On Fri, Nov 30, 2018 at 04:21:15PM -0800, Jeykumar Sankaran wrote:
On 2018-11-30 12:07, Sean Paul wrote:
> On Fri, Nov 30, 2018 at 11:45:55AM -0800, Jeykumar Sankaran wrote:
> > On 2018-11-29 14:15, Sean Paul wrote:
> > > On Tue, Nov 20, 2018 at 02:04:14PM -0800, Jeykumar Sankaran wrote:
> > > > On 2018-11-07 07:55, Sean Paul wrote:
> > > > > On Tue, Nov 06, 2018 at 02:36:30PM -0800, Jeykumar Sankaran
wrote:
> > > > > > msm maintains a separate structure to define vblank
> > > > > > work definitions and a list to track events submitted
> > > > > > to the workqueue. We can avoid this redundant list
> > > > > > and its protection mechanism, if we subclass the
> > > > > > work object to encapsulate vblank event parameters.
> > > > > >
> > > > > > changes in v2:
> > > > > > - subclass optimization on system wq (Sean Paul)
> > > > >
> > > > > I wouldn't do it like this, tbh. One problem is that you've
lost
> your
> > > > > flush() on
> > > > > unbind, so there's no way to know if you have workers in the
wild
> > > > > waiting
> > > > > to
> > > > > enable/disable vblank.
> > > > >
> > > > > Another issues is that AFAICT, we don't need a queue of
> > > > > enables/disables,
> > > > > but
> > > > > rather just the last requested state (ie: should we be on or
off).
> So
> > > > > things
> > > > > don't need to be this complicated (and we're possibly
thrashing
> vblank
> > > > > on/off
> > > > > for no reason).
> > > > >
> > > > > I'm still of the mind that you should just make this
synchronous
> and
> > > be
> > > > > done
> > > > > with the threads (especially since we're still
> uncovering/introducing
> > > > > races!).
> > > > >
> > > > While scoping out the effort to make vblank events synchronous,
I
> > > > found
> > > > that the spinlock locking order of vblank request sequence and
> vblank
> > > > callback
> > > > sequences are the opposite.
> > > >
> > > > In DPU, drm_vblank_enable acquires vblank_time_lock before
> registering
> > > > the crtc to encoder which happens after acquiring
encoder_spinlock.
> > > > But
> > > > the vblank_callback acquires encoder_spinlock before accessing
the
> > > > registered
> > > > crtc and calling into drm_vblank_handler which tries to acquire
> > > > vblank_time_lock.
> > > > Acquiring both vblank_time_lock and encoder_spinlock in the same
> > > > thread
> > > > is leading to deadlock.
> > >
> > > Hmm, I'm not sure I follow. Are you seeing issues where irq
overlaps
> > > with
> > > enable/disable? I hacked in sync vblank enable/disable quickly to
see
> if
> > > I
> > > could
> > > reproduce what you're seeing, but things seemed well behaved.
> > >
> >
> > The race is between drm_vblank_get/put and vblank_handler contexts.
> >
> > When made synchronous:
> >
> > while calling drm_vblank_get, the callstack looks like below:
> > drm_vblank_get -> drm_vblank_enable (acquires vblank_time_lock) ->
> > __enable_vblank -> dpu_crtc_vblank ->
> > dpu_encoder_toggle_vblank_for_crtc
> > (tries to acquire enc_spinlock)
> >
> > In vblank handler, the call stack will be:
> > dpu_encoder_phys_vid_vblank_irq -> dpu_encoder_vblank_callback
> > (acquires
> > enc_spinlock) -> dpu_crtc_vblank_callback -> drm_handle_vblank
> > (tries to
> > acquire vblank_time_lock)
>
> Hmm, I'm not sure how this can happen. We acquire and release the
> enc_spinlock
> before enabling the irq, yes we will hold on to the vbl_time_lock, but
> we
> shouldn't be trying to reacquire an encoder's spinlock after we've
> enabled
> it.
In the synchronous approach dpu_encoder_toggle_vblank_for_crtc(which
acquires the enc_spinlock) will be called while we
are holding the vbl_time_lock.
> I don't know how that can deadlock, since we should never be running
> enable and
> the handler concurrently.
>
I agree that vblank_irq handler should not be running before the
enable
sequence. But
don't you expect the handler to be running while calling the
vblank_disable
sequence?
This is an entirely different problem though. It's also one that is
easier
to
fix. I think we could probably grab the enc_spinlock in disable and
clear
the
crtc pointer.
vbl disable will try to acquire the locks in the opposite order to
that
of
irq_handler and the
same issue is bound to happen.
With your patch, you should be able to simulate this deadlock if you
can
inject a delay
by adding a pr_err log in vblank_ctrl_queue_work
Thanks,
Jeykumar S.
> The only thing I can think of is that the vblank interrupts are firing
> after
> vblank has been disabled? In that case, it seems like we should
properly
> flush
> them.
>
> Sean
>
>
> >
> >
> > > I do see that there is a chance to call drm_handle_vblank() while
> > > holding
> > > enc_spinlock, but couldn't find any obvious lock recursion there.
> > >
> > > Maybe a callstack or lockdep splat would help?
> > >
> > > Sean
> > >
> > >
> > > Here's my hack to bypass the display thread:
> > >
> > > diff --git a/drivers/gpu/drm/msm/msm_drv.c
> > > b/drivers/gpu/drm/msm/msm_drv.c
> > > index 9c9f7ff6960b38..5a3cac5825319e 100644
> > > --- a/drivers/gpu/drm/msm/msm_drv.c
> > > +++ b/drivers/gpu/drm/msm/msm_drv.c
> > > @@ -242,24 +242,19 @@ static void vblank_ctrl_worker(struct
> kthread_work
> > > *work)
> > > static int vblank_ctrl_queue_work(struct msm_drm_private *priv,
> > > int crtc_id, bool enable)
> > > {
> > > + struct msm_kms *kms = priv->kms;
> > > struct msm_vblank_ctrl *vbl_ctrl = &priv->vblank_ctrl;
> > > - struct vblank_event *vbl_ev;
> > > unsigned long flags;
> > >
> > > - vbl_ev = kzalloc(sizeof(*vbl_ev), GFP_ATOMIC);
> > > - if (!vbl_ev)
> > > - return -ENOMEM;
> > > + spin_lock_irqsave(&vbl_ctrl->lock, flags);
> > >
> > > - vbl_ev->crtc_id = crtc_id;
> > > - vbl_ev->enable = enable;
> > > + if (enable)
> > > + kms->funcs->enable_vblank(kms,
priv->crtcs[crtc_id]);
> > > + else
> > > + kms->funcs->disable_vblank(kms,
priv->crtcs[crtc_id]);
> > >
> > > - spin_lock_irqsave(&vbl_ctrl->lock, flags);
> > > - list_add_tail(&vbl_ev->node, &vbl_ctrl->event_list);
> > > spin_unlock_irqrestore(&vbl_ctrl->lock, flags);
> > >
> > > - kthread_queue_work(&priv->disp_thread[crtc_id].worker,
> > > - &vbl_ctrl->work);
> > > -
> > > return 0;
> > > }
> > >
> > Even with your patch above, I see frame is getting stuck but it
> > recovers
> in
> > a while.
> > The patch I tried was assigning
> crtc->funcs->enable_vblank/disable_vblank so
> > that
> > __enable_vblank can call crtc directly. But the above callstack is
> > still
> > valid for your patch.
> >
> > Thanks,
> > Jeykumar S.
> > >
> > >
> > > >
> > > > In MDP5, I see the same pattern between vblank_time_lock and
> list_lock
> > > which
> > > > is used to track the irq handlers.
> > > >
> > > > I believe that explains why msm_drv is queuing the vblank
> > > > enable/disable
> > > > works to WQ after acquiring vblank_time_lock.
> > > >
> > > > Thanks,
> > > > Jeykumar S.
> > > >
> > > > > Sean
> > > > >
> > > > > >
> > > > > > Signed-off-by: Jeykumar Sankaran <jsanka@xxxxxxxxxxxxxx>
> > > > > > ---
> > > > > > drivers/gpu/drm/msm/msm_drv.c | 67
> > > > > +++++++++++++------------------------------
> > > > > > drivers/gpu/drm/msm/msm_drv.h | 7 -----
> > > > > > 2 files changed, 20 insertions(+), 54 deletions(-)
> > > > > >
> > > > > > diff --git a/drivers/gpu/drm/msm/msm_drv.c
> > > > > b/drivers/gpu/drm/msm/msm_drv.c
> > > > > > index 6d6c73b..8da5be2 100644
> > > > > > --- a/drivers/gpu/drm/msm/msm_drv.c
> > > > > > +++ b/drivers/gpu/drm/msm/msm_drv.c
> > > > > > @@ -203,61 +203,44 @@ u32 msm_readl(const void __iomem
*addr)
> > > > > > return val;
> > > > > > }
> > > > > >
> > > > > > -struct vblank_event {
> > > > > > - struct list_head node;
> > > > > > +struct msm_vblank_work {
> > > > > > + struct work_struct work;
> > > > > > int crtc_id;
> > > > > > bool enable;
> > > > > > + struct msm_drm_private *priv;
> > > > > > };
> > > > > >
> > > > > > static void vblank_ctrl_worker(struct work_struct *work)
> > > > > > {
> > > > > > - struct msm_vblank_ctrl *vbl_ctrl = container_of(work,
> > > > > > - struct
> msm_vblank_ctrl,
> > > > > work);
> > > > > > - struct msm_drm_private *priv = container_of(vbl_ctrl,
> > > > > > - struct msm_drm_private,
> > > > > vblank_ctrl);
> > > > > > + struct msm_vblank_work *vbl_work = container_of(work,
> > > > > > + struct
> msm_vblank_work,
> > > > > work);
> > > > > > + struct msm_drm_private *priv = vbl_work->priv;
> > > > > > struct msm_kms *kms = priv->kms;
> > > > > > - struct vblank_event *vbl_ev, *tmp;
> > > > > > - unsigned long flags;
> > > > > > -
> > > > > > - spin_lock_irqsave(&vbl_ctrl->lock, flags);
> > > > > > - list_for_each_entry_safe(vbl_ev, tmp,
> &vbl_ctrl->event_list, node)
> > > > > {
> > > > > > - list_del(&vbl_ev->node);
> > > > > > - spin_unlock_irqrestore(&vbl_ctrl->lock, flags);
> > > > > > -
> > > > > > - if (vbl_ev->enable)
> > > > > > - kms->funcs->enable_vblank(kms,
> > > > > > -
> > > > > priv->crtcs[vbl_ev->crtc_id]);
> > > > > > - else
> > > > > > - kms->funcs->disable_vblank(kms,
> > > > > > -
> > > > > priv->crtcs[vbl_ev->crtc_id]);
> > > > > >
> > > > > > - kfree(vbl_ev);
> > > > > > -
> > > > > > - spin_lock_irqsave(&vbl_ctrl->lock, flags);
> > > > > > - }
> > > > > > + if (vbl_work->enable)
> > > > > > + kms->funcs->enable_vblank(kms,
> > > > > priv->crtcs[vbl_work->crtc_id]);
> > > > > > + else
> > > > > > + kms->funcs->disable_vblank(kms,
> > > > > priv->crtcs[vbl_work->crtc_id]);
> > > > > >
> > > > > > - spin_unlock_irqrestore(&vbl_ctrl->lock, flags);
> > > > > > + kfree(vbl_work);
> > > > > > }
> > > > > >
> > > > > > static int vblank_ctrl_queue_work(struct msm_drm_private
*priv,
> > > > > > int crtc_id, bool enable)
> > > > > > {
> > > > > > - struct msm_vblank_ctrl *vbl_ctrl = &priv->vblank_ctrl;
> > > > > > - struct vblank_event *vbl_ev;
> > > > > > - unsigned long flags;
> > > > > > + struct msm_vblank_work *vbl_work;
> > > > > >
> > > > > > - vbl_ev = kzalloc(sizeof(*vbl_ev), GFP_ATOMIC);
> > > > > > - if (!vbl_ev)
> > > > > > + vbl_work = kzalloc(sizeof(*vbl_work), GFP_ATOMIC);
> > > > > > + if (!vbl_work)
> > > > > > return -ENOMEM;
> > > > > >
> > > > > > - vbl_ev->crtc_id = crtc_id;
> > > > > > - vbl_ev->enable = enable;
> > > > > > + INIT_WORK(&vbl_work->work, vblank_ctrl_worker);
> > > > > >
> > > > > > - spin_lock_irqsave(&vbl_ctrl->lock, flags);
> > > > > > - list_add_tail(&vbl_ev->node, &vbl_ctrl->event_list);
> > > > > > - spin_unlock_irqrestore(&vbl_ctrl->lock, flags);
> > > > > > + vbl_work->crtc_id = crtc_id;
> > > > > > + vbl_work->enable = enable;
> > > > > > + vbl_work->priv = priv;
> > > > > >
> > > > > > - schedule_work(&vbl_ctrl->work);
> > > > > > + schedule_work(&vbl_work->work);
> > > > > >
> > > > > > return 0;
> > > > > > }
> > > > > > @@ -269,14 +252,13 @@ static int msm_drm_uninit(struct
device
> *dev)
> > > > > > struct msm_drm_private *priv = ddev->dev_private;
> > > > > > struct msm_kms *kms = priv->kms;
> > > > > > struct msm_mdss *mdss = priv->mdss;
> > > > > > - struct msm_vblank_ctrl *vbl_ctrl = &priv->vblank_ctrl;
> > > > > > - struct vblank_event *vbl_ev, *tmp;
> > > > > > int i;
> > > > > >
> > > > > > /* We must cancel and cleanup any pending vblank
> enable/disable
> > > > > > * work before drm_irq_uninstall() to avoid work
> re-enabling an
> > > > > > * irq after uninstall has disabled it.
> > > > > > */
> > > > > > +
> > > > > > msm_gem_shrinker_cleanup(ddev);
> > > > > >
> > > > > > drm_kms_helper_poll_fini(ddev);
> > > > > > @@ -292,12 +274,6 @@ static int msm_drm_uninit(struct device
> *dev)
> > > > > > #endif
> > > > > > drm_mode_config_cleanup(ddev);
> > > > > >
> > > > > > - flush_work(&vbl_ctrl->work);
> > > > > > - list_for_each_entry_safe(vbl_ev, tmp,
> &vbl_ctrl->event_list, node)
> > > > > {
> > > > > > - list_del(&vbl_ev->node);
> > > > > > - kfree(vbl_ev);
> > > > > > - }
> > > > > > -
> > > > > > /* clean up event worker threads */
> > > > > > for (i = 0; i < priv->num_crtcs; i++) {
> > > > > > if (priv->event_thread[i].thread) {
> > > > > > @@ -469,9 +445,6 @@ static int msm_drm_init(struct device
*dev,
> > > struct
> > > > > drm_driver *drv)
> > > > > > priv->wq = alloc_ordered_workqueue("msm", 0);
> > > > > >
> > > > > > INIT_LIST_HEAD(&priv->inactive_list);
> > > > > > - INIT_LIST_HEAD(&priv->vblank_ctrl.event_list);
> > > > > > - INIT_WORK(&priv->vblank_ctrl.work, vblank_ctrl_worker);
> > > > > > - spin_lock_init(&priv->vblank_ctrl.lock);
> > > > > >
> > > > > > drm_mode_config_init(ddev);
> > > > > >
> > > > > > diff --git a/drivers/gpu/drm/msm/msm_drv.h
> > > > > b/drivers/gpu/drm/msm/msm_drv.h
> > > > > > index 05d33a7..d4cbde2 100644
> > > > > > --- a/drivers/gpu/drm/msm/msm_drv.h
> > > > > > +++ b/drivers/gpu/drm/msm/msm_drv.h
> > > > > > @@ -77,12 +77,6 @@ enum msm_mdp_plane_property {
> > > > > > PLANE_PROP_MAX_NUM
> > > > > > };
> > > > > >
> > > > > > -struct msm_vblank_ctrl {
> > > > > > - struct work_struct work;
> > > > > > - struct list_head event_list;
> > > > > > - spinlock_t lock;
> > > > > > -};
> > > > > > -
> > > > > > #define MSM_GPU_MAX_RINGS 4
> > > > > > #define MAX_H_TILES_PER_DISPLAY 2
> > > > > >
> > > > > > @@ -225,7 +219,6 @@ struct msm_drm_private {
> > > > > > struct notifier_block vmap_notifier;
> > > > > > struct shrinker shrinker;
> > > > > >
> > > > > > - struct msm_vblank_ctrl vblank_ctrl;
> > > > > > struct drm_atomic_state *pm_state;
> > > > > > };
> > > > > >
> > > > > > --
> > > > > > The Qualcomm Innovation Center, Inc. is a member of the Code
> Aurora
> > > > > Forum,
> > > > > > a Linux Foundation Collaborative Project
> > > > > >
> > > > > > _______________________________________________
> > > > > > Freedreno mailing list
> > > > > > Freedreno@xxxxxxxxxxxxxxxxxxxxx
> > > > > > https://lists.freedesktop.org/mailman/listinfo/freedreno
> > > >
> > > > --
> > > > Jeykumar S
> >
> > --
> > Jeykumar S
--
Jeykumar S