[PATCH] dma-buf: Eliminate all duplicate fences in dma_fence_unwrap_merge

Friedrich Vock friedrich.vock at gmx.de
Fri Oct 18 19:17:45 UTC 2024


Hi,

On 18.10.24 10:56, Christian König wrote:
> Am 18.10.24 um 07:46 schrieb Friedrich Vock:
>> When dma_fence_unwrap_merge is called on fence chains where the fences
>> aren't ordered by context, the merging logic breaks down and we end up
>> inserting fences twice. Doing this repeatedly leads to the number of
>> fences going up exponentially, and in some gaming workloads we'll end up
>> running out of memory to store the resulting array altogether, leading
>> to a warning such as:
>
> Ah! I was searching for that one for quite a while now.
>
> I own you a beer should you ever be near Cologne.

I visit the area somewhat regularly, I'll let you know the next time
around ;-)

>
> Please also see my patch on the mailing list to use kvzalloc() to
> mitigate this.
>
>>
>> vkd3d_queue: page allocation failure: order:7,
>> mode:0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO),
>> nodemask=(null),cpuset=/,mems_allowed=0
>> CPU: 2 PID: 5287 Comm: vkd3d_queue Tainted: G S
>> 6.10.7-200.fsync.fc40.x86_64 #1
>> Hardware name: Dell Inc. G5 5505/0NCW8W, BIOS 1.11.0 03/22/2022
>> Call Trace:
>>   <TASK>
>>   dump_stack_lvl+0x5d/0x80
>>   warn_alloc+0x164/0x190
>>   ? srso_return_thunk+0x5/0x5f
>>   ? __alloc_pages_direct_compact+0x1d9/0x220
>>   __alloc_pages_slowpath.constprop.2+0xd14/0xd80
>>   __alloc_pages_noprof+0x32b/0x350
>>   ? dma_fence_array_create+0x48/0x110
>>   __kmalloc_large_node+0x6f/0x130
>>   __kmalloc_noprof+0x2dd/0x4a0
>>   ? dma_fence_array_create+0x48/0x110
>>   dma_fence_array_create+0x48/0x110
>>   __dma_fence_unwrap_merge+0x481/0x5b0
>>   sync_file_merge.constprop.0+0xf8/0x180
>>   sync_file_ioctl+0x476/0x590
>>   ? srso_return_thunk+0x5/0x5f
>>   ? __seccomp_filter+0xe8/0x5a0
>>   __x64_sys_ioctl+0x97/0xd0
>>   do_syscall_64+0x82/0x160
>>   ? srso_return_thunk+0x5/0x5f
>>   ? drm_syncobj_destroy_ioctl+0x8b/0xb0
>>   ? srso_return_thunk+0x5/0x5f
>>   ? srso_return_thunk+0x5/0x5f
>>   ? __check_object_size+0x58/0x230
>>   ? srso_return_thunk+0x5/0x5f
>>   ? srso_return_thunk+0x5/0x5f
>>   ? drm_ioctl+0x2ba/0x530
>>   ? __pfx_drm_syncobj_destroy_ioctl+0x10/0x10
>>   ? srso_return_thunk+0x5/0x5f
>>   ? ktime_get_mono_fast_ns+0x3b/0xd0
>>   ? srso_return_thunk+0x5/0x5f
>>   ? amdgpu_drm_ioctl+0x71/0x90 [amdgpu]
>>   ? srso_return_thunk+0x5/0x5f
>>   ? syscall_exit_to_user_mode+0x72/0x200
>>   ? srso_return_thunk+0x5/0x5f
>>   ? do_syscall_64+0x8e/0x160
>>   ? syscall_exit_to_user_mode+0x72/0x200
>>   ? srso_return_thunk+0x5/0x5f
>>   ? do_syscall_64+0x8e/0x160
>>   ? srso_return_thunk+0x5/0x5f
>>   ? syscall_exit_to_user_mode+0x72/0x200
>>   ? srso_return_thunk+0x5/0x5f
>>   ? do_syscall_64+0x8e/0x160
>>   ? do_syscall_64+0x8e/0x160
>>   ? srso_return_thunk+0x5/0x5f
>>   entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>
>> It's a bit unfortunate that we end up with quadratic complexity w.r.t.
>> the number of merged fences in all cases, but I'd argue in practice
>> there shouldn't be more than a handful of in-flight fences to merge.
>>
>> Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3617
>> Signed-off-by: Friedrich Vock <friedrich.vock at gmx.de>
>> ---
>>   drivers/dma-buf/dma-fence-unwrap.c | 13 +++++++++++--
>>   1 file changed, 11 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/dma-buf/dma-fence-unwrap.c b/drivers/dma-buf/dma-
>> fence-unwrap.c
>> index 628af51c81af..46277cef0bc6 100644
>> --- a/drivers/dma-buf/dma-fence-unwrap.c
>> +++ b/drivers/dma-buf/dma-fence-unwrap.c
>> @@ -68,7 +68,7 @@ struct dma_fence *__dma_fence_unwrap_merge(unsigned
>> int num_fences,
>>       struct dma_fence *tmp, **array;
>>       ktime_t timestamp;
>>       unsigned int i;
>> -    size_t count;
>> +    size_t count, j;
>>
>>       count = 0;
>>       timestamp = ns_to_ktime(0);
>> @@ -127,6 +127,10 @@ struct dma_fence
>> *__dma_fence_unwrap_merge(unsigned int num_fences,
>>                * function is used multiple times. So attempt to order
>>                * the fences by context as we pass over them and merge
>>                * fences with the same context.
>> +             *
>> +             * We will remove any remaining duplicate fences down
>> +             * below, but doing this here saves us from having to
>> +             * iterate over the array to detect the duplicate.
>>                */
>>               if (!tmp || tmp->context > next->context) {
>>                   tmp = next;
>> @@ -145,7 +149,12 @@ struct dma_fence
>> *__dma_fence_unwrap_merge(unsigned int num_fences,
>>           }
>>
>>           if (tmp) {
>> -            array[count++] = dma_fence_get(tmp);
>> +            for (j = 0; j < count; ++j) {
>> +                if (array[count] == tmp)
>> +                    break;
>> +            }
>> +            if (j == count)
>> +                array[count++] = dma_fence_get(tmp);
>
> That is clearly not the right solution. Since comparing the context
> should have already removed all duplicates.

