_mm_node *node,
> +                              unsigned long start,
> +                              unsigned long size);
>  extern struct drm_mm_node *drm_mm_get_block_generic(struct drm_mm_node *node,
>                                                     unsigned long size,
>                                                     unsigned alignment,
> @@ -155,6 +155,7 @@ extern struct drm_mm_node *drm_mm_get_block_range_generic(
>                                                 unsigned long start,
>                                                 unsigned long end,
>                                                 int atomic);
> +

Nitpick: This newline doesn't belong in this patch.

Cheers
David

>  static inline struct drm_mm_node *drm_mm_get_block(struct drm_mm_node *parent,
>                                                    unsigned long size,
>                                                    unsigned alignment)
> --
> 1.8.3.2
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
Ben Widawsky July 4, 2013, 8:03 p.m. UTC | #3
On Thu, Jul 04, 2013 at 11:19:58AM +0200, David Herrmann wrote:
> Hi
> 
> On Wed, Jul 3, 2013 at 11:45 PM, Ben Widawsky <ben@bwidawsk.net> wrote:
> > For an upcoming patch where we introduce the i915 VMA, it's ideal to
> > have the drm_mm_node as part of the VMA struct (ie. it's pre-allocated).
> > Part of the conversion to VMAs is to kill off obj->gtt_space. Doing this
> > will break a bunch of code, but amongst them are 2 callers of
> > drm_mm_create_block(), both related to stolen memory.
> >
> > It also allows us to embed the drm_mm_node into the object currently
> > which provides a nice transition over to the new code.
> >
> > v2: Reordered to do before ripping out obj->gtt_offset.
> > Some minor cleanups made available because of reordering.
> >
> > CC: <dri-devel@lists.freedesktop.org>
> > Signed-off-by: Ben Widawsky <ben@bwidawsk.net>
> > ---
> >  drivers/gpu/drm/drm_mm.c               | 16 +++++----------
> >  drivers/gpu/drm/i915/i915_gem_gtt.c    | 18 +++++++++++++----
> >  drivers/gpu/drm/i915/i915_gem_stolen.c | 36 +++++++++++++++++++++++-----------
> >  include/drm/drm_mm.h                   |  9 +++++----
> >  4 files changed, 49 insertions(+), 30 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
> > index 07cf99c..9e8dfbc 100644
> > --- a/drivers/gpu/drm/drm_mm.c
> > +++ b/drivers/gpu/drm/drm_mm.c
> > @@ -147,12 +147,10 @@ static void drm_mm_insert_helper(struct drm_mm_node *hole_node,
> >         }
> >  }
> >
> > -struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> > -                                       unsigned long start,
> > -                                       unsigned long size,
> > -                                       bool atomic)
> > +int drm_mm_create_block(struct drm_mm *mm, struct drm_mm_node *node,
> > +                       unsigned long start, unsigned long size)
> >  {
> > -       struct drm_mm_node *hole, *node;
> > +       struct drm_mm_node *hole;
> >         unsigned long end = start + size;
> >         unsigned long hole_start;
> >         unsigned long hole_end;
> > @@ -161,10 +159,6 @@ struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> >                 if (hole_start > start || hole_end < end)
> >                         continue;
> >
> > -               node = drm_mm_kmalloc(mm, atomic);
> > -               if (unlikely(node == NULL))
> > -                       return NULL;
> > -
> >                 node->start = start;
> >                 node->size = size;
> >                 node->mm = mm;
> > @@ -184,11 +178,11 @@ struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> >                         node->hole_follows = 1;
> >                 }
> >
> > -               return node;
> > +               return 0;
> >         }
> >
> >         WARN(1, "no hole found for block 0x%lx + 0x%lx\n", start, size);
> > -       return NULL;
> > +       return -ENOSPC;
> >  }
> >  EXPORT_SYMBOL(drm_mm_create_block);
> >
> > diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > index 66929ea..5c6fc0e 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_gtt.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
> > @@ -629,14 +629,24 @@ void i915_gem_setup_global_gtt(struct drm_device *dev,
> >
> >         /* Mark any preallocated objects as occupied */
> >         list_for_each_entry(obj, &dev_priv->mm.bound_list, global_list) {
> > +               int ret;
> >                 DRM_DEBUG_KMS("reserving preallocated space: %x + %zx\n",
> >                               obj->gtt_offset, obj->base.size);
> >
> >                 BUG_ON(obj->gtt_space != I915_GTT_RESERVED);
> > -               obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
> > -                                                    obj->gtt_offset,
> > -                                                    obj->base.size,
> > -                                                    false);
> > +               obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
> > +               if (!obj->gtt_space) {
> > +                       DRM_ERROR("Failed to preserve all objects\n");
> > +                       break;
> > +               }
> > +               ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
> > +                                         obj->gtt_space,
> > +                                         obj->gtt_offset,
> > +                                         obj->base.size);
> > +               if (ret) {
> > +                       DRM_DEBUG_KMS("Reservation failed\n");
> > +                       kfree(obj->gtt_space);
> 
> Are you sure you don't need:
>   obj->gtt_space = NULL;
> here?
> I am no expert in i915 gem handling, but looking at i915_gem.c I think
> you might run into bugs if not.

