Re: [PATCH v3 05/12] drm/ttm: Expose ttm_tt_unpopulate for driver use

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 25, 2020 at 02:34:44PM -0500, Andrey Grodzovsky wrote:
> 
> On 11/25/20 11:36 AM, Daniel Vetter wrote:
> > On Wed, Nov 25, 2020 at 01:57:40PM +0100, Christian König wrote:
> > > Am 25.11.20 um 11:40 schrieb Daniel Vetter:
> > > > On Tue, Nov 24, 2020 at 05:44:07PM +0100, Christian König wrote:
> > > > > Am 24.11.20 um 17:22 schrieb Andrey Grodzovsky:
> > > > > > On 11/24/20 2:41 AM, Christian König wrote:
> > > > > > > Am 23.11.20 um 22:08 schrieb Andrey Grodzovsky:
> > > > > > > > On 11/23/20 3:41 PM, Christian König wrote:
> > > > > > > > > Am 23.11.20 um 21:38 schrieb Andrey Grodzovsky:
> > > > > > > > > > On 11/23/20 3:20 PM, Christian König wrote:
> > > > > > > > > > > Am 23.11.20 um 21:05 schrieb Andrey Grodzovsky:
> > > > > > > > > > > > On 11/25/20 5:42 AM, Christian König wrote:
> > > > > > > > > > > > > Am 21.11.20 um 06:21 schrieb Andrey Grodzovsky:
> > > > > > > > > > > > > > It's needed to drop iommu backed pages on device unplug
> > > > > > > > > > > > > > before device's IOMMU group is released.
> > > > > > > > > > > > > It would be cleaner if we could do the whole
> > > > > > > > > > > > > handling in TTM. I also need to double check
> > > > > > > > > > > > > what you are doing with this function.
> > > > > > > > > > > > > 
> > > > > > > > > > > > > Christian.
> > > > > > > > > > > > Check patch "drm/amdgpu: Register IOMMU topology
> > > > > > > > > > > > notifier per device." to see
> > > > > > > > > > > > how i use it. I don't see why this should go
> > > > > > > > > > > > into TTM mid-layer - the stuff I do inside
> > > > > > > > > > > > is vendor specific and also I don't think TTM is
> > > > > > > > > > > > explicitly aware of IOMMU ?
> > > > > > > > > > > > Do you mean you prefer the IOMMU notifier to be
> > > > > > > > > > > > registered from within TTM
> > > > > > > > > > > > and then use a hook to call into vendor specific handler ?
> > > > > > > > > > > No, that is really vendor specific.
> > > > > > > > > > > 
> > > > > > > > > > > What I meant is to have a function like
> > > > > > > > > > > ttm_resource_manager_evict_all() which you only need
> > > > > > > > > > > to call and all tt objects are unpopulated.
> > > > > > > > > > So instead of this BO list i create and later iterate in
> > > > > > > > > > amdgpu from the IOMMU patch you just want to do it
> > > > > > > > > > within
> > > > > > > > > > TTM with a single function ? Makes much more sense.
> > > > > > > > > Yes, exactly.
> > > > > > > > > 
> > > > > > > > > The list_empty() checks we have in TTM for the LRU are
> > > > > > > > > actually not the best idea, we should now check the
> > > > > > > > > pin_count instead. This way we could also have a list of the
> > > > > > > > > pinned BOs in TTM.
> > > > > > > > So from my IOMMU topology handler I will iterate the TTM LRU for
> > > > > > > > the unpinned BOs and this new function for the pinned ones  ?
> > > > > > > > It's probably a good idea to combine both iterations into this
> > > > > > > > new function to cover all the BOs allocated on the device.
> > > > > > > Yes, that's what I had in my mind as well.
> > > > > > > 
> > > > > > > > > BTW: Have you thought about what happens when we unpopulate
> > > > > > > > > a BO while we still try to use a kernel mapping for it? That
> > > > > > > > > could have unforeseen consequences.
> > > > > > > > Are you asking what happens to kmap or vmap style mapped CPU
> > > > > > > > accesses once we drop all the DMA backing pages for a particular
> > > > > > > > BO ? Because for user mappings
> > > > > > > > (mmap) we took care of this with dummy page reroute but indeed
> > > > > > > > nothing was done for in kernel CPU mappings.
> > > > > > > Yes exactly that.
> > > > > > > 
> > > > > > > In other words what happens if we free the ring buffer while the
> > > > > > > kernel still writes to it?
> > > > > > > 
> > > > > > > Christian.
> > > > > > While we can't control user application accesses to the mapped buffers
> > > > > > explicitly and hence we use page fault rerouting
> > > > > > I am thinking that in this  case we may be able to sprinkle
> > > > > > drm_dev_enter/exit in any such sensitive place were we might
> > > > > > CPU access a DMA buffer from the kernel ?
> > > > > Yes, I fear we are going to need that.
> > > > Uh ... problem is that dma_buf_vmap are usually permanent things. Maybe we
> > > > could stuff this into begin/end_cpu_access
> 
> 
> Do you mean guarding with drm_dev_enter/exit in dma_buf_ops.begin/end_cpu_access
> driver specific hook ?
> 
> 
> > > > (but only for the kernel, so a
> > > > bit tricky)?
> 
> 
> Why only kernel ? Why is it a problem to do it if it comes from dma_buf_ioctl by
> some user process ? And  if we do need this distinction I think we should be able to
> differentiate by looking at current->mm (i.e. mm_struct) pointer being NULL
> for kernel thread.

