[PATCH v2 2/8] drm/i915: Drop user requested address spaces on driver remove

Janusz Krzysztofik janusz.krzysztofik at linux.intel.com
Wed Jul 1 13:44:18 UTC 2020


User requested additional address spaces associated with open device
file descriptors may now be closed and their associated DMA mappings
revoked as late as on device file close.  When the device is removed
while being open, DAM API may then issue a warning on the device
associated DMA mappings still active.  Moreover, subsequent attempts
to revoke those mappings while closing the device file descriptor may
be judged by intel-iommu code as a bug and result in kernel panic.

Since address spaces become useless after the device is no longer
available, drop them unconditionally on device removal.

<4> [36.900985] ------------[ cut here ]------------
<2> [36.901005] kernel BUG at drivers/iommu/intel-iommu.c:3717!
<4> [36.901105] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4> [36.901117] CPU: 0 PID: 39 Comm: kworker/u8:1 Tainted: G     U  W         5.7.0-rc5-CI-CI_DRM_8485+ #1
<4> [36.901133] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T3 CRB, BIOS EHLSFWI1.R00.1484.A00.1911290833 11/29/2019
<4> [36.901250] Workqueue: i915 __i915_vm_release [i915]
<4> [36.901264] RIP: 0010:intel_unmap+0x1f5/0x230
<4> [36.901274] Code: 01 e8 9f bc a9 ff 85 c0 74 09 80 3d df 60 09 01 00 74 19 65 ff 0d 13 12 97 7e 0f 85 fc fe ff ff e8 82 b0 95 ff e9 f2 fe ff ff <0f> 0b e8 d4 bd a9 ff 85 c0 75 de 48 c7 c2 10 84 2c 82 be 54 00 00
<4> [36.901302] RSP: 0018:ffffc900001ebdc0 EFLAGS: 00010246
<4> [36.901313] RAX: 0000000000000000 RBX: ffff8882561dd000 RCX: 0000000000000000
<4> [36.901324] RDX: 0000000000001000 RSI: 00000000ffd9c000 RDI: ffff888274c94000
<4> [36.901336] RBP: ffff888274c940b0 R08: 0000000000000000 R09: 0000000000000001
<4> [36.901348] R10: 000000000a25d812 R11: 00000000112af2d4 R12: ffff888252c70200
<4> [36.901360] R13: 00000000ffd9c000 R14: 0000000000001000 R15: ffff8882561dd010
<4> [36.901372] FS:  0000000000000000(0000) GS:ffff888278000000(0000) knlGS:0000000000000000
<4> [36.901386] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [36.901396] CR2: 00007f06def54950 CR3: 0000000255844000 CR4: 0000000000340ef0
<4> [36.901408] Call Trace:
<4> [36.901418]  ? process_one_work+0x1de/0x600
<4> [36.901494]  cleanup_page_dma+0x37/0x70 [i915]
<4> [36.901573]  free_pd+0x9/0x20 [i915]
<4> [36.901644]  gen8_ppgtt_cleanup+0x59/0xc0 [i915]
<4> [36.901721]  __i915_vm_release+0x14/0x30 [i915]
<4> [36.901733]  process_one_work+0x268/0x600
<4> [36.901744]  ? __schedule+0x307/0x8d0
<4> [36.901756]  worker_thread+0x37/0x380
<4> [36.901766]  ? process_one_work+0x600/0x600
<4> [36.901775]  kthread+0x140/0x160
<4> [36.901783]  ? kthread_park+0x80/0x80
<4> [36.901792]  ret_from_fork+0x24/0x50
<4> [36.901804] Modules linked in: mei_hdcp i915 x86_pkg_temp_thermal coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ax88179_178a usbnet mii mei_me mei prime_numbers intel_lpss_pci
<4> [36.901857] ---[ end trace 52d1b4d81f8d1ea7 ]---

v2: Extracted from a former patch that also covered removal of user
    contexts,
  - refactor existing functions to call new helpers which duplicate
    parts of their code.

Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik at linux.intel.com>
Cc: Michał Winiarski <michal.winiarski at intel.com>
---
 drivers/gpu/drm/i915/gem/i915_gem_context.c | 29 ++++++++++++---------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_context.c b/drivers/gpu/drm/i915/gem/i915_gem_context.c
index 00e3826ff88d..e3176a6a1ddd 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_context.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_context.c
@@ -1001,6 +1001,19 @@ static int context_remove(struct drm_i915_file_private *file_priv,
 	return 0;
 }
 
+static int vm_remove(struct drm_i915_file_private *file_priv,
+		     unsigned long idx)
+{
+	struct i915_address_space *vm;
+
+	vm = xa_erase(&file_priv->vm_xa, idx);
+	if (!vm)
+		return -ENOENT;
+
+	i915_vm_put(vm);
+	return 0;
+}
+
 void i915_gem_context_remove(struct drm_i915_file_private *file_priv)
 {
 	unsigned long idx;
@@ -1008,21 +1021,19 @@ void i915_gem_context_remove(struct drm_i915_file_private *file_priv)
 
 	xa_for_each(&file_priv->context_xa, idx, ptr)
 		context_remove(file_priv, idx);
+
+	xa_for_each(&file_priv->vm_xa, idx, ptr)
+		vm_remove(file_priv, idx);
 }
 
 void i915_gem_context_close(struct drm_file *file)
 {
 	struct drm_i915_file_private *file_priv = file->driver_priv;
 	struct drm_i915_private *i915 = file_priv->dev_priv;
-	struct i915_address_space *vm;
-	unsigned long idx;
 
 	i915_gem_context_remove(file_priv);
 
 	xa_destroy(&file_priv->context_xa);
-
-	xa_for_each(&file_priv->vm_xa, idx, vm)
-		i915_vm_put(vm);
 	xa_destroy(&file_priv->vm_xa);
 
 	contexts_flush_free(&i915->gem.contexts);
@@ -1077,7 +1088,6 @@ int i915_gem_vm_destroy_ioctl(struct drm_device *dev, void *data,
 {
 	struct drm_i915_file_private *file_priv = file->driver_priv;
 	struct drm_i915_gem_vm_control *args = data;
-	struct i915_address_space *vm;
 
 	if (args->flags)
 		return -EINVAL;
@@ -1085,12 +1095,7 @@ int i915_gem_vm_destroy_ioctl(struct drm_device *dev, void *data,
 	if (args->extensions)
 		return -EINVAL;
 
-	vm = xa_erase(&file_priv->vm_xa, args->vm_id);
-	if (!vm)
-		return -ENOENT;
-
-	i915_vm_put(vm);
-	return 0;
+	return vm_remove(file_priv, args->vm_id);
 }
 
 struct context_barrier_task {
-- 
2.21.1



More information about the Intel-gfx-trybot mailing list