I'm too lazy to actually check, but I believe you're probably right.
It's fixed in a later patch where I added the getters and use
node_allocated so I don't check obj->gtt_space != NULL anymore; but it
would potentially be a painful bisect point.

Thanks for catching it (and the following ones).

> 
> Also, why did you add the "break;" above, but not here? I am confused.

The thought at the time was if kzalloc fails at this point, subsequent
kzallocs are really likely to fail also. drm_mm_create_block OTOH is
something I won't pretend to inquire about failure recurrence. I agree
it looks funny though, so I'll change the break to continue.

> 
> > +               }
> >                 obj->has_global_gtt_mapping = 1;
> >         }
> >
> > diff --git a/drivers/gpu/drm/i915/i915_gem_stolen.c b/drivers/gpu/drm/i915/i915_gem_stolen.c
> > index 8e02344..f9db84a 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_stolen.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_stolen.c
> > @@ -330,6 +330,7 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
> >         struct drm_i915_private *dev_priv = dev->dev_private;
> >         struct drm_i915_gem_object *obj;
> >         struct drm_mm_node *stolen;
> > +       int ret;
> >
> >         if (dev_priv->mm.stolen_base == 0)
> >                 return NULL;
> > @@ -344,11 +345,15 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
> >         if (WARN_ON(size == 0))
> >                 return NULL;
> >
> > -       stolen = drm_mm_create_block(&dev_priv->mm.stolen,
> > -                                    stolen_offset, size,
> > -                                    false);
> > -       if (stolen == NULL) {
> > +       stolen = kzalloc(sizeof(*stolen), GFP_KERNEL);
> > +       if (!stolen)
> > +               return NULL;
> > +
> > +       ret = drm_mm_create_block(&dev_priv->mm.stolen, stolen, stolen_offset,
> > +                                 size);
> > +       if (ret) {
> >                 DRM_DEBUG_KMS("failed to allocate stolen space\n");
> > +               kfree(stolen);
> >                 return NULL;
> >         }
> >
> > @@ -369,13 +374,18 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
> >          * later.
> >          */
> >         if (drm_mm_initialized(&dev_priv->mm.gtt_space)) {
> > -               obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
> > -                                                    gtt_offset, size,
> > -                                                    false);
> > -               if (obj->gtt_space == NULL) {
> > +               obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
> > +               if (!obj->gtt_space) {
> > +                       DRM_DEBUG_KMS("-ENOMEM stolen GTT space\n");
> > +                       goto unref_out;
> > +               }
> > +
> > +               ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
> > +                                         obj->gtt_space,
> > +                                         gtt_offset, size);
> > +               if (ret) {
> >                         DRM_DEBUG_KMS("failed to allocate stolen GTT space\n");
> > -                       drm_gem_object_unreference(&obj->base);
> > -                       return NULL;
> > +                       goto unref_out;
> 
> Again:
>   kfree(obj->gtt_space);
>   obj->gtt_space = NULL;
> Otherwise, if gem-cleanup calls drm_mm_put_block() on an already
> removed node, you end up with NULL-derefs in drm_mm.c
> 
> >                 }
> >         } else
> >                 obj->gtt_space = I915_GTT_RESERVED;
> > @@ -385,8 +395,12 @@ i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
> >
> >         list_add_tail(&obj->global_list, &dev_priv->mm.bound_list);
> >         list_add_tail(&obj->mm_list, &dev_priv->mm.inactive_list);
> > -
> >         return obj;
> > +
> > +unref_out:
> > +       drm_gem_object_unreference(&obj->base);
> > +       drm_mm_put_block(stolen);
> 
> "stolen" is already cleared by drm_gem_object_unreference(). So that's
> a double-free here.
> 
> The drm_mm_create_block() change looks good.
> Cheers
> David
>
Thanks for reviewing the i915 parts so thoroughly :D
> 
> > +       return NULL;
> >  }
> >
> >  void
> > diff --git a/include/drm/drm_mm.h b/include/drm/drm_mm.h
> > index 88591ef..d8b56b7 100644
> > --- a/include/drm/drm_mm.h
> > +++ b/include/drm/drm_mm.h
> > @@ -138,10 +138,10 @@ static inline unsigned long drm_mm_hole_node_end(struct drm_mm_node *hole_node)
> >  /*
> >   * Basic range manager support (drm_mm.c)
> >   */
> > -extern struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
> > -                                              unsigned long start,
> > -                                              unsigned long size,
> > -                                              bool atomic);
> > +extern int drm_mm_create_block(struct drm_mm *mm,
> > +                              struct drm_mm_node *node,
> > +                              unsigned long start,
> > +                              unsigned long size);
> >  extern struct drm_mm_node *drm_mm_get_block_generic(struct drm_mm_node *node,
> >                                                     unsigned long size,
> >                                                     unsigned alignment,
> > @@ -155,6 +155,7 @@ extern struct drm_mm_node *drm_mm_get_block_range_generic(
> >                                                 unsigned long start,
> >                                                 unsigned long end,
> >                                                 int atomic);
> > +
> >  static inline struct drm_mm_node *drm_mm_get_block(struct drm_mm_node *parent,
> >                                                    unsigned long size,
> >                                                    unsigned alignment)
> > --
> > 1.8.3.2
> >
> > _______________________________________________
> > dri-devel mailing list
> > dri-devel@lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/dri-devel
diff mbox