Sadly, not. This is true as long as the fences are ordered by context,
but this is not a given. The error manifests precisely when they are not
ordered.

Imagine we try to merge two chains/arrays that contain the same 4 fences
(I'll call them fences 1-4), but the second one has another fence with a
higher context (fence 5) in front of it.

I'll try to visualize the chains/arrays as ASCII art - we start out in a
state like this (the ^ marker referring to the current iterator position):

Result: <empty>

1. 1 -> 2 -> 3 -> 4
    ^
2. 5 -> 1 -> 2 -> 3 -> 4
    ^

Since fences 1-4 have a lower context than fence 5, we'll insert fences
1-4 first:

Result: 1 -> 2 -> 3 -> 4

1. 1 -> 2 -> 3 -> 4
                      ^
2. 5 -> 1 -> 2 -> 3 -> 4
    ^

Only then will we insert fence 5:

Result: 1 -> 2 -> 3 -> 4 -> 5

1. 1 -> 2 -> 3 -> 4
                      ^
2. 5 -> 1 -> 2 -> 3 -> 4
         ^

Now we're at fence 1 in the second chain/array, but we've already
inserted fences 1-4 from the first chain/array, so we fail to merge
them. Instead, they get reinserted:

Result: 1 -> 2 -> 3 -> 4 -> 5 -> 1 -> 2 -> 3 -> 4

1. 1 -> 2 -> 3 -> 4
                      ^
2. 5 -> 1 -> 2 -> 3 -> 4
                          ^

We can't assume the fences are in any sort of order w.r.t their context,
so if we want to check for duplicates exhaustively we'll always end up
with some kind of O(n^2) algorithm. I see only a handful of ways we can go:

a) Don't check exhaustively (current behavior). Obviously, this doesn't
work that well in practice.

b) Eat the O(n^2) cost (this patch). I've kept the current merging code
since it's an easy way to reduce the amount of times we have to do the
expensive duplicate check, but other than that I'm not sure we can do
much to reduce cost.

c) Enforce order w.r.t. context. I don't think we can require that fence
chains order their fences by context, they should be ordered by timeline
point (maybe it would work for arrays, but whatever). That leaves us
with having to sort the fences by context just before merging. That
would reduce complexity to some O(n log n) at worst, but in practice I
fear it might not be worth it compared to just iterating over the result
array a few times, especially given that once this bug is fixed, we
should be back to only a few fences to merge :)

Regards,
Friedrich

>
> Going to double check the code.
>
> Thanks,
> Christian.
>
>>               fences[sel] = dma_fence_unwrap_next(&iter[sel]);
>>           }
>>       } while (tmp);
>> --
>> 2.47.0
>>
>



More information about the dri-devel mailing list