Userspace mmap is handled by punching out the pte. So we don't need to do
anything special there.

For kernel mmap the begin/end should be all in the same context (so we
could use the srcu lock that works underneath drm_dev_enter/exit), since
at least right now kernel vmaps of dma-buf are very long-lived.

But the good news is that Thomas Zimmerman is working on this problem
already for different reasons, so it might be that we won't have any
long-lived kernel vmap anymore. And we could put the drm_dev_enter/exit in
there.

> > > Oh very very good point! I haven't thought about DMA-buf mmaps in this
> > > context yet.
> > > 
> > > 
> > > > btw the other issue with dma-buf (and even worse with dma_fence) is
> > > > refcounting of the underlying drm_device. I'd expect that all your
> > > > callbacks go boom if the dma_buf outlives your drm_device. That part isn't
> > > > yet solved in your series here.
> > > Well thinking more about this, it seems to be a another really good argument
> > > why mapping pages from DMA-bufs into application address space directly is a
> > > very bad idea :)
> > > 
> > > But yes, we essentially can't remove the device as long as there is a
> > > DMA-buf with mappings. No idea how to clean that one up.
> > drm_dev_get/put in drm_prime helpers should get us like 90% there I think.
> 
> 
> What are the other 10% ?

dma_fence, which is also about 90% of the work probably. But I'm
guesstimating only 10% of the oopses you can hit. Since generally the
dma_fence for a buffer don't outlive the underlying buffer. So usually no
problems happen when we've solved the dma-buf sharing, but the dma_fence
can outlive the dma-buf, so there's still possibilities of crashing.

> > The even more worrying thing is random dma_fence attached to the dma_resv
> > object. We could try to clean all of ours up, but they could have escaped
> > already into some other driver. And since we're talking about egpu
> > hotunplug, dma_fence escaping to the igpu is a pretty reasonable use-case.
> > 
> > I have no how to fix that one :-/
> > -Daniel
> 
> 
> I assume you are referring to sync_file_create/sync_file_get_fence API  for
> dma_fence export/import ?

So dma_fence is a general issue, there's a pile of interfaces that result
in sharing with other drivers:
- dma_resv in the dma_buf
- sync_file
- drm_syncobj (but I think that's not yet cross driver, but probably
  changes)

In each of these cases drivers can pick up the dma_fence and use it
internally for all kinds of purposes (could end up in the scheduler or
wherever).

> So with DMA bufs we have the drm_gem_object as exporter specific private data
> and so we can do drm_dev_get and put at the drm_gem_object layer to bind
> device life cycle
> to that of each GEM object but, we don't have such mid-layer for dma_fence
> which could allow
> us to increment device reference for each fence out there related to that
> device - is my understanding correct ?

Yeah that's the annoying part with dma-fence. No existing generic place to
put the drm_dev_get/put. tbf I'd note this as a todo and try to solve the
other problems first.
-Daniel

> 
> Andrey
> 
> 
> Andrey
> 
> 
> > > Christian.
> > > 
> > > > -Daniel
> > > > 
> > > > > > Things like CPU page table updates, ring buffer accesses and FW memcpy ?
> > > > > > Is there other places ?
> > > > > Puh, good question. I have no idea.
> > > > > 
> > > > > > Another point is that at this point the driver shouldn't access any such
> > > > > > buffers as we are at the process finishing the device.
> > > > > > AFAIK there is no page fault mechanism for kernel mappings so I don't
> > > > > > think there is anything else to do ?
> > > > > Well there is a page fault handler for kernel mappings, but that one just
> > > > > prints the stack trace into the system log and calls BUG(); :)
> > > > > 
> > > > > Long story short we need to avoid any access to released pages after unplug.
> > > > > No matter if it's from the kernel or userspace.
> > > > > 
> > > > > Regards,
> > > > > Christian.
> > > > > 
> > > > > > Andrey

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel




[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux