Am 10.06.21 um 11:29 schrieb Tvrtko Ursulin:
On 09/06/2021 22:29, Jason Ekstrand wrote:
Ever since 0eafec6d3244 ("drm/i915: Enable lockless lookup of request
tracking via RCU"), the i915 driver has used SLAB_TYPESAFE_BY_RCU (it
was called SLAB_DESTROY_BY_RCU at the time) in order to allow RCU on
i915_request. As nifty as SLAB_TYPESAFE_BY_RCU may be, it comes with
some serious disclaimers. In particular, objects can get recycled while
RCU readers are still in-flight. This can be ok if everyone who touches
these objects knows about the disclaimers and is careful. However,
because we've chosen to use SLAB_TYPESAFE_BY_RCU for i915_request and
because i915_request contains a dma_fence, we've leaked
SLAB_TYPESAFE_BY_RCU and its whole pile of disclaimers to every driver
in the kernel which may consume a dma_fence.
I don't think the part about leaking is true...
We've tried to keep it somewhat contained by doing most of the hard work
to prevent access of recycled objects via dma_fence_get_rcu_safe().
However, a quick grep of kernel sources says that, of the 30 instances
of dma_fence_get_rcu*, only 11 of them use dma_fence_get_rcu_safe().
It's likely there bear traps in DRM and related subsystems just waiting
for someone to accidentally step in them.
...because dma_fence_get_rcu_safe apears to be about whether the
*pointer* to the fence itself is rcu protected, not about the fence
object itself.
Yes, exactly that.
If one has a stable pointer to a fence dma_fence_get_rcu is I think
enough to deal with SLAB_TYPESAFE_BY_RCU used by i915_request (as dma
fence is a base object there). Unless you found a bug in rq field
recycling. But access to the dma fence is all tightly controlled so I
don't get what leaks.
This patch series stops us using SLAB_TYPESAFE_BY_RCU for i915_request
and, instead, does an RCU-safe slab free via rcu_call(). This should
let us keep most of the perf benefits of slab allocation while avoiding
the bear traps inherent in SLAB_TYPESAFE_BY_RCU. It then removes
support
for SLAB_TYPESAFE_BY_RCU from dma_fence entirely.
According to the rationale behind SLAB_TYPESAFE_BY_RCU traditional RCU
freeing can be a lot more costly so I think we need a clear
justification on why this change is being considered.
The problem is that SLAB_TYPESAFE_BY_RCU requires that we use a sequence
counter to make sure that we don't grab the reference to a reallocated
dma_fence.
Updating the sequence counter every time we add a fence now means two
additions writes and one additional barrier for an extremely hot path.
The extra overhead of RCU freeing is completely negligible compared to that.
The good news is that I think if we are just a bit more clever about our
handle we can both avoid the sequence counter and keep
SLAB_TYPESAFE_BY_RCU around.
But this needs more code cleanup and abstracting the sequence counter
usage in a macro.
Regards,
Christian.
Regards,
Tvrtko
Note: The last patch is labled DONOTMERGE. This was at Daniel Vetter's
request as we may want to let this bake for a couple releases before we
rip out dma_fence_get_rcu_safe entirely.
Signed-off-by: Jason Ekstrand <jason@xxxxxxxxxxxxxx>
Cc: Jon Bloomfield <jon.bloomfield@xxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
Cc: Christian König <christian.koenig@xxxxxxx>
Cc: Dave Airlie <airlied@xxxxxxxxxx>
Cc: Matthew Auld <matthew.auld@xxxxxxxxx>
Cc: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx>
Jason Ekstrand (5):
drm/i915: Move intel_engine_free_request_pool to i915_request.c
drm/i915: Use a simpler scheme for caching i915_request
drm/i915: Stop using SLAB_TYPESAFE_BY_RCU for i915_request
dma-buf: Stop using SLAB_TYPESAFE_BY_RCU in selftests
DONOTMERGE: dma-buf: Get rid of dma_fence_get_rcu_safe
drivers/dma-buf/dma-fence-chain.c | 8 +-
drivers/dma-buf/dma-resv.c | 4 +-
drivers/dma-buf/st-dma-fence-chain.c | 24 +---
drivers/dma-buf/st-dma-fence.c | 27 +---
drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 4 +-
drivers/gpu/drm/i915/gt/intel_engine_cs.c | 8 --
drivers/gpu/drm/i915/i915_active.h | 4 +-
drivers/gpu/drm/i915/i915_request.c | 147 ++++++++++++----------
drivers/gpu/drm/i915/i915_request.h | 2 -
drivers/gpu/drm/i915/i915_vma.c | 4 +-
include/drm/drm_syncobj.h | 4 +-
include/linux/dma-fence.h | 50 --------
include/linux/dma-resv.h | 4 +-
13 files changed, 110 insertions(+), 180 deletions(-)
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