Patch

diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c
index 07cf99c..9e8dfbc 100644
--- a/drivers/gpu/drm/drm_mm.c
+++ b/drivers/gpu/drm/drm_mm.c
@@ -147,12 +147,10 @@  static void drm_mm_insert_helper(struct drm_mm_node *hole_node,
 	}
 }
 
-struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
-					unsigned long start,
-					unsigned long size,
-					bool atomic)
+int drm_mm_create_block(struct drm_mm *mm, struct drm_mm_node *node,
+			unsigned long start, unsigned long size)
 {
-	struct drm_mm_node *hole, *node;
+	struct drm_mm_node *hole;
 	unsigned long end = start + size;
 	unsigned long hole_start;
 	unsigned long hole_end;
@@ -161,10 +159,6 @@  struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
 		if (hole_start > start || hole_end < end)
 			continue;
 
-		node = drm_mm_kmalloc(mm, atomic);
-		if (unlikely(node == NULL))
-			return NULL;
-
 		node->start = start;
 		node->size = size;
 		node->mm = mm;
@@ -184,11 +178,11 @@  struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
 			node->hole_follows = 1;
 		}
 
-		return node;
+		return 0;
 	}
 
 	WARN(1, "no hole found for block 0x%lx + 0x%lx\n", start, size);
-	return NULL;
+	return -ENOSPC;
 }
 EXPORT_SYMBOL(drm_mm_create_block);
 
diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index 66929ea..5c6fc0e 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -629,14 +629,24 @@  void i915_gem_setup_global_gtt(struct drm_device *dev,
 
 	/* Mark any preallocated objects as occupied */
 	list_for_each_entry(obj, &dev_priv->mm.bound_list, global_list) {
+		int ret;
 		DRM_DEBUG_KMS("reserving preallocated space: %x + %zx\n",
 			      obj->gtt_offset, obj->base.size);
 
