<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <p>The change you shared with me fixes the crash. Pl include in v8.<br> </p> <p><br> </p> <div class="moz-cite-prefix">On 3/18/2024 10:06 AM, Sharma, Shashank wrote:<br> </div> <blockquote type="cite" cite="mid:MW4PR12MB56671969437D89CACEEF999EF22D2@MW4PR12MB5667.namprd12.prod.outlook.com"> <style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style> <p style="font-family:Arial;font-size:10pt;color:#0000FF;margin:5pt;font-style:normal;font-weight:normal;text-decoration:none;" align="Left"> [AMD Official Use Only - General]<br> </p> <br> <div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"> Already sent a NULL check patch based on this backtrace, I am waiting for Rajneesh's feedback. </div> <div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"> <br> </div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"> Regards</div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"> Shashank</div> <hr style="display: inline-block; width: 98%;"> <div dir="ltr" id="divRplyFwdMsg" style="color: inherit; background-color: inherit;"> <span style="font-family: Calibri, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"><b>From:</b> Bhardwaj, Rajneesh <a class="moz-txt-link-rfc2396E" href="mailto:Rajneesh.Bhardwaj@amd.com"><Rajneesh.Bhardwaj@amd.com></a><br> <b>Sent:</b> Monday, March 18, 2024 3:04 PM<br> <b>To:</b> Sharma, Shashank <a class="moz-txt-link-rfc2396E" href="mailto:Shashank.Sharma@amd.com"><Shashank.Sharma@amd.com></a>; <a class="moz-txt-link-abbreviated" href="mailto:amd-gfx@lists.freedesktop.org">amd-gfx@lists.freedesktop.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:amd-gfx@lists.freedesktop.org"><amd-gfx@lists.freedesktop.org></a><br> <b>Cc:</b> Koenig, Christian <a class="moz-txt-link-rfc2396E" href="mailto:Christian.Koenig@amd.com"><Christian.Koenig@amd.com></a>; Deucher, Alexander <a class="moz-txt-link-rfc2396E" href="mailto:Alexander.Deucher@amd.com"><Alexander.Deucher@amd.com></a>; Kuehling, Felix <a class="moz-txt-link-rfc2396E" href="mailto:Felix.Kuehling@amd.com"><Felix.Kuehling@amd.com></a><br> <b>Subject:</b> Re: [PATCH v7 2/2] drm/amdgpu: sync page table freeing with tlb flush</span> <div> </div> </div> <p>HI Shashank</p> <p>We'll probably need a v8 with the null pointer crash fixed i.e. before freeing the PT entries check for a valid entry before calling amdgpu_vm_pt_free. The crash is seen with device memory allocators but the system memory allocators are looking fine.</p> <p> </p> <p>[ 127.255863] [drm] Using MTYPE_RW for local memory<br> [ 333.606136] hugetlbfs: test_with_MPI.e (25268): Using mlock ulimits for SHM_HUGETLB is obsolete<br> [ 415.351447] BUG: kernel NULL pointer dereference, address: 0000000000000008<br> [ 415.359245] #PF: supervisor write access in kernel mode<br> [ 415.365081] #PF: error_code(0x0002) - not-present page<br> [ 415.370817] PGD 101259067 P4D 101259067 PUD 10125a067 PMD 0<br> [ 415.377140] Oops: 0002 [#1] PREEMPT SMP NOPTI<br> [ 415.382004] CPU: 0 PID: 25481 Comm: test_with_MPI.e Tainted: G OE 5.18.2-mi300-build-140423-ubuntu-22.04+ #24<br> [ 415.394437] Hardware name: AMD Corporation Sh51p/Sh51p, BIOS RMO1001AS 02/21/2024<br> [ 415.402797] RIP: 0010:amdgpu_vm_ptes_update+0x6fd/0xa10 [amdgpu]<br> [ 415.409648] Code: 4c 89 ff 4d 8d 66 30 e8 f1 ed ff ff 48 85 db 74 42 48 39 5d a0 74 40 48 8b 53 20 48 8b 4b 18 48 8d 43 18 48 8d 75 b0 4c 89 ff <48<br> > 89 51 08 48 89 0a 49 8b 56 30 48 89 42 08 48 89 53 18 4c 89 63<br> [ 415.430621] RSP: 0018:ffffc9000401f990 EFLAGS: 00010287<br> [ 415.436456] RAX: ffff888147bb82f0 RBX: ffff888147bb82d8 RCX: 0000000000000000<br> [ 415.444426] RDX: 0000000000000000 RSI: ffffc9000401fa30 RDI: ffff888161f80000<br> [ 415.452397] RBP: ffffc9000401fa80 R08: 0000000000000000 R09: ffffc9000401fa00<br> [ 415.460368] R10: 00000007f0cc0000 R11: 00000007f0c85000 R12: ffffc9000401fb20<br> [ 415.468340] R13: 00000007f0d00000 R14: ffffc9000401faf0 R15: ffff888161f80000<br> [ 415.476312] FS: 00007f132ff89840(0000) GS:ffff889f87c00000(0000) knlGS:0000000000000000<br> [ 415.485350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br> [ 415.491767] CR2: 0000000000000008 CR3: 0000000161d46003 CR4: 0000000000770ef0<br> [ 415.499738] PKRU: 55555554<br> [ 415.502750] Call Trace:<br> [ 415.505482] <TASK><br> [ 415.507825] amdgpu_vm_update_range+0x32a/0x880 [amdgpu]<br> [ 415.513869] amdgpu_vm_clear_freed+0x117/0x250 [amdgpu]<br> [ 415.519814] amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu+0x18c/0x250 [amdgpu]<br> [ 415.527729] kfd_ioctl_unmap_memory_from_gpu+0xed/0x340 [amdgpu]<br> [ 415.534551] kfd_ioctl+0x3b6/0x510 [amdgpu]<br> [ 415.539324] ? kfd_ioctl_get_dmabuf_info+0x1d0/0x1d0 [amdgpu]<br> [ 415.545844] ? __fget_light+0xc5/0x100<br> [ 415.550037] __x64_sys_ioctl+0x91/0xc0<br> [ 415.554227] do_syscall_64+0x5c/0x80<br> [ 415.558223] ? debug_smp_processor_id+0x17/0x20<br> [ 415.563285] ? fpregs_assert_state_consistent+0x23/0x60<br> [ 415.569124] ? exit_to_user_mode_prepare+0x45/0x190<br> [ 415.574572] ? ksys_write+0xce/0xe0 </p> <p> </p> <p><br> </p> <p>On 3/18/2024 8:08 AM, Shashank Sharma wrote:</p> <blockquote> <pre><div>The idea behind this patch is to delay the freeing of PT entry objects until the TLB flush is done. This patch: - Adds a tlb_flush_waitlist in amdgpu_vm_update_params which will keep the objects that need to be freed after tlb_flush. - Adds PT entries in this list in amdgpu_vm_ptes_update after finding the PT entry. - Changes functionality of amdgpu_vm_pt_free_dfs from (df_search + free) to simply freeing of the BOs, also renames it to amdgpu_vm_pt_free_list to reflect this same. - Exports function amdgpu_vm_pt_free_list to be called directly. - Calls amdgpu_vm_pt_free_list directly from amdgpu_vm_update_range. V2: rebase V4: Addressed review comments from Christian - add only locked PTEs entries in TLB flush waitlist. - do not create a separate function for list flush. - do not create a new lock for TLB flush. - there is no need to wait on tlb_flush_fence exclusively. V5: Addressed review comments from Christian - change the amdgpu_vm_pt_free_dfs's functionality to simple freeing of the objects and rename it. - add all the PTE objects in params->tlb_flush_waitlist - let amdgpu_vm_pt_free_root handle the freeing of BOs independently - call amdgpu_vm_pt_free_list directly V6: Rebase V7: Rebase Cc: Christian König <a href="mailto:Christian.Koenig@amd.com" id="OWAe2a11fb1-18e0-f319-d80d-c378e055063c" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><Christian.Koenig@amd.com></a> Cc: Alex Deucher <a href="mailto:alexander.deucher@amd.com" id="OWA404c8d81-801b-477c-c7f4-9fa179311f59" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><alexander.deucher@amd.com></a> Cc: Felix Kuehling <a href="mailto:felix.kuehling@amd.com" id="OWA361739eb-d8ca-3054-e928-7e278c2e99ef" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><felix.kuehling@amd.com></a> Cc: Rajneesh Bhardwaj <a href="mailto:rajneesh.bhardwaj@amd.com" id="OWA9e2a4069-96f7-6ae6-91be-87c731cb149a" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><rajneesh.bhardwaj@amd.com></a> Acked-by: Felix Kuehling <a href="mailto:felix.kuehling@amd.com" id="OWA99c70d11-0e88-66bc-5689-19da89d5454b" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><felix.kuehling@amd.com></a> Acked-by: Rajneesh Bhardwaj <a href="mailto:rajneesh.bhardwaj@amd.com" id="OWAd8c39958-3757-1f7d-f6ad-a9e6e375fabf" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><rajneesh.bhardwaj@amd.com></a> Tested-by: Rajneesh Bhardwaj <a href="mailto:rajneesh.bhardwaj@amd.com" id="OWA89a6bcc1-c33d-1497-b152-191e1cb7404b" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><rajneesh.bhardwaj@amd.com></a> Signed-off-by: Shashank Sharma <a href="mailto:shashank.sharma@amd.com" id="OWAa8513ec2-5ff2-499b-f596-fae49d213265" class="x_moz-txt-link-rfc2396E OWAAutoLink" data-loopstyle="linkonly" moz-do-not-send="true"><shashank.sharma@amd.com></a> --- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 5 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 7 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 53 +++++++++++++---------- 3 files changed, 40 insertions(+), 25 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c index 26f1c3359642..eaa402f99fe0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c @@ -977,6 +977,7 @@ int amdgpu_vm_update_range(struct amdgpu_device *adev, struct amdgpu_vm *vm, params.unlocked = unlocked; params.needs_flush = flush_tlb; params.allow_override = allow_override; + INIT_LIST_HEAD(&params.tlb_flush_waitlist); /* Implicitly sync to command submissions in the same VM before * unmapping. Sync to moving fences before mapping. @@ -1062,8 +1063,10 @@ int amdgpu_vm_update_range(struct amdgpu_device *adev, struct amdgpu_vm *vm, if (r) goto error_unlock; - if (params.needs_flush) + if (params.needs_flush) { r = amdgpu_vm_tlb_flush(&params, fence); + amdgpu_vm_pt_free_list(adev, &params); + } error_unlock: amdgpu_vm_eviction_unlock(vm); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h index b0a4fe683352..54d7da396de0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h @@ -266,6 +266,11 @@ struct amdgpu_vm_update_params { * to be overridden for NUMA local memory. */ bool allow_override; + + /** + * @tlb_flush_waitlist: temporary storage for BOs until tlb_flush + */ + struct list_head tlb_flush_waitlist; }; struct amdgpu_vm_update_funcs { @@ -547,6 +552,8 @@ int amdgpu_vm_ptes_update(struct amdgpu_vm_update_params *params, uint64_t start, uint64_t end, uint64_t dst, uint64_t flags); void amdgpu_vm_pt_free_work(struct work_struct *work); +void amdgpu_vm_pt_free_list(struct amdgpu_device *adev, + struct amdgpu_vm_update_params *params); #if defined(CONFIG_DEBUG_FS) void amdgpu_debugfs_vm_bo_info(struct amdgpu_vm *vm, struct seq_file *m); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c index 601df0ce8290..440dc8c581fc 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c @@ -622,40 +622,30 @@ void amdgpu_vm_pt_free_work(struct work_struct *work) } /** - * amdgpu_vm_pt_free_dfs - free PD/PT levels + * amdgpu_vm_pt_free_list - free PD/PT levels * * @adev: amdgpu device structure - * @vm: amdgpu vm structure - * @start: optional cursor where to start freeing PDs/PTs - * @unlocked: vm resv unlock status + * @params: see amdgpu_vm_update_params definition * - * Free the page directory or page table level and all sub levels. + * Free the page directory objects saved in the flush list */ -static void amdgpu_vm_pt_free_dfs(struct amdgpu_device *adev, - struct amdgpu_vm *vm, - struct amdgpu_vm_pt_cursor *start, - bool unlocked) +void amdgpu_vm_pt_free_list(struct amdgpu_device *adev, + struct amdgpu_vm_update_params *params) { - struct amdgpu_vm_pt_cursor cursor; - struct amdgpu_vm_bo_base *entry; + struct amdgpu_vm_bo_base *entry, *next; + struct amdgpu_vm *vm = params->vm; + bool unlocked = params->unlocked; if (unlocked) { spin_lock(&vm->status_lock); - for_each_amdgpu_vm_pt_dfs_safe(adev, vm, start, cursor, entry) - list_move(&entry->vm_status, &vm->pt_freed); - - if (start) - list_move(&start->entry->vm_status, &vm->pt_freed); + list_splice_init(&vm->pt_freed, &params->tlb_flush_waitlist); spin_unlock(&vm->status_lock); schedule_work(&vm->pt_free_work); return; } - for_each_amdgpu_vm_pt_dfs_safe(adev, vm, start, cursor, entry) + list_for_each_entry_safe(entry, next, &params->tlb_flush_waitlist, vm_status) amdgpu_vm_pt_free(entry); - - if (start) - amdgpu_vm_pt_free(start->entry); } /** @@ -667,7 +657,11 @@ static void amdgpu_vm_pt_free_dfs(struct amdgpu_device *adev, */ void amdgpu_vm_pt_free_root(struct amdgpu_device *adev, struct amdgpu_vm *vm) { - amdgpu_vm_pt_free_dfs(adev, vm, NULL, false); + struct amdgpu_vm_pt_cursor cursor; + struct amdgpu_vm_bo_base *entry; + + for_each_amdgpu_vm_pt_dfs_safe(adev, vm, NULL, cursor, entry) + amdgpu_vm_pt_free(entry); } /** @@ -972,10 +966,21 @@ int amdgpu_vm_ptes_update(struct amdgpu_vm_update_params *params, while (cursor.pfn < frag_start) { /* Make sure previous mapping is freed */ if (cursor.entry->bo) { + struct amdgpu_vm_pt_cursor seek; + struct amdgpu_vm_bo_base *entry; + params->needs_flush = true; - amdgpu_vm_pt_free_dfs(adev, params->vm, - &cursor, - params->unlocked); + spin_lock(&params->vm->status_lock); + for_each_amdgpu_vm_pt_dfs_safe(adev, params->vm, &cursor, + seek, entry) { + list_move(&entry->vm_status, + &params->tlb_flush_waitlist); + } + + /* enter start node now */ + list_move(&cursor.entry->vm_status, + &params->tlb_flush_waitlist); + spin_unlock(&params->vm->status_lock); } amdgpu_vm_pt_next(adev, &cursor); } </div></pre> </blockquote> </div> </blockquote> </body> </html>