[Intel-gfx] [PATCH 1/2] drm/i915/ppgtt: Pin page directories before allocation

Chris Wilson chris at chris-wilson.co.uk
Wed Jan 31 21:44:39 UTC 2018 

Commit e2b763caa6eb ("drm/i915: Remove bitmap tracking for used-pdpes")
believed that because it did not insert its freshly allocated page
directory into the pd tree, it was safe from the shrinker. I failed to
heed the lesson learnt from commit dd19674bacba ("drm/i915: Remove bitmap
tracking for used-ptes") that we need to pin all the levels in the tree
before hitting the shrinker or else the shrinker may free an upper layer
as we proceed to allocate the tree. Thus leaving dangling pointers
everywhere and a GPF should we hit direct reclaim at just the wrong
moment.

Jan 24 10:32:48 eric-macbookpro kernel: CPU: 0 PID: 7374 Comm: chromium Tainted: P           O    4.14.13-1-ARCH #1
Jan 24 10:32:48 eric-macbookpro kernel: Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6, BIOS MBP121.88Z.0167.B33.1706181928 06/18/2017
Jan 24 10:32:48 eric-macbookpro kernel: task: ffff994f696c2c40 task.stack: ffffb1a789d4c000
Jan 24 10:32:48 eric-macbookpro kernel: RIP: 0010:gen8_ppgtt_set_pde.isra.40+0x48/0x70 [i915]
Jan 24 10:32:48 eric-macbookpro kernel: RSP: 0018:ffffb1a789d4f940 EFLAGS: 00010206
Jan 24 10:32:48 eric-macbookpro kernel: RAX: 81c1788cc4f68138 RBX: ffff994f54db8000 RCX: ffff994f696c2c40
Jan 24 10:32:48 eric-macbookpro kernel: RDX: 000000023bc73003 RSI: ffff994d598b6b80 RDI: ffff994f54db8000
Jan 24 10:32:48 eric-macbookpro kernel: RBP: ffff994d598b6b80 R08: 0000000000000000 R09: 0000000000000000
Jan 24 10:32:48 eric-macbookpro kernel: R10: ffffb1a789d4f550 R11: ffff994eaf3c3208 R12: 0000000000000027
Jan 24 10:32:48 eric-macbookpro kernel: R13: 0000000000005000 R14: 0000000004e8f000 R15: ffff994f54dba000
Jan 24 10:32:48 eric-macbookpro kernel: FS:  00007f585886aa00(0000) GS:ffff994faec00000(0000) knlGS:0000000000000000
Jan 24 10:32:48 eric-macbookpro kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 24 10:32:48 eric-macbookpro kernel: CR2: 00000000004ac8e8 CR3: 00000002552c8004 CR4: 00000000003606f0
Jan 24 10:32:48 eric-macbookpro kernel: Call Trace:
Jan 24 10:32:48 eric-macbookpro kernel:  gen8_ppgtt_alloc_pdp+0x178/0x320 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  gen8_ppgtt_alloc_4lvl+0x5f/0x150 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  ppgtt_bind_vma+0x30/0x70 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  i915_vma_bind+0x68/0xd0 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  __i915_vma_do_pin+0x2d6/0x3a0 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  eb_lookup_vmas+0x7a2/0xb50 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  i915_gem_do_execbuffer+0x4d7/0x10e0 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  ? sock_wfree+0x34/0x60
Jan 24 10:32:48 eric-macbookpro kernel:  ? unix_stream_read_generic+0x1f9/0x7e0
Jan 24 10:32:48 eric-macbookpro kernel:  ? import_iovec+0x37/0xd0
Jan 24 10:32:48 eric-macbookpro kernel:  ? i915_gem_execbuffer2+0x5d/0x390 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  i915_gem_execbuffer2+0x1b7/0x390 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  ? i915_gem_execbuffer+0x2d0/0x2d0 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  drm_ioctl_kernel+0x59/0xb0 [drm]
Jan 24 10:32:48 eric-macbookpro kernel:  drm_ioctl+0x2d5/0x370 [drm]
Jan 24 10:32:48 eric-macbookpro kernel:  ? i915_gem_execbuffer+0x2d0/0x2d0 [i915]
Jan 24 10:32:48 eric-macbookpro kernel:  ? __seccomp_filter+0x3b/0x260
Jan 24 10:32:48 eric-macbookpro kernel:  do_vfs_ioctl+0xa1/0x610
Jan 24 10:32:48 eric-macbookpro kernel:  ? syscall_trace_enter+0xdb/0x2b0
Jan 24 10:32:48 eric-macbookpro kernel:  SyS_ioctl+0x74/0x80
Jan 24 10:32:48 eric-macbookpro kernel:  do_syscall_64+0x55/0x110
Jan 24 10:32:48 eric-macbookpro kernel:  entry_SYSCALL64_slow_path+0x25/0x25
Jan 24 10:32:48 eric-macbookpro kernel: RIP: 0033:0x7f584fa82d27
Jan 24 10:32:48 eric-macbookpro kernel: RSP: 002b:00007ffee14a7828 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Jan 24 10:32:48 eric-macbookpro kernel: RAX: ffffffffffffffda RBX: 000003b0126a1030 RCX: 00007f584fa82d27
Jan 24 10:32:48 eric-macbookpro kernel: RDX: 00007ffee14a7870 RSI: 0000000040406469 RDI: 0000000000000080
Jan 24 10:32:48 eric-macbookpro kernel: RBP: 00007ffee14a7870 R08: 0000000000000002 R09: 0000000000000077
Jan 24 10:32:48 eric-macbookpro kernel: R10: 00007f5839f2b780 R11: 0000000000000246 R12: 0000000040406469
Jan 24 10:32:48 eric-macbookpro kernel: R13: 0000000000000080 R14: 00007f5842b00040 R15: 0000000000000000
Jan 24 10:32:48 eric-macbookpro kernel: Code: 01 00 83 81 58 0a 00 00 01 48 2b 05 13 9d fd c9 48 c1 f8 06 48 c1 e0 0c 48 8d 04 d0 48 8b 56 08 48 03 05 0c 9d fd c9 48 83 ca 03 <48> 89 10 83 a9 58 0a 00 00 01 65 ff 0d 37 03 fb 3e 74 02 f3 c3
Jan 24 10:32:48 eric-macbookpro kernel: RIP: gen8_ppgtt_set_pde.isra.40+0x48/0x70 [i915] RSP: ffffb1a789d4f940

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104773
Fixes: e2b763caa6eb ("drm/i915: Remove bitmap tracking for used-pdpes")
References: dd19674bacba ("drm/i915: Remove bitmap tracking for used-ptes")
Testcase: igt/drv_selftest/live_gtt (igt_ppgtt_shrink_boom)
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Cc: Matthew Auld <matthew.auld at intel.com>
---
 drivers/gpu/drm/i915/i915_gem_gtt.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
index b65426c0457d..955ce7bee448 100644
--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
+++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
@@ -1356,15 +1356,18 @@ static int gen8_ppgtt_alloc_pd(struct i915_address_space *vm,
 		int count = gen8_pte_count(start, length);
 
 		if (pt == vm->scratch_pt) {
+			pd->used_pdes++;
+
 			pt = alloc_pt(vm);
-			if (IS_ERR(pt))
+			if (IS_ERR(pt)) {
+				pd->used_pdes--;
 				goto unwind;
+			}
 
 			if (count < GEN8_PTES || intel_vgpu_active(vm->i915))
 				gen8_initialize_pt(vm, pt);
 
 			gen8_ppgtt_set_pde(vm, pd, pt, pde);
-			pd->used_pdes++;
 			GEM_BUG_ON(pd->used_pdes > I915_PDES);
 		}
 
@@ -1388,13 +1391,16 @@ static int gen8_ppgtt_alloc_pdp(struct i915_address_space *vm,
 
 	gen8_for_each_pdpe(pd, pdp, start, length, pdpe) {
 		if (pd == vm->scratch_pd) {
+			pdp->used_pdpes++;
+
 			pd = alloc_pd(vm);
-			if (IS_ERR(pd))
+			if (IS_ERR(pd)) {
+				pdp->used_pdpes--;
 				goto unwind;
+			}
 
 			gen8_initialize_pd(vm, pd);
 			gen8_ppgtt_set_pdpe(vm, pdp, pd, pdpe);
-			pdp->used_pdpes++;
 			GEM_BUG_ON(pdp->used_pdpes > i915_pdpes_per_pdp(vm));
 
 			mark_tlbs_dirty(i915_vm_to_ppgtt(vm));
-- 
2.15.1

More information about the Intel-gfx mailing list