 		BUG_ON(obj->gtt_space != I915_GTT_RESERVED);
-		obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
-						     obj->gtt_offset,
-						     obj->base.size,
-						     false);
+		obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
+		if (!obj->gtt_space) {
+			DRM_ERROR("Failed to preserve all objects\n");
+			break;
+		}
+		ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
+					  obj->gtt_space,
+					  obj->gtt_offset,
+					  obj->base.size);
+		if (ret) {
+			DRM_DEBUG_KMS("Reservation failed\n");
+			kfree(obj->gtt_space);
+		}
 		obj->has_global_gtt_mapping = 1;
 	}
 
diff --git a/drivers/gpu/drm/i915/i915_gem_stolen.c b/drivers/gpu/drm/i915/i915_gem_stolen.c
index 8e02344..f9db84a 100644
--- a/drivers/gpu/drm/i915/i915_gem_stolen.c
+++ b/drivers/gpu/drm/i915/i915_gem_stolen.c
@@ -330,6 +330,7 @@  i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
 	struct drm_i915_private *dev_priv = dev->dev_private;
 	struct drm_i915_gem_object *obj;
 	struct drm_mm_node *stolen;
+	int ret;
 
 	if (dev_priv->mm.stolen_base == 0)
 		return NULL;
@@ -344,11 +345,15 @@  i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
 	if (WARN_ON(size == 0))
 		return NULL;
 
-	stolen = drm_mm_create_block(&dev_priv->mm.stolen,
-				     stolen_offset, size,
-				     false);
-	if (stolen == NULL) {
+	stolen = kzalloc(sizeof(*stolen), GFP_KERNEL);
+	if (!stolen)
+		return NULL;
+
+	ret = drm_mm_create_block(&dev_priv->mm.stolen, stolen, stolen_offset,
+				  size);
+	if (ret) {
 		DRM_DEBUG_KMS("failed to allocate stolen space\n");
+		kfree(stolen);
 		return NULL;
 	}
 
@@ -369,13 +374,18 @@  i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
 	 * later.
 	 */
 	if (drm_mm_initialized(&dev_priv->mm.gtt_space)) {
-		obj->gtt_space = drm_mm_create_block(&dev_priv->mm.gtt_space,
-						     gtt_offset, size,
-						     false);
-		if (obj->gtt_space == NULL) {
+		obj->gtt_space = kzalloc(sizeof(*obj->gtt_space), GFP_KERNEL);
+		if (!obj->gtt_space) {
+			DRM_DEBUG_KMS("-ENOMEM stolen GTT space\n");
+			goto unref_out;
+		}
+
+		ret = drm_mm_create_block(&dev_priv->mm.gtt_space,
+					  obj->gtt_space,
+					  gtt_offset, size);
+		if (ret) {
 			DRM_DEBUG_KMS("failed to allocate stolen GTT space\n");
-			drm_gem_object_unreference(&obj->base);
-			return NULL;
+			goto unref_out;
 		}
 	} else
 		obj->gtt_space = I915_GTT_RESERVED;
@@ -385,8 +395,12 @@  i915_gem_object_create_stolen_for_preallocated(struct drm_device *dev,
 
 	list_add_tail(&obj->global_list, &dev_priv->mm.bound_list);
 	list_add_tail(&obj->mm_list, &dev_priv->mm.inactive_list);
-
 	return obj;
+
+unref_out:
+	drm_gem_object_unreference(&obj->base);
+	drm_mm_put_block(stolen);
+	return NULL;
 }
 
 void
diff --git a/include/drm/drm_mm.h b/include/drm/drm_mm.h
index 88591ef..d8b56b7 100644
--- a/include/drm/drm_mm.h
+++ b/include/drm/drm_mm.h
@@ -138,10 +138,10 @@  static inline unsigned long drm_mm_hole_node_end(struct drm_mm_node *hole_node)
 /*
  * Basic range manager support (drm_mm.c)
  */
-extern struct drm_mm_node *drm_mm_create_block(struct drm_mm *mm,
-					       unsigned long start,
-					       unsigned long size,
-					       bool atomic);
+extern int drm_mm_create_block(struct drm_mm *mm,
+			       struct drm_mm_node *node,
+			       unsigned long start,
+			       unsigned long size);
 extern struct drm_mm_node *drm_mm_get_block_generic(struct drm_mm_node *node,
 						    unsigned long size,
 						    unsigned alignment,
@@ -155,6 +155,7 @@  extern struct drm_mm_node *drm_mm_get_block_range_generic(
 						unsigned long start,
 						unsigned long end,
 						int atomic);
+
 static inline struct drm_mm_node *drm_mm_get_block(struct drm_mm_node *parent,
 						   unsigned long size,
 						   unsigned alignment)