[PATCH] drm/ttm: make ttm_bo_unpin more defensive
Daniel Vetter
daniel at ffwll.ch
Tue Mar 16 14:07:36 UTC 2021
On Tue, Mar 16, 2021 at 12:24 PM Thomas Hellström (Intel)
<thomas_os at shipmail.org> wrote:
>
>
> On 3/16/21 12:06 PM, Daniel Vetter wrote:
> > On Tue, Mar 16, 2021 at 11:38:53AM +0100, Thomas Hellström (Intel) wrote:
> >> Hi,
> >>
> >> On 3/16/21 10:27 AM, Daniel Vetter wrote:
> >>> On Mon, Mar 15, 2021 at 08:00:30PM +0100, Thomas Hellström (Intel) wrote:
> >>>> On 3/15/21 7:47 PM, Christian König wrote:
> >>>>> Am 15.03.21 um 18:08 schrieb Thomas Hellström (Intel):
> >>>>>> On 3/15/21 11:26 AM, Christian König wrote:
> >>>>>>> Am 13.03.21 um 19:29 schrieb Thomas Hellström (Intel):
> >>>>>>>> Hi, Christian
> >>>>>>>>
> >>>>>>>> On 3/12/21 10:38 AM, Christian König wrote:
> >>>>>>>>> We seem to have some more driver bugs than thought.
> >>>>>>>>>
> >>>>>>>>> Signed-off-by: Christian König <christian.koenig at amd.com>
> >>>>>>>>> ---
> >>>>>>>>> include/drm/ttm/ttm_bo_api.h | 6 ++++--
> >>>>>>>>> 1 file changed, 4 insertions(+), 2 deletions(-)
> >>>>>>>>>
> >>>>>>>>> diff --git a/include/drm/ttm/ttm_bo_api.h
> >>>>>>>>> b/include/drm/ttm/ttm_bo_api.h
> >>>>>>>>> index 4fb523dfab32..df9fe596e7c5 100644
> >>>>>>>>> --- a/include/drm/ttm/ttm_bo_api.h
> >>>>>>>>> +++ b/include/drm/ttm/ttm_bo_api.h
> >>>>>>>>> @@ -603,9 +603,11 @@ static inline void
> >>>>>>>>> ttm_bo_pin(struct ttm_buffer_object *bo)
> >>>>>>>>> static inline void ttm_bo_unpin(struct ttm_buffer_object *bo)
> >>>>>>>>> {
> >>>>>>>>> dma_resv_assert_held(bo->base.resv);
> >>>>>>>>> - WARN_ON_ONCE(!bo->pin_count);
> >>>>>>>>> WARN_ON_ONCE(!kref_read(&bo->kref));
> >>>>>>>>> - --bo->pin_count;
> >>>>>>>>> + if (bo->pin_count)
> >>>>>>>>> + --bo->pin_count;
> >>>>>>>>> + else
> >>>>>>>>> + WARN_ON_ONCE(true);
> >>>>>>>>> }
> >>>>>>>>> int ttm_mem_evict_first(struct ttm_device *bdev,
> >>>>>>>> Since I now have been staring for half a year at the code of
> >>>>>>>> the driver that made pinning an art, I have a couple of
> >>>>>>>> suggestions here, Could we use an atomic for pin_count,
> >>>>>>>> allowing unlocked unpinning but require the lock only for
> >>>>>>>> pin_count transition 0->1, (but unlocked for
> >>>>>>>> pin_if_already_pinned). In particular I think vmwgfx would
> >>>>>>>> benefit from unlocked unpins. Also if the atomic were a
> >>>>>>>> refcount_t, that would probably give you the above
> >>>>>>>> behaviour?
> >>>>>>> Nope, I've considered this as well while moving the pin count into TTM.
> >>>>>>>
> >>>>>>> The problem is that you not only need the BO reserved for 0->1
> >>>>>>> transitions, but also for 1->0 transitions to move the BO on the
> >>>>>>> LRU correctly.
> >>>>>> Ah, and there is no way to have us know the correct LRU list without
> >>>>>> reservation?
> >>>>> Not really, there is always the chance that CPU A is reducing the count
> >>>>> from 1->0 while CPU B is doing 0->1 and you end up with a LRU status
> >>>>> which doesn't match the pin count.
> >>>>>
> >>>>> We could try to do something like a loop updating the LRU status until
> >>>>> it matches the pin count, but the implications of that are usually
> >>>>> really nasty.
> >>>>>
> >>>> OK, yeah I was more thinking along the lines of protecting the LRU status
> >>>> with the global lru lock and unpin would then be
> >>>>
> >>>> if (refcount_dec_and_lock(&bo->pin_count, &ttm_glob.lru_lock)) {
> >>>> add_to_relevant_lrus(bo, bo->lru_status);
> >>>> spin_unlock(&ttm_glob.lru_lock);
> >>>> }
> >>>>
> >>>> But looking at ttm_bo_move_to_lru_tail() I realize that's not really trivial
> >>>> anymore. I hope it's doable at some point though.
> >>>>
> >>>> But meanwhile, perhaps TTM needs to accept and pave over that drivers are in
> >>>> fact destroying pinned buffers?
> >>> Do we have more trouble than the very fancy tricks vmwgfx does? If so I
> >>> think we could do a small helper that like ttm_dont_check_unpin() to shut
> >>> it up. Since vmwgfx drivers tend to not be loaded with any other drivers
> >>> that shouldn't reduce any test coverage. And allows vmwgfx folks to figure
> >>> out what to do - maybe you do need your own in-house pin/unpin for these
> >>> special bo?
> >>>
> >>> I did try to parse your reply in the other thread, and tbh I didn't grock
> >>> it.
> >> Not sure if you mean the description was unclear or if you thought it was a
> >> bad idea, but in case the former, what I mean is
> > My unclarity is on what you explained in the vmwgfx thread about how
> > vmwgfx uses its pin/unpin and why. That was full of vmwgfx concepts I
> > don't know about. This here looks reasonably clear to me, but it does have
> > the race Christian sees I think.
>
> Hmm, OK, I thought transition 0->1 under the LRU lock would have
> resolved that...
Hm now you make me question how this all works again, and when it
stops working. I do think yours works, but it triggers another icky
thing I have with refcounts and locking. And at this point pin_count
is more a refcount really ...
So imo the way to do a weak refcount is kref_get_unless_zero, because
that way you do not have to hold the lock on the final unref, but
instead you can remove all weakly referenced entries (lookup caches,
lru, whatever) simply in your cleanup code (and there still grab the
right lock ofc), and the refcount_dec isn't special.
The other approach is the refcount_dec_and_lock, and this works, but
only for a single lock. So as soon as you have multiple weak
references, or possible weak references, then it falls apart, because
you can't take all the locks for all of them for the final decrement.
Now ofc our pin_count here isn't a weak reference, but I think it's
easier to analyze with that concept in mind. But conclusion is the
same, as soon as we need multiple lru locks for the final unpin, we're
toast. And Christian wants to move to a per-memory region lru lock, so
that would just dig us in in another corner.
So that does work now that I look closer, but it kinda worries me for
other reasons. And handling weak references with the refcount_and_lock
has cause a lot of pain in the past (e.g. just moving the final gem_bo
unreference from under drm_device->struct_mutex was a multi-year
effort full of pain). drm_prime import/export caches also had similar
problems, and the same applies to some of the things we do with kms
objects. It's become a bit an anti-pattern for handling refcount_t and
locks protecting weak references for me at least.
> >> static void ttm_bo_pin(struct ttm_buffer_object *bo)
> >> {
> >>
> >> dma_resv_assert_held() // No surprises if an evictor
> >> determined that this object is not pinned.
> >>
> >> if (!refcount_inc_not_zero(&bo->pin_count)) { // Could be made
> >> ttm_bo_pin_if_pinned() and exported if there are users
> >> spin_lock(&ttm_glob.lru_lock); // Don't race with unpin
> >> 1->0
> >> if (refcount_read(&bo->pin_count) == 0 && bo->lru)
> >> ttm_bo_del_from_lru(bo);
> >> refcount_inc(&bo->pin_count);
> >> spin_unlock(&ttm_glob.lru_lock);
> >> }
> >> }
> >>
> >> static void ttm_bo_unpin(struct ttm_buffer_object *bo)
> >> {
> >> if (refcount_dec_and_lock(&bo->pin_count, &ttm_glob.lru_lock)) {
> >> ttm_bo_move_to_lru_tail(bo, bo->lru_mem_type, bo->lru_prio,
> >> NULL);
> >> spin_unlock(&ttm_glob.lru_lock);
> >> }
> >> }
> >>
> >> In addition, bo->lru_mem_type and bo->lru_prio would need to be protected by
> >> the lru lock, and updated together with the LRU list position, which would
> >> be the extra complexity in fastpaths. Wouldn't that resolve the pin - lru
> >> inconsistency?
> >>
> >> But yeah if vmwgfx is the only driver hitting trouble because of this, then
> >> I agree let's leave it for when / if it becomes needed. Having had that
> >> requirement in the Intel driver would have complicated the dma_resv work
> >> quite a lot.
> > Yeah I know i915 does a lot of unpin in interesting places, and that's
> > part of why I'm worried. I've seen some bugfixes fly by that dropped
> > dma_resv_lock around unpin to fix really scary looking stalls
> > (rcu_synchronize vs other stuff and lockdep did not catch it). And once I
> > see that kind of stuff I'm heavily leaning towards simpler locking we can
> > grasp, just to be able to stay on top of the bugs. Because the bugfix did
> > not come with any clear explanation for why not taking dma_resv_lock
> > actually helps, or any other clear and in-depth locking analysis.
> >
> > I think we also still have some temporary pin/unpin flying about, but
> > maybe those are all gone now.
>
> No, unfortunately they aren't and yes, I now see your point. And yes, if
> we can reduce the pinning to only display kinds of things this wouldn't
> really matter. But if not, I'm afraid the alternative is that drivers
> will have to start resorting to assuming perhaps incorrectly that an
> object is isolated (only a single user), and that therefore tryreserve
> for unpinning will always succeed, which is fragile at best. (This is
> what vmwgfx does for the pagetables). And pinning pagetables in that
> case makes sense since it reduces the number of buffers to validate and
> fence by 50%...
Yeah WARN_ON(tryreserve) is also a very fragile approach.
Now for pagetables I think amdgpu has a very nice approach.
Essentially any pagetable object you assign to the same dma_resv
object that you have on your vm structure. That way you dma_resv_lock
your vm, and all your vm related buffer objects (all the pagetables
really) are locked and can be reserved. Also, activity tracking (if
you don't have tlb flushes through mmio, only through in-line command
submission) with dma_fences also becomes O(1).
Now even that isn't good enough since you still have to
O(#pagetable_objects) reserve your buffers. But again amdgpu has a
trick for that: For these private objects they're essentially treated
as always bound for that vm (because really, they are), so you
optimize for the unbound case: When one of these vm objects gets
evicted we put them on the vm->evicted_bo list. Since we know these
objects are private we now the single list entry per bo isn't a
problem, these objects are never used by any other vm.
The final trick is the lru, and that's solved with the bulk move
tricks. End result: No need to pin pagetables while still getting O(1)
execbuf for them. It's really neat.
On top of that amdgpu also has an allocation flag where userspace
promises to never share a buffer beyond that single VM it's allocated
for. That allows them to also handle all the various state buffers and
anything else that's guaranteed to be unshared with the same trick.
Which for many buffers essentially gives you O(1) execbuf for what
we're trying to do with our VM_BIND. All while still making it look to
the driver (and ttm) at large that the buffer is fully managed with
dma_resv and fences, running around on the lru like anything else. And
so integrates into the eviction code with zero special cases.
Last time I looked our own VM_BIND isn't quite there yet with that
much finesse in the implementation.
But also, I'm kinda diverging a bit from the topic :-)
Back to i915: I do think we need to give all our unpin a serious
review. A lot of them are motivated by lock dropping tricks to come
from the good old days of everything is protected by
dev->struct_mutex. So essentially we've hand-rolled a fairly bad
semaphore with our pin_count (you can't even wait on all the temp pins
to drop out!). And imo part of the longer term switch to dma_resv
should be to check which of these lock dropping tricks we really still
need, and which we can sunset.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list