buggy/weird behavior in ttm

Maarten Lankhorst maarten.lankhorst at canonical.com
Mon Oct 15 12:32:51 PDT 2012 

Op 15-10-12 20:40, Thomas Hellstrom schreef:
> On 10/15/2012 05:37 PM, Maarten Lankhorst wrote:
>> Op 15-10-12 14:27, Thomas Hellstrom schreef:
>>> On 10/12/2012 12:09 PM, Maarten Lankhorst wrote:
>>>> Op 12-10-12 07:57, Thomas Hellstrom schreef:
>>>>> On 10/11/2012 10:55 PM, Maarten Lankhorst wrote:
>>>>>> Op 11-10-12 21:26, Thomas Hellstrom schreef:
>>>>>>> On 10/11/2012 08:42 PM, Maarten Lankhorst wrote:
>>>>>>>
>>>>>>>>> Anyway, if you plan to remove the fence lock and protect it with reserve, you must
>>>>>>>>> make sure that a waiting reserve is never done in a destruction path. I think this
>>>>>>>>> mostly concerns the nvidia driver.
>>>>>>>> Well I don't think any lock should ever be held during destruction time,
>>>>>>> What I mean is, that *something* needs to protect the fence pointer. Currently it's the
>>>>>>> fence lock, and I was assuming you'd protect it with reserve. And neither TTM nor
>>>>>>> Nvidia should, when a resource is about to be freed, be forced to *block* waiting for
>>>>>>> reserve just to access the fence pointer. When and if you have a solution that fulfills
>>>>>>> those requirements, I'm ready to review it.
>>>>>> It's not blocking, cleanup_refs_or_queue will toss it on the deferred list if reservation fails,
>>>>>> behavior doesn't change just because I changed the order around.
>>>>> Well, I haven't looked into the code in detail yet. If you say it's non-blocking I believe you.
>>>>> I was actually more concerned abut the Nvidia case where IIRC the wait was called both
>>>>> with and without reservation.
>>>>>
>>>>>
>>>>>>>>>> - no_wait_reserve is ignored if no_wait_gpu is false
>>>>>>>>>>        ttm_bo_reserve_locked can only return true if no_wait_reserve is true, but
>>>>>>>>>>        subsequently it will do a wait_unreserved if no_wait_gpu is false.
>>>>>>>>>> I'm planning on removing this argument and act like it is always true, since
>>>>>>>>>> nothing on the lru list should fail to reserve currently.
>>>>>>>>> Yes, since all buffers that are reserved are removed from the LRU list, there
>>>>>>>>> should never be a waiting reserve on them, so no_wait_reserve can be removed
>>>>>>>>> from ttm_mem_evict_first, ttm_bo_evict and possibly other functions in the call chain.
>>>>>>>> I suppose there will stay a small race though,
>>>>>>> Hmm, where?
>>>>>> When you enter the ddestroy path, you drop the lock and hope the buffer doesn't reserved
>>>>>> away from under you.
>>>>> Yes, that code isn't fully correct, it's missing a check for still on ddestroy after a waiting
>>>>> reserve. However, the only chance of a waiting reserve given that the buffer *IS* on the
>>>>> ddestroy list is if the current reserver returned early because someone started an
>>>>> accelerated eviction which can't happen currently. The code needs fixing up though.
>>>>>
>>>>>>>>>> - effectively unlimited callchain between some functions that all go through
>>>>>>>>>>        ttm_mem_evict_first:
>>>>>>>>>>
>>>>>>>>>>                                          /------------------------\
>>>>>>>>>> ttm_mem_evict_first - ttm_bo_evict -                          -ttm_bo_mem_space  - ttm_bo_mem_force_space - ttm_mem_evict_first
>>>>>>>>>>                                          \ ttm_bo_handle_move_mem /
>>>>>>>>>> I'm not surprised that there was a deadlock before, it seems to me it would
>>>>>>>>>> be pretty suicidal to ever do a blocking reserve on any of those lists,
>>>>>>>>>> lockdep would be all over you for this.
>>>>>>>>> Well, at first this may look worse than it actually is. The driver's eviction memory order determines the recursion depth
>>>>>>>>> and typically it's 0 or 1, since subsequent ttm_mem_evict_first should never touch the same LRU lists as the first one.
>>>>>>>>> What would typically happen is that a BO is evicted from VRAM to TT, and if there is no space in TT, another BO is evicted
>>>>>>>>> to system memory, and the chain is terminated. However a driver could set up any eviction order but that would be
>>>>>>>>> a BUG.
>>>>>>>>>
>>>>>>>>> But in essence, as you say, even with a small recursion depth, a waiting reserve could cause a deadlock.
>>>>>>>>> But there should be no waiting reserves in the eviction path currently.
>>>>>>>> Partially true, ttm_bo_cleanup_refs is currently capable of blocking reserve.
>>>>>>>> Fixing this might mean that ttm_mem_evict_first may need to become more aggressive,
>>>>>>>> since it seems all the callers of this function assume that ttm_mem_evict_first can only fail
>>>>>>>> if there is really nothing more to free and blocking nested would really upset lockdep
>>>>>>>> and leave you open to the same deadlocks.
>>>>>>> I can't see how the waiting reserve in ttm_bo_cleanup_refs would cause a deadlock,
>>>>>>> because the buffer about to be reserved is always *last* in a reservation sequence, and the
>>>>>>> reservation is always released (or the buffer destroyed) before trying to reserve another buffer.
>>>>>>> Technically the buffer is not looked up from a LRU list but from the delayed delete list.
>>>>>>> Could you describe such a deadlock case?
>>>>>> The only interesting case for this is ttm_mem_evict_first, and while it may not technically
>>>>>> be a deadlock, lockdep will flag you for blocking on this anyway, since the only reason it
>>>>>> would not be a deadlock is if you know the exact semantics of why.
>>>>> Interesting. I guess that must be because of the previous reservation history for that buffer?
>>>>> Let's say we were to reinitialize the lockdep history for the reservation object when it was put
>>>>> on the ddestroy list, I assume lockdep would keep quiet, because there are never any other
>>>>> bo reservations while such a buffer is reserved?
>>>> Lockdep works on classes of lock, not necessarily individual locks.
>>>>
>>>> Doing 2 bo_reserve's of any bo would count as possible deadlock, no matter if you
>>>> always take them in a certain order or not.
>>> So you mean that if I bo_reserve A and then bo_reserve B (which is used only when binding A to the GPU), lockdep will complain even if nobody ever bo_reserves B before A? That will make it impossible to use BOs as page tables for GPU binding for example.
>> As far as I tell can nobody does it like that, page tables are simply initialized on channel
>> creation, pinned in memory and kept like that while the host serializes with their own vm locking.
>
> I don't think the fact that nobody's using a feature yet is a valid argument to say it will never be used.
> With that argument a lot of code could go away. Including reservation objects... ;)
>
> Reserving multiple buffer objects in a pre-determined order is a perfectly valid thing to do. For example an
> execbuf implementation could ditch the ticketed reserve and instead do a quick sort of the buffer objects
> in pointer value order. And FWIW vmware have a couple of patches pending for a future "hardware" revision
> that implement GPU bind using buffer objects for page tables; the code becomes neat and we can use
> the delayed delete mechanism to avoid stalling at unbind time.
> So from my pow, if lockdep fails to handle that situation, the lockdep implementation is incomplete.
Well lockdep can only distinguish between classes. It would be possible to add a type of reservation_ticket
that is basically identical to ttm_bo_reserve with no ticket now, except lockdep won't be able to warn you
if you should yourself in the foot while doing it.

This is unfortunately a limitation of lockdep, since it can only warn about combinations of
classes/subclasses locks. As such, ttm object A and B look identical to ttm, this is why you
need the reservation_ticket dance, and is the only reason why lockdep is not even slower
than it already is.

However it won't be entirely useless, it will still warn about everything else that can go wrong,
the only check that will be disabled is the one where you mess up the reservation order in your
execbuffer implementation, so if that is the only place where you want to do those things it
wouldn't be hard to debug anyway.

>>
>>>> To make multi-object reservation work, the fix is to add a ticket "lock" of which all the
>>>> reservation objects are a nested lock of. Since in this case the ticket lock would prevent
>>>> deadlocks, this is acceptable.  Having 2 ticket 'locks' at the same time would count as
>>>> deadlock, rightfully. If you hold a reservation from a ticket, then try to reserve without
>>>> a ticket, it counts as deadlock too. See below for some examples I was using to test.
>>> But if a ticket lock can be used to abstract a locking sequence that we know will never deadlock,
>>> why can't we abstract locking from a list with atomic list removal with another "lock", and make sure we get the order right between them?
>> No, see the test below, lockdep won't be fooled by your diversions that easily!! :-)
>
> It's not a diversion, it's an attempt to abstract a valid locking scenario.
>
> I think you got me wrong. In the analogy of mutex_lock_nested(), (see
> http://www.mjmwired.net/kernel/Documentation/lockdep-design.txt
Oh that, basically you create a new subclass, but it's not needed for core ttm,
and won't help you with trying to do the a, b, c reservations in fixed order,
unless you want to give each buffer it's own class. This is unadvisable though,
it will render a lot of lockdep checks useless, run you against the 80 lock limit
of lockdep on multi object reservations and consume a whole lot of extra memory
for all other scenarios, so please don't. Especially not after all the time I just spent
getting rid of any dangerous blocking reservation in ttm_bo.c in the first place! :-)

btw what is ttm_bo_fbdev_io for? Just noticed that when I checked if I missed
any dangerous ttm_bo_reserve, but it doesn't seem to be used anywhere.

~Maarten

More information about the dri-devel mailing list