From patchwork Sun Aug 3 11:16:16 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 4665851 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 4CF69C0338 for ; Sun, 3 Aug 2014 15:30:52 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 7A0D8201B9 for ; Sun, 3 Aug 2014 15:30:51 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id CE79020172 for ; Sun, 3 Aug 2014 15:30:49 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 10F746E0D1; Sun, 3 Aug 2014 08:30:47 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by gabe.freedesktop.org (Postfix) with ESMTP id DFC276E027 for ; Sun, 3 Aug 2014 05:03:43 -0700 (PDT) Received: from fsav305.sakura.ne.jp (fsav305.sakura.ne.jp [153.120.85.136]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id s73BGOKp049582; Sun, 3 Aug 2014 20:16:24 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from 202.181.97.72 (202.181.97.72) by fsav305.sakura.ne.jp (F-Secure/virusgw_smtp/412/fsav305.sakura.ne.jp); Sun, 03 Aug 2014 20:16:24 +0900 (JST) X-Virus-Status: clean(F-Secure/virusgw_smtp/412/fsav305.sakura.ne.jp) Received: from CLAMP (KD175108057186.ppp-bb.dion.ne.jp [175.108.57.186]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id s73BGOsP049577; Sun, 3 Aug 2014 20:16:24 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) To: konrad.wilk@oracle.com, dchinner@redhat.com Subject: [PATCH 4/5] gpu/drm/ttm: Fix possible stack overflow by recursive shrinker calls. From: Tetsuo Handa References: <20140610191741.GA28523@phenom.dumpdata.com> <201406110516.HCH90692.FFFStVJMOHOLQO@I-love.SAKURA.ne.jp> <201408032014.EBE26508.FQOFtHFOSVJMOL@I-love.SAKURA.ne.jp> <201408032014.BHF60482.VFOFSMJLtHQFOO@I-love.SAKURA.ne.jp> <201408032015.EDH17687.SJOtFFLMFHVOQO@I-love.SAKURA.ne.jp> In-Reply-To: <201408032015.EDH17687.SJOtFFLMFHVOQO@I-love.SAKURA.ne.jp> Message-Id: <201408032016.CFI95841.SOVHFQtFJFOLOM@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Sun, 3 Aug 2014 20:16:16 +0900 Mime-Version: 1.0 X-Mailman-Approved-At: Sun, 03 Aug 2014 08:30:45 -0700 Cc: linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RCVD_NUMERIC_HELO, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP >From 16009d9def2c3087772e6c9dbec6c60950ae768b Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Sun, 3 Aug 2014 20:02:03 +0900 Subject: [PATCH 4/5] gpu/drm/ttm: Fix possible stack overflow by recursive shrinker calls. While ttm_dma_pool_shrink_scan() tries to take mutex before doing GFP_KERNEL allocation, ttm_pool_shrink_scan() does not do it. This can result in stack overflow if kmalloc() in ttm_page_pool_free() triggered recursion due to memory pressure. shrink_slab() => ttm_pool_shrink_scan() => ttm_page_pool_free() => kmalloc(GFP_KERNEL) => shrink_slab() => ttm_pool_shrink_scan() => ttm_page_pool_free() => kmalloc(GFP_KERNEL) Change ttm_pool_shrink_scan() to do like ttm_dma_pool_shrink_scan() does. Signed-off-by: Tetsuo Handa Cc: stable [2.6.35+] --- drivers/gpu/drm/ttm/ttm_page_alloc.c | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c index beb8e75..edb8315 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -391,14 +391,17 @@ out: static unsigned long ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) { - static atomic_t start_pool = ATOMIC_INIT(0); + static DEFINE_MUTEX(lock); + static unsigned start_pool; unsigned i; - unsigned pool_offset = atomic_add_return(1, &start_pool); + unsigned pool_offset; struct ttm_page_pool *pool; int shrink_pages = sc->nr_to_scan; unsigned long freed = 0; - pool_offset = pool_offset % NUM_POOLS; + if (!mutex_trylock(&lock)) + return SHRINK_STOP; + pool_offset = ++start_pool % NUM_POOLS; /* select start pool in round robin fashion */ for (i = 0; i < NUM_POOLS; ++i) { unsigned nr_free = shrink_pages; @@ -408,6 +411,7 @@ ttm_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) shrink_pages = ttm_page_pool_free(pool, nr_free); freed += nr_free - shrink_pages; } + mutex_unlock(&lock); return freed; }