[v2,0/7] xfree86: Handle drm race condition

Commit Message

Maarten Lankhorst March 19, 2013, 10:50 a.m. UTC

Hey,

Op 19-03-13 11:27, Chris Wilson schreef:
> On Tue, Mar 19, 2013 at 11:02:14AM +0100, Maarten Lankhorst wrote:
>> Hey,
>>
>> Op 19-03-13 10:21, Chris Wilson schreef:
>>> On Mon, Mar 18, 2013 at 01:51:44PM -0700, Bryce Harrington wrote:
>>>> Update:  Squashes a couple commits to avoid potential hang if
>>>> git bisecting.  No other changes from v1.
>>> I'd probably drop the last EAGAIN patch as that is part of the libdrm
>>> API, but other than that it looks to be a reasonably self-contained w/a
>>> for this perplexing problem.
>>>
>>> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
>>> -Chris
>>>
>> And completely wrong, version I pushed to ubuntu's xorg-server for comparison:
>>
>> Nacked-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
> So you pushed the busy-spin into drmSetMaster(), which is just a tighter
> variant of the above.
>
> Anything which adds the minimal delay, warns about that delay, and
> works around the issue is fine by me.
> -Chris

Here's what I think is happening, based on the information I have.

Because of the delayed fput in recent kernels, it is possible for plymouth to exit and not drop master right away.
It's put onto a workqueue to be freed slightly later. Xorg-server starts in the meantime, opens a fd, but because the fd
hasn't been closed by plymouth yet, it didn't get implicitly authenticated and it didn't get drm master either.

The drmSetMaster call is needed, but the spinning is really just waiting for the workqueue to run.

bryce's patch never worked, it just caused it to try drmsetinterfaceversion for a few seconds before timing out. That call
was failing because his patch series never tried to obtain drm master.

The get_drm_info call also makes it more likely to run into the same problem as well. It opens the fd and immediately
closes it again. This will re-trigger the race..

For testing I did a small patch in the drm core that drops drm master when opening device.
The patch is attached inline below.

radeon and intel driver both fail to load with it. Intel doesn't return an error, and falls back silently to modesetting.
radeon however complains similar to this:

[    42.876] (==) RADEON(G0): Depth 24, (--) framebuffer bpp 32
[    42.876] (II) RADEON(G0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps)
[    42.876] (==) RADEON(G0): Default visual is TrueColor
[    42.876] (==) RADEON(G0): RGB weight 888
[    42.876] (II) RADEON(G0): Using 8 bits per RGB (8 bit DAC)
[    42.876] (--) RADEON(G0): Chipset: "TURKS" (ChipID = 0x6741)
[    42.961] (EE) RADEON(G0): [drm] failed to set drm interface version.
[    42.961] (EE) RADEON(G0): Kernel modesetting setup failed

I've seen this error before in one of the races, so it's not just a theoretical issue. Just another possible failure mode.

I think all drivers have to be fixed to handle this case correctly, and they should probably all do the same spinning as well.

Comments

Chris Wilson March 19, 2013, 9:13 p.m. UTC | #1

On Tue, Mar 19, 2013 at 11:50:47AM +0100, Maarten Lankhorst wrote:
> The drmSetMaster call is needed, but the spinning is really just waiting for the workqueue to run.
> 
> bryce's patch never worked, it just caused it to try drmsetinterfaceversion for a few seconds before timing out. That call
> was failing because his patch series never tried to obtain drm master.

You missed that the series Bryce posted did contain the drmSetMaster()
call inside the loop to retry drmSetVersion(). :)

Your explanation as to why the delay is required is certainly
intriguing. Thanks,
-Chris

Maarten Lankhorst March 20, 2013, 8:40 a.m. UTC | #2

Hey,

Op 19-03-13 22:13, Chris Wilson schreef:
> On Tue, Mar 19, 2013 at 11:50:47AM +0100, Maarten Lankhorst wrote:
>> The drmSetMaster call is needed, but the spinning is really just waiting for the workqueue to run.
>>
>> bryce's patch never worked, it just caused it to try drmsetinterfaceversion for a few seconds before timing out. That call
>> was failing because his patch series never tried to obtain drm master.
> You missed that the series Bryce posted did contain the drmSetMaster()
> call inside the loop to retry drmSetVersion(). :)
>
>
Oh I must have missed that.

Is the drmSetInterfaceVersion call really needed here? If I look at DRM_IOCTL_GET_UNIQUE,
I don't see any requirement of drm master or anything, so it looks to me like for this specific race
the drmSetInterfaceVersion call can be skipped entirely without any side effects.
This would end up with cleaner code here, and drop the master requirement entirely.

Of course there's still a race that needs to be investigated, and is currently not completely understood, I think.

~Maarten

Maarten Lankhorst March 20, 2013, 10:43 a.m. UTC | #3

Op 20-03-13 09:40, Maarten Lankhorst schreef:
> Hey,
>
> Op 19-03-13 22:13, Chris Wilson schreef:
>> On Tue, Mar 19, 2013 at 11:50:47AM +0100, Maarten Lankhorst wrote:
>>> The drmSetMaster call is needed, but the spinning is really just waiting for the workqueue to run.
>>>
>>> bryce's patch never worked, it just caused it to try drmsetinterfaceversion for a few seconds before timing out. That call
>>> was failing because his patch series never tried to obtain drm master.
>> You missed that the series Bryce posted did contain the drmSetMaster()
>> call inside the loop to retry drmSetVersion(). :)
>>
>>
> Oh I must have missed that.
>
> Is the drmSetInterfaceVersion call really needed here? If I look at DRM_IOCTL_GET_UNIQUE,
> I don't see any requirement of drm master or anything, so it looks to me like for this specific race
> the drmSetInterfaceVersion call can be skipped entirely without any side effects.
> This would end up with cleaner code here, and drop the master requirement entirely.
>
> Of course there's still a race that needs to be investigated, and is currently not completely understood, I think.
>
Or worse, is that drmGetBusId call there even useful? From digging at the kernel it seems it's a per master value.
So if a device is hotplugged, it wouldn't be set yet. If someone else holds master, it wouldn't be set either.
In fact it would only be ever set from DRIOpenDRMMaster, but that call only happens a lot later, if it even happens at all.

It seems to me like opening the fd there should be removed entirely, and the bus id should be retrieved from the udev event instead.

I'll try to get something working for this.

~Maarten

Chris Wilson March 20, 2013, 2:09 p.m. UTC | #4

On Wed, Mar 20, 2013 at 09:40:04AM +0100, Maarten Lankhorst wrote:
> Is the drmSetInterfaceVersion call really needed here? If I look at DRM_IOCTL_GET_UNIQUE,
> I don't see any requirement of drm master or anything, so it looks to me like for this specific race
> the drmSetInterfaceVersion call can be skipped entirely without any side effects.
> This would end up with cleaner code here, and drop the master requirement entirely.

Indeed, it does look like drmSetVersion() at that point is overkill.
Instead we will hit the race later in the drivers. For the purposes of
clearer code, we could happily lose that drmSetVersion().
 
> Of course there's still a race that needs to be investigated, and is currently not completely understood, I think.

We are all in agreement. Ultimately we want to root cause the race, in
the meantime we need a fallback to make sure that no desktop is left
behind!
-Chris

Patch

diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index f369429..1d3099f 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -339,6 +339,7 @@  static int drm_open_helper(struct inode *inode, struct file *filp,
 			}
 		}
 		mutex_unlock(&dev->struct_mutex);
+		drm_dropmaster_ioctl(dev, NULL, priv);
 	} else {
 		/* get a reference to the master */
 		priv->master = drm_master_get(priv->minor->master);