Re: [PATCH i-g-t 2/4] gem_create: Test huge object creation as a basic test

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 31/03/2017 12:46, Chris Wilson wrote:
On Fri, Mar 31, 2017 at 12:38:51PM +0100, Tvrtko Ursulin wrote:

On 31/03/2017 12:16, Chris Wilson wrote:
On Fri, Mar 31, 2017 at 12:07:29PM +0100, Tvrtko Ursulin wrote:

On 31/03/2017 11:48, Chris Wilson wrote:
On Fri, Mar 31, 2017 at 08:08:28AM +0100, Tvrtko Ursulin wrote:

On 30/03/2017 18:22, Chris Wilson wrote:
On Thu, Mar 30, 2017 at 05:58:07PM +0100, Tvrtko Ursulin wrote:
From: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>

It is hard to imagine a more basic test than this one.

Also removed the skip on simulation since I don't know why
would that be needed here.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
---
tests/gem_create.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/gem_create.c b/tests/gem_create.c
index de7b82094545..f687b7b40be4 100644
--- a/tests/gem_create.c
+++ b/tests/gem_create.c
@@ -44,6 +44,7 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <getopt.h>
+#include <limits.h>

#include <drm.h>

@@ -95,10 +96,13 @@ static void invalid_flag_test(int fd)

static void invalid_size_test(int fd)
{
-	int handle;
+	uint32_t handle;

	handle = __gem_create(fd, 0);
	igt_assert(!handle);
+
+	handle = __gem_create(fd, INT_MAX * 4096UL + 1);

Why is that an invalid size? Invalid huge in terms of API might arguably
be 1<<virtual_bits + 1, but otherwise our only limitation is that it
has to be >0 and page aligned.

Because of the comment above the WARN I am removing in "drm/i915:
Remove user triggerable WARN from i915_gem_object_create". We cannot
support larger ones with the combination of sg_table data types and
how we use them (unsigned int nents).

That's an implementation limitation, not an abi one. It is really
important that we do not enshrine kernel internals as expectations,
especially not as a basic test - the expectation is that we will support
massive objects. Having a reality check test to see how far we can get
is useful.

We added code to the driver to prevent userspace from attempting
something. It makes sense to have a test for that, so that one day
if it gets removed in error the test fails, rather than memory
corruption in the kernel happens.

We added code to detect if we would overflow the internal types. We
don't want that to be an artificial ABI restriction.

We can talk about basic or not basic, but I don't see how the
existence of such test can be argued against in principle.

My argument is that userspace should be expecting it to succeed and the
test should fail on current kernels because we are not able to live up
to those expectations. It's enshrining the failure as part of the ABI
that I am wary of.

IGT tests many things apart from the ABI so I wouldn't be worried
about that so much. Basic keyword is not the same as ABI to me.

Failing test has a problem that it is not very useful since it
doesn't get run anywhere. Or we could start tagging tests with a
test driven development tag. Those would then represent tests for
features which we won't but don't have, or are simply broken.

Still the two are not mutually exclusive. We could have a test with
knowledge of implementation details to ensure no memory
corruptions/exploits. And we could have a tdd test like I described
above. Former would pass today and the latter would fail.

Compromise as having the succeeding test as not basic?

Can we just probe what the maximum size create will take. Report it and
fail if less than 4GiB. If your ulterior motive is to ensure that we
don't WARN from userspace paths, that suits you, and it suits my
ulterior motive that we do move to support full 64bit allocations.
(And when we do, start planning for 128bit allocations.... :)

Userspace WARN was the trigger, but real motive is making sure page count overflow protection remains in place. Ensuring obj->base.size matches the backing store and there is no possibility of having an VMA larger than the object and so either corruption or reading foreign data. Or maybe some other fails along the way as well.

Regards,

Tvrtko




_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx




[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux