[Intel-gfx] [PATCH] drm/i915: Hold dev->event_lock whilst inspecting intel_crtc->unpin_work

[Chris Wilson]

On Tue, Oct 13, 2015 at 12:23:38PM +0300, Ville Syrjälä wrote:
> On Sat, Oct 10, 2015 at 10:44:32AM +0100, Chris Wilson wrote:
> > We should serialise access to the intel_crtc->unpin_work through the
> > dev->event_lock spinlock. It should not be possible for it to disappear
> > without severe error as the mmio_flip worker has not tagged the
> > unpin_work pending flip-completion. Similarly if the error exists, just
> > taking the unpin_work whilst holding the spinlock and then using it
> > unserialised just masks the race. (It is supposed to be valid as the
> > unpin_work exists until the flip completion interrupt which should not
> > fire until we flush the mmio writes to update the display base which is
> > the last time we access the unpin_work from the kthread.)
> > 
> > References: https://bugs.freedesktop.org/show_bug.cgi?id=92335
> > Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
> 
> So not sure what's going on yet?

After a couple of nights sleeping on it, not a clue. Either I've missed
something that allows unpin_work to silenty disappear before we mark
work->pending as pending (let alone complete) or the oops is from
another racy pointer dereference. I'm going to guess the latter and see
if there are any candidates (here, I can believe that in the middle of
programming the flip we get an interrupt that causes the unpin work to
disappear).
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre