Hi Daniel,
On Wed, 20 May 2020 20:02:32 +0200
Daniel Vetter <daniel.vetter@xxxxxxxx> wrote:
> - Ditch the ->pages array
> - Make it a private gem bo, which means no shmem object, which means
> fireworks if anyone calls drm_gem_object_get_pages. But we've just
> made sure that's all covered.
>
> v2: Rebase
>
> Acked-by: Thomas Zimmermann <tzimmermann@xxxxxxx>
> Cc: Gerd Hoffmann <kraxel@xxxxxxxxxx>
> Cc: Rob Herring <robh@xxxxxxxxxx>
> Cc: Noralf Trønnes <noralf@xxxxxxxxxxx>
> Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx>
I see a bunch of
[ 38.261313] ------------[ cut here ]------------
[ 38.261740] WARNING: CPU: 4 PID: 2945 at drivers/gpu/drm/drm_gem_shmem_helper.c:137 drm_gem_shmem_free_object+0xb4/0xe0
[ 38.262676] Modules linked in:
[ 38.262949] CPU: 4 PID: 2945 Comm: Xwayland Not tainted 5.7.0-rc1-00111-g9c7e526c43d0 #520
[ 38.263667] Hardware name: Radxa ROCK Pi 4 (DT)
[ 38.264062] pstate: 60000005 (nZCv daif -PAN -UAO)
[ 38.264482] pc : drm_gem_shmem_free_object+0xb4/0xe0
[ 38.264916] lr : drm_gem_shmem_free_object+0x38/0xe0
[ 38.265348] sp : ffff800011cebbb0
[ 38.265639] x29: ffff800011cebbb0 x28: ffff800011cebd88
[ 38.266102] x27: 0000000000000000 x26: ffff000072a1f400
[ 38.266566] x25: 0000000000000009 x24: ffff000072a1f400
[ 38.267029] x23: 0000000000000002 x22: ffff000079409080
[ 38.267492] x21: ffff000079409280 x20: ffff00006c304800
[ 38.267955] x19: ffff00006c304800 x18: 0000000000000000
[ 38.268417] x17: 0000000000000000 x16: 0000000000000000
[ 38.268880] x15: 0000000000000000 x14: 0000000000000000
[ 38.269343] x13: 0001000000000000 x12: 0000000000000008
[ 38.269806] x11: 000000000000ffff x10: 0000000000000000
[ 38.270269] x9 : 0000000000000001 x8 : 0000000000210d00
[ 38.270732] x7 : 0000000000000001 x6 : ffff800011307980
[ 38.271195] x5 : ffff00006641c240 x4 : ffff00006ee1b400
[ 38.271656] x3 : 0000000000000004 x2 : aafbc6f338cf6000
[ 38.272119] x1 : 0000000000000000 x0 : 00000000ffffffff
[ 38.272583] Call trace:
[ 38.272799] drm_gem_shmem_free_object+0xb4/0xe0
[ 38.273203] panfrost_gem_free_object+0xf0/0x128
[ 38.273608] drm_gem_object_free+0x18/0x40
[ 38.273967] drm_gem_object_handle_put_unlocked+0xe4/0xe8
[ 38.274439] drm_gem_object_release_handle+0x6c/0x98
[ 38.274872] drm_gem_handle_delete+0x84/0x140
[ 38.275253] drm_gem_close_ioctl+0x2c/0x40
[ 38.275612] drm_ioctl_kernel+0xb8/0x108
[ 38.275954] drm_ioctl+0x214/0x450
[ 38.276255] ksys_ioctl+0xa0/0xe0
[ 38.276546] __arm64_sys_ioctl+0x1c/0x28
[ 38.276891] el0_svc_common.constprop.0+0x68/0x160
[ 38.277310] do_el0_svc+0x20/0x80
[ 38.277602] el0_sync_handler+0x10c/0x178
[ 38.277952] el0_sync+0x140/0x180
[ 38.278242] ---[ end trace db5754ef8b213ce5 ]---
after applying that patch. Didn't have time to dig through it, unfortunately.
> ---
> drivers/gpu/drm/drm_gem_shmem_helper.c | 59 ++++++++++----------------
> 1 file changed, 23 insertions(+), 36 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
> index 06cee8e97d27..f6854af206d2 100644
> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
> @@ -35,22 +35,12 @@ static const struct drm_gem_object_funcs drm_gem_shmem_funcs = {
> .mmap = drm_gem_shmem_mmap,
> };
>
> -/**
> - * drm_gem_shmem_create - Allocate an object with the given size
> - * @dev: DRM device
> - * @size: Size of the object to allocate
> - *
> - * This function creates a shmem GEM object.
> - *
> - * Returns:
> - * A struct drm_gem_shmem_object * on success or an ERR_PTR()-encoded negative
> - * error code on failure.
> - */
> -struct drm_gem_shmem_object *drm_gem_shmem_create(struct drm_device *dev, size_t size)
> +static struct drm_gem_shmem_object *
> +__drm_gem_shmem_create(struct drm_device *dev, size_t size, bool private)
> {
> struct drm_gem_shmem_object *shmem;
> struct drm_gem_object *obj;
> - int ret;
> + int ret = 0;
>
> size = PAGE_ALIGN(size);
>
> @@ -64,7 +54,10 @@ struct drm_gem_shmem_object *drm_gem_shmem_create(struct drm_device *dev, size_t
> if (!obj->funcs)
> obj->funcs = &drm_gem_shmem_funcs;
>
> - ret = drm_gem_object_init(dev, obj, size);
> + if (private)
> + drm_gem_private_object_init(dev, obj, size);
> + else
> + ret = drm_gem_object_init(dev, obj, size);
> if (ret)
> goto err_free;
>
> @@ -96,6 +89,21 @@ struct drm_gem_shmem_object *drm_gem_shmem_create(struct drm_device *dev, size_t
>
> return ERR_PTR(ret);
> }
> +/**
> + * drm_gem_shmem_create - Allocate an object with the given size
> + * @dev: DRM device
> + * @size: Size of the object to allocate
> + *
> + * This function creates a shmem GEM object.
> + *
> + * Returns:
> + * A struct drm_gem_shmem_object * on success or an ERR_PTR()-encoded negative
> + * error code on failure.
> + */
> +struct drm_gem_shmem_object *drm_gem_shmem_create(struct drm_device *dev, size_t size)
> +{
> + return __drm_gem_shmem_create(dev, size, false);
> +}
> EXPORT_SYMBOL_GPL(drm_gem_shmem_create);
>
> /**
> @@ -115,7 +123,6 @@ void drm_gem_shmem_free_object(struct drm_gem_object *obj)
> if (obj->import_attach) {
> shmem->pages_use_count--;
> drm_prime_gem_destroy(obj, shmem->sgt);
> - kvfree(shmem->pages);
> } else {
> if (shmem->sgt) {
> dma_unmap_sg(obj->dev->dev, shmem->sgt->sgl,
> @@ -371,7 +378,7 @@ drm_gem_shmem_create_with_handle(struct drm_file *file_priv,
> struct drm_gem_shmem_object *shmem;
> int ret;
>
> - shmem = drm_gem_shmem_create(dev, size);
> + shmem = __drm_gem_shmem_create(dev, size, true);
> if (IS_ERR(shmem))
> return shmem;
>
> @@ -695,36 +702,16 @@ drm_gem_shmem_prime_import_sg_table(struct drm_device *dev,
> struct sg_table *sgt)
> {
> size_t size = PAGE_ALIGN(attach->dmabuf->size);
> - size_t npages = size >> PAGE_SHIFT;
> struct drm_gem_shmem_object *shmem;
> - int ret;
>
> shmem = drm_gem_shmem_create(dev, size);
> if (IS_ERR(shmem))
> return ERR_CAST(shmem);
>
> - shmem->pages = kvmalloc_array(npages, sizeof(struct page *), GFP_KERNEL);
> - if (!shmem->pages) {
> - ret = -ENOMEM;
> - goto err_free_gem;
> - }
> -
> - ret = drm_prime_sg_to_page_addr_arrays(sgt, shmem->pages, NULL, npages);
> - if (ret < 0)
> - goto err_free_array;
> -
> shmem->sgt = sgt;
> - shmem->pages_use_count = 1; /* Permanently pinned from our point of view */
>
> DRM_DEBUG_PRIME("size = %zu\n", size);
>
> return &shmem->base;
> -
> -err_free_array:
> - kvfree(shmem->pages);
> -err_free_gem:
> - drm_gem_object_put(&shmem->base);
> -
> - return ERR_PTR(ret);
> }
> EXPORT_SYMBOL_GPL(drm_gem_shmem_prime_import_sg_table);
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
