[Intel-gfx] [PATCH 0/5] dma-fence, i915: Stop allowing SLAB_TYPESAFE_BY_RCU for dma_fence
Tvrtko Ursulin
tvrtko.ursulin at linux.intel.com
Thu Jun 10 09:29:12 UTC 2021
On 09/06/2021 22:29, Jason Ekstrand wrote:
> Ever since 0eafec6d3244 ("drm/i915: Enable lockless lookup of request
> tracking via RCU"), the i915 driver has used SLAB_TYPESAFE_BY_RCU (it
> was called SLAB_DESTROY_BY_RCU at the time) in order to allow RCU on
> i915_request. As nifty as SLAB_TYPESAFE_BY_RCU may be, it comes with
> some serious disclaimers. In particular, objects can get recycled while
> RCU readers are still in-flight. This can be ok if everyone who touches
> these objects knows about the disclaimers and is careful. However,
> because we've chosen to use SLAB_TYPESAFE_BY_RCU for i915_request and
> because i915_request contains a dma_fence, we've leaked
> SLAB_TYPESAFE_BY_RCU and its whole pile of disclaimers to every driver
> in the kernel which may consume a dma_fence.
I don't think the part about leaking is true...
> We've tried to keep it somewhat contained by doing most of the hard work
> to prevent access of recycled objects via dma_fence_get_rcu_safe().
> However, a quick grep of kernel sources says that, of the 30 instances
> of dma_fence_get_rcu*, only 11 of them use dma_fence_get_rcu_safe().
> It's likely there bear traps in DRM and related subsystems just waiting
> for someone to accidentally step in them.
...because dma_fence_get_rcu_safe apears to be about whether the
*pointer* to the fence itself is rcu protected, not about the fence
object itself.
If one has a stable pointer to a fence dma_fence_get_rcu is I think
enough to deal with SLAB_TYPESAFE_BY_RCU used by i915_request (as dma
fence is a base object there). Unless you found a bug in rq field
recycling. But access to the dma fence is all tightly controlled so I
don't get what leaks.
> This patch series stops us using SLAB_TYPESAFE_BY_RCU for i915_request
> and, instead, does an RCU-safe slab free via rcu_call(). This should
> let us keep most of the perf benefits of slab allocation while avoiding
> the bear traps inherent in SLAB_TYPESAFE_BY_RCU. It then removes support
> for SLAB_TYPESAFE_BY_RCU from dma_fence entirely.
According to the rationale behind SLAB_TYPESAFE_BY_RCU traditional RCU
freeing can be a lot more costly so I think we need a clear
justification on why this change is being considered.
Regards,
Tvrtko
>
> Note: The last patch is labled DONOTMERGE. This was at Daniel Vetter's
> request as we may want to let this bake for a couple releases before we
> rip out dma_fence_get_rcu_safe entirely.
>
> Signed-off-by: Jason Ekstrand <jason at jlekstrand.net>
> Cc: Jon Bloomfield <jon.bloomfield at intel.com>
> Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
> Cc: Christian König <christian.koenig at amd.com>
> Cc: Dave Airlie <airlied at redhat.com>
> Cc: Matthew Auld <matthew.auld at intel.com>
> Cc: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
>
> Jason Ekstrand (5):
> drm/i915: Move intel_engine_free_request_pool to i915_request.c
> drm/i915: Use a simpler scheme for caching i915_request
> drm/i915: Stop using SLAB_TYPESAFE_BY_RCU for i915_request
> dma-buf: Stop using SLAB_TYPESAFE_BY_RCU in selftests
> DONOTMERGE: dma-buf: Get rid of dma_fence_get_rcu_safe
>
> drivers/dma-buf/dma-fence-chain.c | 8 +-
> drivers/dma-buf/dma-resv.c | 4 +-
> drivers/dma-buf/st-dma-fence-chain.c | 24 +---
> drivers/dma-buf/st-dma-fence.c | 27 +---
> drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 4 +-
> drivers/gpu/drm/i915/gt/intel_engine_cs.c | 8 --
> drivers/gpu/drm/i915/i915_active.h | 4 +-
> drivers/gpu/drm/i915/i915_request.c | 147 ++++++++++++----------
> drivers/gpu/drm/i915/i915_request.h | 2 -
> drivers/gpu/drm/i915/i915_vma.c | 4 +-
> include/drm/drm_syncobj.h | 4 +-
> include/linux/dma-fence.h | 50 --------
> include/linux/dma-resv.h | 4 +-
> 13 files changed, 110 insertions(+), 180 deletions(-)
>
More information about the Intel-gfx
mailing list