diff mbox series

[04/39] drm/i915/gt: Clear the buffer pool age before use

Message ID	20200826132811.17577-4-chris@chris-wilson.co.uk (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=RAJW=CE=lists.freedesktop.org=intel-gfx-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D55B5214F1 From: Chris Wilson <chris@chris-wilson.co.uk> To: intel-gfx@lists.freedesktop.org Date: Wed, 26 Aug 2020 14:27:36 +0100 Message-Id: <20200826132811.17577-4-chris@chris-wilson.co.uk> In-Reply-To: <20200826132811.17577-1-chris@chris-wilson.co.uk> References: <20200826132811.17577-1-chris@chris-wilson.co.uk> MIME-Version: 1.0 Subject: [Intel-gfx] [PATCH 04/39] drm/i915/gt: Clear the buffer pool age before use Precedence: list Cc: Chris Wilson <chris@chris-wilson.co.uk> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
Series	[01/39] drm/i915/gem: Avoid implicit vmap for highmem on x86-32 \| expand [01/39] drm/i915/gem: Avoid implicit vmap for highmem on x86-32 [02/39] drm/i915/gem: Use set_pte_at() for assigning the vmapped PTE [03/39] drm/i915/gem: Prevent using pgprot_writecombine() if PAT is not supported [04/39] drm/i915/gt: Clear the buffer pool age before use [05/39] drm/i915/gt: Widen CSB pointer to u64 for the parsers [06/39] drm/i915/gt: Wait for CSB entries on Tigerlake [07/39] drm/i915/gt: Apply the CSB w/a for all [08/39] drm/i915/gt: Show engine properties in the pretty printer [09/39] drm/i915/gem: Hold request reference for canceling an active context [10/39] drm/i915: Cancel outstanding work after disabling heartbeats on an engine [11/39] drm/i915/gt: Always send a pulse down the engine after disabling heartbeat [12/39] drm/i915/gem: Always test execution status on closing the context [13/39] drm/i915/gt: Signal cancelled requests [14/39] drm/i915/selftests: Finish pending mock requests on cancellation. [15/39] drm/i915/gt: Retire cancelled requests on unload [16/39] drm/i915/gt: Remove defunct intel_virtual_engine_get_sibling() [17/39] drm/i915/gt: Defer enabling the breadcrumb interrupt to after submission [18/39] drm/i915/gt: Track signaled breadcrumbs outside of the breadcrumb spinlock [19/39] drm/i915/gt: Don't cancel the interrupt shadow too early [20/39] drm/i915/gt: Free stale request on destroying the virtual engine [21/39] drm/i915/gt: Protect context lifetime with RCU [22/39] drm/i915/gt: Split the breadcrumb spinlock between global and contexts [23/39] drm/i915/gt: Move the breadcrumb to the signaler if completed upon cancel [24/39] drm/i915/gt: Decouple completed requests on unwind [25/39] drm/i915/gt: Check for a completed last request once [26/39] drm/i915/gt: Replace direct submit with direct call to tasklet [27/39] drm/i915/gt: ce->inflight updates are now serialised [28/39] drm/i915/gt: Use virtual_engine during execlists_dequeue [29/39] drm/i915/gt: Decouple inflight virtual engines [30/39] drm/i915/gt: Defer schedule_out until after the next dequeue [31/39] drm/i915/gt: Remove virtual breadcrumb before transfer [32/39] drm/i915/gt: Shrink the critical section for irq signaling [33/39] drm/i915/gt: Resubmit the virtual engine on schedule-out [34/39] drm/i915/gt: Simplify virtual engine handling for execlists_hold() [35/39] drm/i915: Encode fence specific waitqueue behaviour into the wait.flags [36/39] drm/i915/selftests: Confirm RING_TIMESTAMP / CTX_TIMESTAMP share a clock [37/39] drm/i915/gt: Consolidate the CS timestamp clocks [38/39] drm/i915: Break up error capture compression loops with cond_resched() [39/39] drm/i915: Reduce GPU error capture mutex hold time

Commit Message

Chris Wilson Aug. 26, 2020, 1:27 p.m. UTC

If we create a new node, it is possible for the slab allocator to return
us a recently freed node. If that node was just retired, it will retain
the current jiffy as its node->age. There is then a miniscule window,
where as that node is retired, it will appear on the free list with an
incorrect age and be eligible for reuse by one thread, and then by a
second thread as the correct node->age is written.

Fixes: 8080ffd81600 ("drm/i915/gt: Delay taking the spinlock for grabbing from the buffer pool")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 drivers/gpu/drm/i915/gt/intel_gt_buffer_pool.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Matthew Auld Aug. 26, 2020, 5:15 p.m. UTC | #1

On Wed, 26 Aug 2020 at 14:28, Chris Wilson <chris@chris-wilson.co.uk> wrote:
>
> If we create a new node, it is possible for the slab allocator to return
> us a recently freed node. If that node was just retired, it will retain
> the current jiffy as its node->age. There is then a miniscule window,
> where as that node is retired, it will appear on the free list with an
> incorrect age and be eligible for reuse by one thread, and then by a
> second thread as the correct node->age is written.
>
> Fixes: 8080ffd81600 ("drm/i915/gt: Delay taking the spinlock for grabbing from the buffer pool")
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>

diff mbox series

Patch

diff --git a/drivers/gpu/drm/i915/gt/intel_gt_buffer_pool.c b/drivers/gpu/drm/i915/gt/intel_gt_buffer_pool.c
index 4b7671ac5dca..104cb30e8c13 100644
--- a/drivers/gpu/drm/i915/gt/intel_gt_buffer_pool.c
+++ b/drivers/gpu/drm/i915/gt/intel_gt_buffer_pool.c
@@ -134,6 +134,7 @@  static void pool_retire(struct i915_active *ref)
 	/* Return this object to the shrinker pool */
 	i915_gem_object_make_purgeable(node->obj);
 
+	GEM_BUG_ON(node->age);
 	spin_lock_irqsave(&pool->lock, flags);
 	list_add_rcu(&node->link, list);
 	WRITE_ONCE(node->age, jiffies ?: 1); /* 0 reserved for active nodes */
@@ -155,6 +156,7 @@  node_create(struct intel_gt_buffer_pool *pool, size_t sz)
 	if (!node)
 		return ERR_PTR(-ENOMEM);
 
+	node->age = 0;
 	node->pool = pool;
 	i915_active_init(&node->active, pool_active, pool_retire);