<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">Yeah should be 0, typo sorry </p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">I use 3dmark test and successfully triggered a case in reserve_shared:</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">if (obj->staged!=NULL) {</p>
<p style="margin-top:0;margin-bottom:0">BUG();</p>
<p style="margin-top:0;margin-bottom:0">}</p>
<p style="margin-top:0;margin-bottom:0">kfree(obj->staged) </p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">Previously I cannot figure out why the hell this BUG() could be hit, finally the scenario comes up,</p>
<p style="margin-top:0;margin-bottom:0">you only need one add_excl_fence() after reserved_shared(), and next time the reserve_shared will </p>
<p style="margin-top:0;margin-bottom:0">go hit that BUG(), but that's okay, since it only frees the obj->staged that allocated right before this calling </p>
<p style="margin-top:0;margin-bottom:0">in the previous reserve_shared(), and no one refers to it now.</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Koenig, Christian<br>
<b>Sent:</b> Tuesday, March 6, 2018 6:05:27 PM<br>
<b>To:</b> Liu, Monk; dri-devel@lists.freedesktop.org; Chris Wilson<br>
<b>Subject:</b> Re: reservation questions</font>
<div> </div>
</div>
<div style="background-color:#FFFFFF">
<div class="x_moz-cite-prefix">Am 06.03.2018 um 10:56 schrieb Liu, Monk:<br>
</div>
<blockquote type="cite"><style type="text/css" style="display:none">
<!--
p
        {margin-top:0;
        margin-bottom:0}
-->
</style>
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br class="x_Apple-interchange-newline">
<span style="color:rgb(255,0,0)">sorry, I have some mistake in previous thread, correct it as followings.</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
1) considering below sequence:</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
call reservation_object_add_shared_fence,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
now assume old->shared_count is now 3</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
call reservation_object_add_shared_fence,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
now assume old->shared_count is now 4,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
call reservation_object_reserve_shared,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
now obj->staged is new allocated, and its shared_max = 8, but not</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
used by far.</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
call reservation_object_add_excl_fence,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
it set obj->fence->shared_count to 0, <b>and put all shared fence from obj->fence without waiting signaling.</b></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
(this action looks inappropriate, I think at least before put all those shared fences</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
we should dma_wait_fence() on them to make sure they are signaled)</div>
</div>
</blockquote>
<br>
The exclusive fence replaces all shared fences, e.g. the exclusive operation needs to wait for all shared fences before it can access the protected object. Because of this we can drop all shared fences when a new exclusive fence is set.<br>
<br>
<blockquote type="cite">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
call reservation_object_reserve_shared,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<b>this time obj->staged isn't NULL, and it is freed</b> (nothing bad now</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
since obj->fence points to other place),</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
and obj->staged set to NULL,</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="color:rgb(0,111,201)">call reservation_object_add_shared_fence,</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="color:rgb(0,111,201)">this time should going through <b>reservation_object_add_shared_inplace</b>,</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="color:rgb(0,111,201)">since old->shared_count is 1 now, during </span><span style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px; color:rgb(0,111,201)"><b>reservation_object_add_shared_inplace</b>()</span></div>
</div>
</blockquote>
<br>
Why would old->shared_count be 1 now? As far as I can see it should be zero.<br>
<br>
Christian.<br>
<br>
<blockquote type="cite">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px; color:rgb(0,111,201)">it would go through the shared list, but the fence in shared list is now wild pointer:</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<div style="color:rgb(212,212,212); background-color:rgb(30,30,30); font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback"; font-size:14px; line-height:19px; white-space:pre">
<div>    <span style="color:#c586c0">for</span> (i = <span style="color:#b5cea8">
0</span>; i < fobj-><span style="color:#9cdcfe">shared_count</span>; ++i) {</div>
<div>        <span style="color:#569cd6">struct</span> dma_fence *old_fence;</div>
<div><b>        old_fence = <span style="color:#dcdcaa">rcu_dereference_protected</span>(fobj-><span style="color:#9cdcfe">shared</span>[i],</b></div>
<div><b>                        <span style="color:#dcdcaa">reservation_object_held</span>(obj));</b></div>
<div>        <span style="color:#c586c0">if</span> (old_fence-><span style="color:#9cdcfe">context</span> == fence-><span style="color:#9cdcfe">context</span> &&</div>
<div>            <span style="color:#dcdcaa">dma_fence_is_later</span>(fence, old_fence)) {</div>
<div>            <span style="color:#608b4e">/* memory barrier is added by write_seqcount_begin */</span></div>
<div>            <span style="color:#dcdcaa">RCU_INIT_POINTER</span>(fobj-><span style="color:#9cdcfe">shared</span>[i], fence);</div>
<div>            <span style="color:#dcdcaa">write_seqcount_end</span>(&obj-><span style="color:#9cdcfe">seq</span>);</div>
<div>            <span style="color:#dcdcaa">preempt_enable</span>();</div>
<div>            <span style="color:#dcdcaa">dma_fence_put</span>(old_fence);</div>
<div>            <span style="color:#c586c0">return</span>;</div>
<div>        }</div>
<div>        <span style="color:#c586c0">if</span> (!signaled && <span style="color:#dcdcaa">
dma_fence_is_signaled</span>(old_fence)) {</div>
<div>            signaled = old_fence;</div>
<div>            signaled_idx = i;</div>
<div>        }</div>
<div>    }</div>
</div>
<br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">see that old_fence is get from fobj, and fobj is from </span><span style="font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback"; font-size:14px; white-space:pre; color:rgb(0,0,0)">reservation_object_get_list(obj)</span><span style="background-color:rgb(30,30,30); color:rgb(0,0,0); font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback"; font-size:14px; white-space:pre"></span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback"; font-size:14px; white-space:pre; color:rgb(0,0,0)">in outside, which is obj->fence, and in add_excl_fence, all dma_fence in</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback"; font-size:14px; white-space:pre; color:rgb(0,0,0)">obj->fence is already put.</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px"><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<span style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">/Monk</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif,serif,EmojiFont; font-size:16px">
<b><br>
</b></div>
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Liu, Monk<br>
<b>Sent:</b> Tuesday, March 6, 2018 5:45:19 PM<br>
<b>To:</b> <a class="x_moz-txt-link-abbreviated" href="mailto:dri-devel@lists.freedesktop.org">
dri-devel@lists.freedesktop.org</a>; Chris Wilson; Koenig, Christian<br>
<b>Subject:</b> reservation questions </font>
<div> </div>
</div>
<style type="text/css" style="display:none">
<!--
p
        {margin-top:0;
        margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Helvetica,sans-serif">
<div>Hi Christian & Chris</div>
<div><br>
</div>
<div>two question regarding resv:</div>
<div><br>
</div>
<div>1) considering below sequence:</div>
<div><br>
</div>
<div>call reservation_object_add_shared_fence,</div>
<div>now assume old->shared_count is now 3</div>
<div>call reservation_object_add_shared_fence,</div>
<div>now assume old->shared_count is now 4,</div>
<div><br>
</div>
<div>call reservation_object_reserve_shared,</div>
<div>now obj->staged is new allocated, and its shared_max = 8, but not</div>
<div>used by far.</div>
<div><br>
</div>
<div>call reservation_object_add_excl_fence,</div>
<div>it set obj->fence->shared_count to 0, <b>and put all shared fence from obj->fence without waiting signaling.</b></div>
<div>(this action looks inappropriate, I think at least before put all those shared fences</div>
<div>we should dma_wait_fence() on them to make sure they are signaled)</div>
<div><br>
</div>
<div>call reservation_object_reserve_shared,</div>
<div><b>this time obj->staged isn't NULL, and it is freed</b> (nothing bad now</div>
<div>since obj->fence points to other place),</div>
<div>and obj->staged set to NULL,</div>
<div><br>
</div>
<div>call reservation_object_add_shared_fence,</div>
<div>this time should going through reservation_object_add_shared_inplace,</div>
<div><b>But BUG_ON(old->shared_count >= old->shared_max) will hit !</b></div>
<div><b><br>
</b></div>
<div>This looks a design flaw in reservation object, shouldn't we fix it ?</div>
<div><b><br>
</b></div>
<div><br>
</div>
<div>2) in add_excl_fence(), it simply set old->shared_count to 0, and put all shared fences of old</div>
<div>is that correct? if excl fence is really exclusively used, why we still consider both shared fence and</div>
<div>excl fence on wait_timeout_rcu() routine, see blew description of this routine</div>
<div><br>
</div>
<div>
<div style="color:rgb(212,212,212); background-color:rgb(30,30,30); font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback"; font-size:14px; line-height:19px; white-space:pre">
<div><span style="color:#608b4e">/**</span></div>
<div><span style="color:#608b4e">* reservation_object_wait_timeout_rcu - Wait on reservation's objects</span></div>
<div><span style="color:#608b4e">* shared and/or exclusive fences.</span></div>
<div><span style="color:#608b4e">* @obj: the reservation object</span></div>
<div><span style="color:#608b4e">* @wait_all: if true, wait on all fences, else wait on just exclusive fence</span></div>
<div><span style="color:#608b4e">* @intr: if true, do interruptible wait</span></div>
<div><span style="color:#608b4e">* @timeout: timeout value in jiffies or zero to return immediately</span></div>
<div><span style="color:#608b4e">*</span></div>
<div><span style="color:#608b4e">* RETURNS</span></div>
<div><span style="color:#608b4e">* Returns -ERESTARTSYS if interrupted, 0 if the wait timed out, or</span></div>
<div><span style="color:#608b4e">* greater than zer on success.</span></div>
<div><span style="color:#608b4e">*/</span></div>
<div><span style="color:#569cd6">long</span> <span style="color:#dcdcaa">reservation_object_wait_timeout_rcu</span>(<span style="color:#569cd6">struct</span> reservation_object *obj,</div>
<div>                     <span style="color:#569cd6">bool</span> wait_all, <span style="color:#569cd6">
bool</span> intr,</div>
<div>                     <span style="color:#569cd6">unsigned</span> <span style="color:#569cd6">
long</span> timeout)</div>
</div>
<br>
</div>
<div><span style="font-size:12pt"> </span><br>
</div>
<div><span style="font-size:12pt">thanks</span></div>
<div>/Monk</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</div>
</body>
</html>