[Intel-gfx] [PATCH] drm/i915: Only free the unpin_work if cancelled before being run
daniel at ffwll.ch
Tue Apr 17 06:44:01 PDT 2012
On Tue, Apr 17, 2012 at 02:30:35PM +0100, Chris Wilson wrote:
> On Tue, 17 Apr 2012 12:33:46 +0200, Daniel Vetter <daniel at ffwll.ch> wrote:
> > On Tue, Apr 17, 2012 at 10:53:24AM +0100, Chris Wilson wrote:
> > > On Tue, 17 Apr 2012 10:29:38 +0100, Chris Wilson <chris at chris-wilson.co.uk> wrote:
> > > > The unpin worker frees it work struct and so during intel_crtc_disable
> > > > we should only also free the work struct if cancel_work_sync() reports
> > > > that it successfully cancelled the work prior to it being executed and
> > > > thus avoid the double free.
> > > >
> > > > The impact is only for people unloading modules during a fullscreen game
> > > > or movie playback, so extremely small.
> > >
> > > Futher review (hunting for some sign of workqueue corruption, cf
> > > https://bugs.freedesktop.org/show_bug.cgi?id=48798) says that if work is
> > > non-NULL here it will not have been scheduled so cancel_work_sync() will
> > > always return true.
> > Well, I've failed to notice this while reviewing the unpin_work life-cycle
> > ...
> > > Which also means that we have no way of waiting upon the scheduled
> > > unpin_work. :|
> > ... but have noticed that we lose any reference from intel_crtc to the
> > unpin work once it's scheduled, and checked that we properly flush the
> > work queue: See the ordering of irq disable, flush workqueue, then crtc
> > destroy (in mode_config_cleanup).
> > We even have a flush_workqueu in i915_dma.c before tearing down gem, but
> > that won't work too well now that unpin also frobs around with the fbc
> > state (which is gone by now). But there's still the misleading comment
> > that this syncs up with unpin work.
> > Care to clean this up a bit by
> > - ditching the unnecessary flush_workqueu in i915_dma.c
> Indeed looks superfluous. If we consider the unlikelihood the cleanup
> code being well-tested, I'd prefer that we did do something like
> drain_workqueue() as the first step in unload().
> > - move the comment about syncing up with unpin_work to where we actually
> > sync up
> I'm not finding another point where we explicitly sync with outstanding
> unpin work. Probably due to the comment being in the wrong place...
Well, I've just noticed that we call flush_scheduled_work instead of
flush_workqueue (i.e. the global one instead of our own), but we also put
the unpin work onto the global queue with schedule_work instead of our own
> > - and kill the superflous cancel_work?
> Which also reminds me that the unpin_work holds onto a few references
> that need to be released as well as the kfree. See above about these code
> paths being relatively untrod.
Oops. The problem is that unpin_work also calls the fbc update, so we need
to ensure that this is done before the fbc cleanup happened. Fun.
Mail: daniel at ffwll.ch
Mobile: +41 (0)79 365 57 48
More information about the Intel-gfx