On Mon, Nov 25, 2024 at 10:32:42AM +0100, Christian König wrote: > Am 22.11.24 um 17:02 schrieb Raag Jadav: > > On Fri, Nov 22, 2024 at 11:09:32AM +0100, Christian König wrote: > > > Am 22.11.24 um 08:07 schrieb Raag Jadav: > > > > On Mon, Nov 18, 2024 at 08:26:37PM +0530, Aravind Iddamsetty wrote: > > > > > On 15/11/24 10:37, Raag Jadav wrote: > > > > > > Introduce device wedged event, which notifies userspace of 'wedged' > > > > > > (hanged/unusable) state of the DRM device through a uevent. This is > > > > > > useful especially in cases where the device is no longer operating as > > > > > > expected and has become unrecoverable from driver context. Purpose of > > > > > > this implementation is to provide drivers a generic way to recover with > > > > > > the help of userspace intervention without taking any drastic measures > > > > > > in the driver. > > > > > > > > > > > > A 'wedged' device is basically a dead device that needs attention. The > > > > > > uevent is the notification that is sent to userspace along with a hint > > > > > > about what could possibly be attempted to recover the device and bring > > > > > > it back to usable state. Different drivers may have different ideas of > > > > > > a 'wedged' device depending on their hardware implementation, and hence > > > > > > the vendor agnostic nature of the event. It is up to the drivers to > > > > > > decide when they see the need for recovery and how they want to recover > > > > > > from the available methods. > > > > > > > > > > > > Prerequisites > > > > > > ------------- > > > > > > > > > > > > The driver, before opting for recovery, needs to make sure that the > > > > > > 'wedged' device doesn't harm the system as a whole by taking care of the > > > > > > prerequisites. Necessary actions must include disabling DMA to system > > > > > > memory as well as any communication channels with other devices. Further, > > > > > > the driver must ensure that all dma_fences are signalled and any device > > > > > > state that the core kernel might depend on are cleaned up. Once the event > > > > > > is sent, the device must be kept in 'wedged' state until the recovery is > > > > > > performed. New accesses to the device (IOCTLs) should be blocked, > > > > > > preferably with an error code that resembles the type of failure the > > > > > > device has encountered. This will signify the reason for wegeding which > > > > > > can be reported to the application if needed. > > > > > should we even drop the mmaps we created? > > > > Whatever is required for a clean recovery, yes. > > > > > > > > Although how would this play out? Do we risk loosing display? > > > > Or any other possible side-effects? > > > Before sending a wedge event all DMA transfers of the device have to be > > > blocked. > > > > > > So yes, all display, mmap() and file descriptor connections you had with the > > > device would need to be re-created. > > Does it mean we'd have to rely on userspace to unmap()? > > Yes and no :) > > The handling should be similar to how hotplug is handled. E.g. the device > becomes inaccessible by normal applications all mappings become invalid. Isn't that just unbind (which is already part of recovery)? > But we don't send a SIGBUS or similar on access, instead all mappings > redirected to a dummy page which basically shallows all writes and gives > undefined data on reads. > > On IOCTLs the applications should get an error code and eventually restart > or at least unmap all their mappings. Thanks for the detailed explanation. Rethinking about this, the criteria set for prerequisites is to not do anything that could possibly harm the system. So I think the important question is, with fences signalled and ioctls already blocked, is live mmap on a wedged device capable of producing harmful behaviour or unintended side-effects (atleast until the application has the opportunity to unmap() as part of recovery)? Raag