[igt-dev] [PATCH i-g-t v29 31/32] lib/intel_batchbuffer: fix intel_bb cache
Zbigniew Kempczyński
zbigniew.kempczynski at intel.com
Tue Aug 18 14:05:28 UTC 2020
When objects array is reallocated index tree contains invalid pointers
and we got segmentation fault. Fix changes of the strategy of keeping
objects - now we have two indexes - cache (all objects added
previously to the bb) and current (contains objects added after soft
bb reset).
Signed-off-by: Zbigniew Kempczyński <zbigniew.kempczynski at intel.com>
Cc: Dominik Grzegorzek <dominik.grzegorzek at intel.com>
Cc: Chris Wilson <chris at chris-wilson.co.uk>
---
lib/intel_batchbuffer.c | 163 +++++++++++++++++++++++++++++-----------
lib/intel_batchbuffer.h | 8 +-
2 files changed, 127 insertions(+), 44 deletions(-)
diff --git a/lib/intel_batchbuffer.c b/lib/intel_batchbuffer.c
index e6d01915..feb98e42 100644
--- a/lib/intel_batchbuffer.c
+++ b/lib/intel_batchbuffer.c
@@ -1197,6 +1197,7 @@ static void __reallocate_objects(struct intel_bb *ibb)
ibb->objects = realloc(ibb->objects,
sizeof(*ibb->objects) *
(num + ibb->allocated_objects));
+
igt_assert(ibb->objects);
ibb->allocated_objects += num;
@@ -1286,7 +1287,6 @@ __intel_bb_create(int i915, uint32_t size, bool do_relocs)
}
ibb->gtt_size = gtt_size;
- __reallocate_objects(ibb);
ibb->batch_offset = __intel_bb_propose_offset(ibb);
intel_bb_add_object(ibb, ibb->handle, ibb->batch_offset, false);
@@ -1326,24 +1326,15 @@ struct intel_bb *intel_bb_create_with_relocs(int i915, uint32_t size)
return __intel_bb_create(i915, size, true);
}
-/*
- * tdestroy() calls free function for each node, but we spread tree
- * on objects array, so do nothing.
- */
-static void __do_nothing(void *node)
-{
- (void) node;
-}
-
static void __intel_bb_destroy_relocations(struct intel_bb *ibb)
{
uint32_t i;
/* Free relocations */
for (i = 0; i < ibb->num_objects; i++) {
- free(from_user_pointer(ibb->objects[i].relocs_ptr));
- ibb->objects[i].relocs_ptr = to_user_pointer(NULL);
- ibb->objects[i].relocation_count = 0;
+ free(from_user_pointer(ibb->objects[i]->relocs_ptr));
+ ibb->objects[i]->relocs_ptr = to_user_pointer(NULL);
+ ibb->objects[i]->relocation_count = 0;
}
ibb->relocs = NULL;
@@ -1356,13 +1347,19 @@ static void __intel_bb_destroy_objects(struct intel_bb *ibb)
free(ibb->objects);
ibb->objects = NULL;
- tdestroy(ibb->root, __do_nothing);
- ibb->root = NULL;
+ tdestroy(ibb->current, free);
+ ibb->current = NULL;
ibb->num_objects = 0;
ibb->allocated_objects = 0;
}
+static void __intel_bb_destroy_cache(struct intel_bb *ibb)
+{
+ tdestroy(ibb->root, free);
+ ibb->root = NULL;
+}
+
/**
* intel_bb_destroy:
* @ibb: pointer to intel_bb
@@ -1378,11 +1375,14 @@ void intel_bb_destroy(struct intel_bb *ibb)
__intel_bb_destroy_relocations(ibb);
__intel_bb_destroy_objects(ibb);
+ __intel_bb_destroy_cache(ibb);
+
gem_close(ibb->i915, ibb->handle);
if (ibb->fence >= 0)
close(ibb->fence);
+ free(ibb->batch);
free(ibb);
}
@@ -1404,30 +1404,37 @@ void intel_bb_reset(struct intel_bb *ibb, bool purge_objects_cache)
if (ibb->refcount > 1)
return;
+ /*
+ * For reset with no purging cache ensure we keep only supports 48bit
+ * address flag (we don't want to relocate).
+ */
+ for (i = 0; i < ibb->num_objects; i++)
+ ibb->objects[i]->flags &= EXEC_OBJECT_SUPPORTS_48B_ADDRESS;
+
__intel_bb_destroy_relocations(ibb);
+ __intel_bb_destroy_objects(ibb);
+ __reallocate_objects(ibb);
if (purge_objects_cache) {
- __intel_bb_destroy_objects(ibb);
- __reallocate_objects(ibb);
+ __intel_bb_destroy_cache(ibb);
+ ibb->batch_offset = __intel_bb_propose_offset(ibb);
+ } else {
+ struct drm_i915_gem_exec_object2 *object;
+
+ object = intel_bb_find_object(ibb, ibb->handle);
+ ibb->batch_offset = object ? object->offset :
+ __intel_bb_propose_offset(ibb);
}
gem_close(ibb->i915, ibb->handle);
ibb->handle = gem_create(ibb->i915, ibb->size);
- ibb->batch_offset = __intel_bb_propose_offset(ibb);
intel_bb_add_object(ibb, ibb->handle, ibb->batch_offset, false);
ibb->ptr = ibb->batch;
memset(ibb->batch, 0, ibb->size);
if (purge_objects_cache)
return;
-
- /*
- * For reset with no purging cache ensure we keep only supports 48bit
- * address flag (we don't want to relocate).
- */
- for (i = 0; i < ibb->num_objects; i++)
- ibb->objects[i].flags &= EXEC_OBJECT_SUPPORTS_48B_ADDRESS;
}
/*
@@ -1527,6 +1534,49 @@ static int __compare_objects(const void *p1, const void *p2)
return (int) ((int64_t) o1->handle - (int64_t) o2->handle);
}
+static struct drm_i915_gem_exec_object2 *
+__add_to_cache(struct intel_bb *ibb, uint32_t handle)
+{
+ struct drm_i915_gem_exec_object2 **found, *object;
+
+ object = malloc(sizeof(*object));
+ object->handle = handle;
+ found = tsearch((void *) object, &ibb->root, __compare_objects);
+
+ if (*found == object) {
+ memset(object, 0, sizeof(*object));
+ object->handle = handle;
+ } else {
+ free(object);
+ object = *found;
+ }
+
+ return object;
+}
+
+static int __compare_handles(const void *p1, const void *p2)
+{
+ return (int) (*(int32_t *) p1 - *(int32_t *) p2);
+}
+
+static void __add_to_objects(struct intel_bb *ibb,
+ struct drm_i915_gem_exec_object2 *object)
+{
+ uint32_t i, **found, *handle;
+
+ handle = malloc(sizeof(*handle));
+ *handle = object->handle;
+ found = tsearch((void *) handle, &ibb->current, __compare_handles);
+
+ if (*found == handle) {
+ __reallocate_objects(ibb);
+ i = ibb->num_objects++;
+ ibb->objects[i] = object;
+ } else {
+ free(handle);
+ }
+}
+
/**
* intel_bb_add_object:
* @ibb: pointer to intel_bb
@@ -1543,14 +1593,9 @@ intel_bb_add_object(struct intel_bb *ibb, uint32_t handle,
uint64_t offset, bool write)
{
struct drm_i915_gem_exec_object2 *object;
- struct drm_i915_gem_exec_object2 **found;
- uint32_t i;
- __reallocate_objects(ibb);
-
- i = ibb->num_objects;
- object = &ibb->objects[i];
- object->handle = handle;
+ object = __add_to_cache(ibb, handle);
+ __add_to_objects(ibb, object);
/* Limit current offset to gtt size */
object->offset = offset;
@@ -1558,13 +1603,6 @@ intel_bb_add_object(struct intel_bb *ibb, uint32_t handle,
object->offset = gen8_canonical_addr(offset & (ibb->gtt_size - 1));
object->alignment = ibb->alignment;
- found = tsearch((void *) object, &ibb->root, __compare_objects);
-
- if (*found == object)
- ibb->num_objects++;
- else
- object = *found;
-
if (object->offset == INTEL_BUF_INVALID_ADDRESS)
object->offset = __intel_bb_propose_offset(ibb);
@@ -1966,6 +2004,37 @@ static void print_node(const void *node, VISIT which, int depth)
}
}
+static struct drm_i915_gem_exec_object2 *
+create_objects_array(struct intel_bb *ibb)
+{
+ struct drm_i915_gem_exec_object2 *objects;
+ uint32_t i;
+
+ objects = malloc(sizeof(*objects) * ibb->num_objects);
+ igt_assert(objects);
+
+ for (i = 0; i < ibb->num_objects; i++)
+ objects[i] = *(ibb->objects[i]);
+
+ return objects;
+}
+
+static void update_offsets(struct intel_bb *ibb,
+ struct drm_i915_gem_exec_object2 *objects)
+{
+ struct drm_i915_gem_exec_object2 object;
+ struct drm_i915_gem_exec_object2 **found;
+ uint32_t i;
+
+ for (i = 0; i < ibb->num_objects; i++) {
+ object.handle = objects[i].handle;
+ found = tfind((void *) &object, &ibb->root, __compare_objects);
+ igt_assert(found);
+
+ (*found)->offset = objects[i].offset;
+ }
+}
+
/*
* @__intel_bb_exec:
* @ibb: pointer to intel_bb
@@ -1984,16 +2053,18 @@ int __intel_bb_exec(struct intel_bb *ibb, uint32_t end_offset,
uint32_t ctx, uint64_t flags, bool sync)
{
struct drm_i915_gem_execbuffer2 execbuf;
+ struct drm_i915_gem_exec_object2 *objects;
int ret, fence, new_fence;
- ibb->objects[0].relocs_ptr = to_user_pointer(ibb->relocs);
- ibb->objects[0].relocation_count = ibb->num_relocs;
- ibb->objects[0].handle = ibb->handle;
+ ibb->objects[0]->relocs_ptr = to_user_pointer(ibb->relocs);
+ ibb->objects[0]->relocation_count = ibb->num_relocs;
+ ibb->objects[0]->handle = ibb->handle;
gem_write(ibb->i915, ibb->handle, 0, ibb->batch, ibb->size);
memset(&execbuf, 0, sizeof(execbuf));
- execbuf.buffers_ptr = (uintptr_t) ibb->objects;
+ objects = create_objects_array(ibb);
+ execbuf.buffers_ptr = (uintptr_t) objects;
execbuf.buffer_count = ibb->num_objects;
execbuf.batch_len = end_offset;
execbuf.rsvd1 = ibb->ctx = ctx;
@@ -2008,9 +2079,13 @@ int __intel_bb_exec(struct intel_bb *ibb, uint32_t end_offset,
ret = __gem_execbuf_wr(ibb->i915, &execbuf);
if (ret) {
intel_bb_dump_execbuf(ibb, &execbuf);
+ free(objects);
return ret;
}
+ /* Update addresses in the cache */
+ update_offsets(ibb, objects);
+
/* Save/merge fences */
fence = execbuf.rsvd2 >> 32;
@@ -2034,6 +2109,8 @@ int __intel_bb_exec(struct intel_bb *ibb, uint32_t end_offset,
}
}
+ free(objects);
+
return 0;
}
diff --git a/lib/intel_batchbuffer.h b/lib/intel_batchbuffer.h
index 9c16e39f..8b9c1ed9 100644
--- a/lib/intel_batchbuffer.h
+++ b/lib/intel_batchbuffer.h
@@ -453,8 +453,14 @@ struct intel_bb {
uint32_t ctx;
+ /* Cache */
void *root;
- struct drm_i915_gem_exec_object2 *objects;
+
+ /* Current objects for execbuf */
+ void *current;
+
+ /* Objects for current execbuf */
+ struct drm_i915_gem_exec_object2 **objects;
uint32_t num_objects;
uint32_t allocated_objects;
uint64_t batch_offset;
--
2.26.0
More information about the igt-dev
mailing list