Commit e2b763caa6eb ("drm/i915: Remove bitmap tracking for used-pdpes") believed that because it did not insert its freshly allocated page directory into the pd tree, it was safe from the shrinker. I failed to heed the lesson learnt from commit dd19674bacba ("drm/i915: Remove bitmap tracking for used-ptes") that we need to pin all the levels in the tree before hitting the shrinker or else the shrinker may free an upper layer as we proceed to allocate the tree. Thus leaving dangling pointers everywhere and a GPF should we hit direct reclaim at just the wrong moment. Jan 24 10:32:48 eric-macbookpro kernel: CPU: 0 PID: 7374 Comm: chromium Tainted: P O 4.14.13-1-ARCH #1 Jan 24 10:32:48 eric-macbookpro kernel: Hardware name: Apple Inc. MacBookPro12,1/Mac-E43C1C25D4880AD6, BIOS MBP121.88Z.0167.B33.1706181928 06/18/2017 Jan 24 10:32:48 eric-macbookpro kernel: task: ffff994f696c2c40 task.stack: ffffb1a789d4c000 Jan 24 10:32:48 eric-macbookpro kernel: RIP: 0010:gen8_ppgtt_set_pde.isra.40+0x48/0x70 [i915] Jan 24 10:32:48 eric-macbookpro kernel: RSP: 0018:ffffb1a789d4f940 EFLAGS: 00010206 Jan 24 10:32:48 eric-macbookpro kernel: RAX: 81c1788cc4f68138 RBX: ffff994f54db8000 RCX: ffff994f696c2c40 Jan 24 10:32:48 eric-macbookpro kernel: RDX: 000000023bc73003 RSI: ffff994d598b6b80 RDI: ffff994f54db8000 Jan 24 10:32:48 eric-macbookpro kernel: RBP: ffff994d598b6b80 R08: 0000000000000000 R09: 0000000000000000 Jan 24 10:32:48 eric-macbookpro kernel: R10: ffffb1a789d4f550 R11: ffff994eaf3c3208 R12: 0000000000000027 Jan 24 10:32:48 eric-macbookpro kernel: R13: 0000000000005000 R14: 0000000004e8f000 R15: ffff994f54dba000 Jan 24 10:32:48 eric-macbookpro kernel: FS: 00007f585886aa00(0000) GS:ffff994faec00000(0000) knlGS:0000000000000000 Jan 24 10:32:48 eric-macbookpro kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jan 24 10:32:48 eric-macbookpro kernel: CR2: 00000000004ac8e8 CR3: 00000002552c8004 CR4: 00000000003606f0 Jan 24 10:32:48 eric-macbookpro kernel: Call Trace: Jan 24 10:32:48 eric-macbookpro kernel: gen8_ppgtt_alloc_pdp+0x178/0x320 [i915] Jan 24 10:32:48 eric-macbookpro kernel: gen8_ppgtt_alloc_4lvl+0x5f/0x150 [i915] Jan 24 10:32:48 eric-macbookpro kernel: ppgtt_bind_vma+0x30/0x70 [i915] Jan 24 10:32:48 eric-macbookpro kernel: i915_vma_bind+0x68/0xd0 [i915] Jan 24 10:32:48 eric-macbookpro kernel: __i915_vma_do_pin+0x2d6/0x3a0 [i915] Jan 24 10:32:48 eric-macbookpro kernel: eb_lookup_vmas+0x7a2/0xb50 [i915] Jan 24 10:32:48 eric-macbookpro kernel: i915_gem_do_execbuffer+0x4d7/0x10e0 [i915] Jan 24 10:32:48 eric-macbookpro kernel: ? sock_wfree+0x34/0x60 Jan 24 10:32:48 eric-macbookpro kernel: ? unix_stream_read_generic+0x1f9/0x7e0 Jan 24 10:32:48 eric-macbookpro kernel: ? import_iovec+0x37/0xd0 Jan 24 10:32:48 eric-macbookpro kernel: ? i915_gem_execbuffer2+0x5d/0x390 [i915] Jan 24 10:32:48 eric-macbookpro kernel: i915_gem_execbuffer2+0x1b7/0x390 [i915] Jan 24 10:32:48 eric-macbookpro kernel: ? i915_gem_execbuffer+0x2d0/0x2d0 [i915] Jan 24 10:32:48 eric-macbookpro kernel: drm_ioctl_kernel+0x59/0xb0 [drm] Jan 24 10:32:48 eric-macbookpro kernel: drm_ioctl+0x2d5/0x370 [drm] Jan 24 10:32:48 eric-macbookpro kernel: ? i915_gem_execbuffer+0x2d0/0x2d0 [i915] Jan 24 10:32:48 eric-macbookpro kernel: ? __seccomp_filter+0x3b/0x260 Jan 24 10:32:48 eric-macbookpro kernel: do_vfs_ioctl+0xa1/0x610 Jan 24 10:32:48 eric-macbookpro kernel: ? syscall_trace_enter+0xdb/0x2b0 Jan 24 10:32:48 eric-macbookpro kernel: SyS_ioctl+0x74/0x80 Jan 24 10:32:48 eric-macbookpro kernel: do_syscall_64+0x55/0x110 Jan 24 10:32:48 eric-macbookpro kernel: entry_SYSCALL64_slow_path+0x25/0x25 Jan 24 10:32:48 eric-macbookpro kernel: RIP: 0033:0x7f584fa82d27 Jan 24 10:32:48 eric-macbookpro kernel: RSP: 002b:00007ffee14a7828 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 Jan 24 10:32:48 eric-macbookpro kernel: RAX: ffffffffffffffda RBX: 000003b0126a1030 RCX: 00007f584fa82d27 Jan 24 10:32:48 eric-macbookpro kernel: RDX: 00007ffee14a7870 RSI: 0000000040406469 RDI: 0000000000000080 Jan 24 10:32:48 eric-macbookpro kernel: RBP: 00007ffee14a7870 R08: 0000000000000002 R09: 0000000000000077 Jan 24 10:32:48 eric-macbookpro kernel: R10: 00007f5839f2b780 R11: 0000000000000246 R12: 0000000040406469 Jan 24 10:32:48 eric-macbookpro kernel: R13: 0000000000000080 R14: 00007f5842b00040 R15: 0000000000000000 Jan 24 10:32:48 eric-macbookpro kernel: Code: 01 00 83 81 58 0a 00 00 01 48 2b 05 13 9d fd c9 48 c1 f8 06 48 c1 e0 0c 48 8d 04 d0 48 8b 56 08 48 03 05 0c 9d fd c9 48 83 ca 03 <48> 89 10 83 a9 58 0a 00 00 01 65 ff 0d 37 03 fb 3e 74 02 f3 c3 Jan 24 10:32:48 eric-macbookpro kernel: RIP: gen8_ppgtt_set_pde.isra.40+0x48/0x70 [i915] RSP: ffffb1a789d4f940 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104773 Fixes: e2b763caa6eb ("drm/i915: Remove bitmap tracking for used-pdpes") References: dd19674bacba ("drm/i915: Remove bitmap tracking for used-ptes") Testcase: igt/drv_selftest/live_gtt (igt_ppgtt_shrink_boom) Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Cc: Matthew Auld <matthew.auld@xxxxxxxxx> --- drivers/gpu/drm/i915/i915_gem_gtt.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c index b65426c0457d..955ce7bee448 100644 --- a/drivers/gpu/drm/i915/i915_gem_gtt.c +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c @@ -1356,15 +1356,18 @@ static int gen8_ppgtt_alloc_pd(struct i915_address_space *vm, int count = gen8_pte_count(start, length); if (pt == vm->scratch_pt) { + pd->used_pdes++; + pt = alloc_pt(vm); - if (IS_ERR(pt)) + if (IS_ERR(pt)) { + pd->used_pdes--; goto unwind; + } if (count < GEN8_PTES || intel_vgpu_active(vm->i915)) gen8_initialize_pt(vm, pt); gen8_ppgtt_set_pde(vm, pd, pt, pde); - pd->used_pdes++; GEM_BUG_ON(pd->used_pdes > I915_PDES); } @@ -1388,13 +1391,16 @@ static int gen8_ppgtt_alloc_pdp(struct i915_address_space *vm, gen8_for_each_pdpe(pd, pdp, start, length, pdpe) { if (pd == vm->scratch_pd) { + pdp->used_pdpes++; + pd = alloc_pd(vm); - if (IS_ERR(pd)) + if (IS_ERR(pd)) { + pdp->used_pdpes--; goto unwind; + } gen8_initialize_pd(vm, pd); gen8_ppgtt_set_pdpe(vm, pdp, pd, pdpe); - pdp->used_pdpes++; GEM_BUG_ON(pdp->used_pdpes > i915_pdpes_per_pdp(vm)); mark_tlbs_dirty(i915_vm_to_ppgtt(vm)); -- 2.15.1 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx