| Message ID | 20191104173737.142558-1-robdclark@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/2,v2] drm/atomic: fix self-refresh helpers crtc state dereference | expand |
On Mon, Nov 4, 2019 at 9:39 AM Rob Clark <robdclark@gmail.com> wrote: > > From: Rob Clark <robdclark@chromium.org> > > drm_self_refresh_helper_update_avg_times() was incorrectly accessing the > new incoming state after drm_atomic_helper_commit_hw_done(). But this > state might have already been superceeded by an !nonblock atomic update > resulting in dereferencing an already free'd crtc_state. > > TODO I *think* this will more or less do the right thing.. althought I'm > not 100% sure if, for example, we enter psr in a nonblock commit, and > then leave psr in a !nonblock commit that overtakes the completion of > the nonblock commit. Not sure if this sort of scenario can happen in > practice. But not crashing is better than crashing, so I guess we > should either take this patch or rever the self-refresh helpers until > Sean can figure out a better solution. btw, I think we can drop this TODO para from the commit msg.. but would be nice to get this (1/2) landed in v5.4-fixes as it fixes an actual regressions.. patch 2/2 probably shouldn't be for v5.4, since according to kbuild robot it is turning up some other problems.. but I still think it is probably a good idea BR, -R > > Fixes: d4da4e33341c ("drm: Measure Self Refresh Entry/Exit times to avoid thrashing") > Cc: Sean Paul <seanpaul@chromium.org> > Signed-off-by: Rob Clark <robdclark@chromium.org> > --- > drivers/gpu/drm/drm_atomic_helper.c | 14 +++++++++++++- > drivers/gpu/drm/drm_self_refresh_helper.c | 15 +++++++++------ > include/drm/drm_self_refresh_helper.h | 3 ++- > 3 files changed, 24 insertions(+), 8 deletions(-) > > diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c > index 3ef2ac52ce94..648494c813e5 100644 > --- a/drivers/gpu/drm/drm_atomic_helper.c > +++ b/drivers/gpu/drm/drm_atomic_helper.c > @@ -1581,8 +1581,11 @@ static void commit_tail(struct drm_atomic_state *old_state) > { > struct drm_device *dev = old_state->dev; > const struct drm_mode_config_helper_funcs *funcs; > + struct drm_crtc_state *new_crtc_state; > + struct drm_crtc *crtc; > ktime_t start; > s64 commit_time_ms; > + unsigned i, new_self_refresh_mask = 0; > > funcs = dev->mode_config.helper_private; > > @@ -1602,6 +1605,14 @@ static void commit_tail(struct drm_atomic_state *old_state) > > drm_atomic_helper_wait_for_dependencies(old_state); > > + /* > + * We cannot safely access new_crtc_state after drm_atomic_helper_commit_hw_done() > + * so figure out which crtc's have self-refresh active beforehand: > + */ > + for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i) > + if (new_crtc_state->self_refresh_active) > + new_self_refresh_mask |= BIT(i); > + > if (funcs && funcs->atomic_commit_tail) > funcs->atomic_commit_tail(old_state); > else > @@ -1610,7 +1621,8 @@ static void commit_tail(struct drm_atomic_state *old_state) > commit_time_ms = ktime_ms_delta(ktime_get(), start); > if (commit_time_ms > 0) > drm_self_refresh_helper_update_avg_times(old_state, > - (unsigned long)commit_time_ms); > + (unsigned long)commit_time_ms, > + new_self_refresh_mask); > > drm_atomic_helper_commit_cleanup_done(old_state); > > diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c > index 68f4765a5896..011b8d5f7dd6 100644 > --- a/drivers/gpu/drm/drm_self_refresh_helper.c > +++ b/drivers/gpu/drm/drm_self_refresh_helper.c > @@ -133,6 +133,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > * drm_self_refresh_helper_update_avg_times - Updates a crtc's SR time averages > * @state: the state which has just been applied to hardware > * @commit_time_ms: the amount of time in ms that this commit took to complete > + * @new_self_refresh_mask: bitmask of crtc's that have self_refresh_active in > + * new state > * > * Called after &drm_mode_config_funcs.atomic_commit_tail, this function will > * update the average entry/exit self refresh times on self refresh transitions. > @@ -140,22 +142,23 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > * entering self refresh mode after activity. > */ > void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state, > - unsigned int commit_time_ms) > + unsigned int commit_time_ms, > + unsigned int new_self_refresh_mask) > { > struct drm_crtc *crtc; > - struct drm_crtc_state *old_crtc_state, *new_crtc_state; > + struct drm_crtc_state *old_crtc_state; > int i; > > - for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, > - new_crtc_state, i) { > + for_each_old_crtc_in_state(state, crtc, old_crtc_state, i) { > + bool new_self_refresh_active = new_self_refresh_mask & BIT(i); > struct drm_self_refresh_data *sr_data = crtc->self_refresh_data; > struct ewma_psr_time *time; > > if (old_crtc_state->self_refresh_active == > - new_crtc_state->self_refresh_active) > + new_self_refresh_active) > continue; > > - if (new_crtc_state->self_refresh_active) > + if (new_self_refresh_active) > time = &sr_data->entry_avg_ms; > else > time = &sr_data->exit_avg_ms; > diff --git a/include/drm/drm_self_refresh_helper.h b/include/drm/drm_self_refresh_helper.h > index 5b79d253fb46..b2c08b328aa1 100644 > --- a/include/drm/drm_self_refresh_helper.h > +++ b/include/drm/drm_self_refresh_helper.h > @@ -13,7 +13,8 @@ struct drm_crtc; > > void drm_self_refresh_helper_alter_state(struct drm_atomic_state *state); > void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state, > - unsigned int commit_time_ms); > + unsigned int commit_time_ms, > + unsigned int new_self_refresh_mask); > > int drm_self_refresh_helper_init(struct drm_crtc *crtc); > void drm_self_refresh_helper_cleanup(struct drm_crtc *crtc); > -- > 2.23.0 >
On Mon, Nov 04, 2019 at 09:37:36AM -0800, Rob Clark wrote: > From: Rob Clark <robdclark@chromium.org> > > drm_self_refresh_helper_update_avg_times() was incorrectly accessing the > new incoming state after drm_atomic_helper_commit_hw_done(). But this > state might have already been superceeded by an !nonblock atomic update > resulting in dereferencing an already free'd crtc_state. > > TODO I *think* this will more or less do the right thing.. althought I'm > not 100% sure if, for example, we enter psr in a nonblock commit, and > then leave psr in a !nonblock commit that overtakes the completion of > the nonblock commit. Not sure if this sort of scenario can happen in > practice. But not crashing is better than crashing, so I guess we > should either take this patch or rever the self-refresh helpers until > Sean can figure out a better solution. > > Fixes: d4da4e33341c ("drm: Measure Self Refresh Entry/Exit times to avoid thrashing") > Cc: Sean Paul <seanpaul@chromium.org> > Signed-off-by: Rob Clark <robdclark@chromium.org> Thanks for tracking this down, Rob. I gave it a spin on my rk3399 kevin and it behaved as expected. I've pushed this patch to drm-misc-fixes in hopes it'll catch 5.4 Sean > --- > drivers/gpu/drm/drm_atomic_helper.c | 14 +++++++++++++- > drivers/gpu/drm/drm_self_refresh_helper.c | 15 +++++++++------ > include/drm/drm_self_refresh_helper.h | 3 ++- > 3 files changed, 24 insertions(+), 8 deletions(-) > > diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c > index 3ef2ac52ce94..648494c813e5 100644 > --- a/drivers/gpu/drm/drm_atomic_helper.c > +++ b/drivers/gpu/drm/drm_atomic_helper.c > @@ -1581,8 +1581,11 @@ static void commit_tail(struct drm_atomic_state *old_state) > { > struct drm_device *dev = old_state->dev; > const struct drm_mode_config_helper_funcs *funcs; > + struct drm_crtc_state *new_crtc_state; > + struct drm_crtc *crtc; > ktime_t start; > s64 commit_time_ms; > + unsigned i, new_self_refresh_mask = 0; > > funcs = dev->mode_config.helper_private; > > @@ -1602,6 +1605,14 @@ static void commit_tail(struct drm_atomic_state *old_state) > > drm_atomic_helper_wait_for_dependencies(old_state); > > + /* > + * We cannot safely access new_crtc_state after drm_atomic_helper_commit_hw_done() > + * so figure out which crtc's have self-refresh active beforehand: > + */ > + for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i) > + if (new_crtc_state->self_refresh_active) > + new_self_refresh_mask |= BIT(i); > + > if (funcs && funcs->atomic_commit_tail) > funcs->atomic_commit_tail(old_state); > else > @@ -1610,7 +1621,8 @@ static void commit_tail(struct drm_atomic_state *old_state) > commit_time_ms = ktime_ms_delta(ktime_get(), start); > if (commit_time_ms > 0) > drm_self_refresh_helper_update_avg_times(old_state, > - (unsigned long)commit_time_ms); > + (unsigned long)commit_time_ms, > + new_self_refresh_mask); > > drm_atomic_helper_commit_cleanup_done(old_state); > > diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c > index 68f4765a5896..011b8d5f7dd6 100644 > --- a/drivers/gpu/drm/drm_self_refresh_helper.c > +++ b/drivers/gpu/drm/drm_self_refresh_helper.c > @@ -133,6 +133,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > * drm_self_refresh_helper_update_avg_times - Updates a crtc's SR time averages > * @state: the state which has just been applied to hardware > * @commit_time_ms: the amount of time in ms that this commit took to complete > + * @new_self_refresh_mask: bitmask of crtc's that have self_refresh_active in > + * new state > * > * Called after &drm_mode_config_funcs.atomic_commit_tail, this function will > * update the average entry/exit self refresh times on self refresh transitions. > @@ -140,22 +142,23 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > * entering self refresh mode after activity. > */ > void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state, > - unsigned int commit_time_ms) > + unsigned int commit_time_ms, > + unsigned int new_self_refresh_mask) > { > struct drm_crtc *crtc; > - struct drm_crtc_state *old_crtc_state, *new_crtc_state; > + struct drm_crtc_state *old_crtc_state; > int i; > > - for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, > - new_crtc_state, i) { > + for_each_old_crtc_in_state(state, crtc, old_crtc_state, i) { > + bool new_self_refresh_active = new_self_refresh_mask & BIT(i); > struct drm_self_refresh_data *sr_data = crtc->self_refresh_data; > struct ewma_psr_time *time; > > if (old_crtc_state->self_refresh_active == > - new_crtc_state->self_refresh_active) > + new_self_refresh_active) > continue; > > - if (new_crtc_state->self_refresh_active) > + if (new_self_refresh_active) > time = &sr_data->entry_avg_ms; > else > time = &sr_data->exit_avg_ms; > diff --git a/include/drm/drm_self_refresh_helper.h b/include/drm/drm_self_refresh_helper.h > index 5b79d253fb46..b2c08b328aa1 100644 > --- a/include/drm/drm_self_refresh_helper.h > +++ b/include/drm/drm_self_refresh_helper.h > @@ -13,7 +13,8 @@ struct drm_crtc; > > void drm_self_refresh_helper_alter_state(struct drm_atomic_state *state); > void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state, > - unsigned int commit_time_ms); > + unsigned int commit_time_ms, > + unsigned int new_self_refresh_mask); > > int drm_self_refresh_helper_init(struct drm_crtc *crtc); > void drm_self_refresh_helper_cleanup(struct drm_crtc *crtc); > -- > 2.23.0 >
diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 3ef2ac52ce94..648494c813e5 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -1581,8 +1581,11 @@ static void commit_tail(struct drm_atomic_state *old_state) { struct drm_device *dev = old_state->dev; const struct drm_mode_config_helper_funcs *funcs; + struct drm_crtc_state *new_crtc_state; + struct drm_crtc *crtc; ktime_t start; s64 commit_time_ms; + unsigned i, new_self_refresh_mask = 0; funcs = dev->mode_config.helper_private; @@ -1602,6 +1605,14 @@ static void commit_tail(struct drm_atomic_state *old_state) drm_atomic_helper_wait_for_dependencies(old_state); + /* + * We cannot safely access new_crtc_state after drm_atomic_helper_commit_hw_done() + * so figure out which crtc's have self-refresh active beforehand: + */ + for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i) + if (new_crtc_state->self_refresh_active) + new_self_refresh_mask |= BIT(i); + if (funcs && funcs->atomic_commit_tail) funcs->atomic_commit_tail(old_state); else @@ -1610,7 +1621,8 @@ static void commit_tail(struct drm_atomic_state *old_state) commit_time_ms = ktime_ms_delta(ktime_get(), start); if (commit_time_ms > 0) drm_self_refresh_helper_update_avg_times(old_state, - (unsigned long)commit_time_ms); + (unsigned long)commit_time_ms, + new_self_refresh_mask); drm_atomic_helper_commit_cleanup_done(old_state); diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c index 68f4765a5896..011b8d5f7dd6 100644 --- a/drivers/gpu/drm/drm_self_refresh_helper.c +++ b/drivers/gpu/drm/drm_self_refresh_helper.c @@ -133,6 +133,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) * drm_self_refresh_helper_update_avg_times - Updates a crtc's SR time averages * @state: the state which has just been applied to hardware * @commit_time_ms: the amount of time in ms that this commit took to complete + * @new_self_refresh_mask: bitmask of crtc's that have self_refresh_active in + * new state * * Called after &drm_mode_config_funcs.atomic_commit_tail, this function will * update the average entry/exit self refresh times on self refresh transitions. @@ -140,22 +142,23 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) * entering self refresh mode after activity. */ void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state, - unsigned int commit_time_ms) + unsigned int commit_time_ms, + unsigned int new_self_refresh_mask) { struct drm_crtc *crtc; - struct drm_crtc_state *old_crtc_state, *new_crtc_state; + struct drm_crtc_state *old_crtc_state; int i; - for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, - new_crtc_state, i) { + for_each_old_crtc_in_state(state, crtc, old_crtc_state, i) { + bool new_self_refresh_active = new_self_refresh_mask & BIT(i); struct drm_self_refresh_data *sr_data = crtc->self_refresh_data; struct ewma_psr_time *time; if (old_crtc_state->self_refresh_active == - new_crtc_state->self_refresh_active) + new_self_refresh_active) continue; - if (new_crtc_state->self_refresh_active) + if (new_self_refresh_active) time = &sr_data->entry_avg_ms; else time = &sr_data->exit_avg_ms; diff --git a/include/drm/drm_self_refresh_helper.h b/include/drm/drm_self_refresh_helper.h index 5b79d253fb46..b2c08b328aa1 100644 --- a/include/drm/drm_self_refresh_helper.h +++ b/include/drm/drm_self_refresh_helper.h @@ -13,7 +13,8 @@ struct drm_crtc; void drm_self_refresh_helper_alter_state(struct drm_atomic_state *state); void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state, - unsigned int commit_time_ms); + unsigned int commit_time_ms, + unsigned int new_self_refresh_mask); int drm_self_refresh_helper_init(struct drm_crtc *crtc); void drm_self_refresh_helper_cleanup(struct drm_crtc *crtc);