redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/gpu/drm/i915
History
Daniel Vetter 9a15a87338 Revert "drm/i915: Fix context/engine cleanup order" 
This reverts commit 1803c035ef.

It seems to blow up on module unload due to a use-after free hitting a
BUG_ON with CONFIG_DEBUG_SG. Quoting from Tvrtko's mail:

"I've decoded the instructions and it pointed to SG_MAGIC checking:

488b8098010000  mov 0x198(%rax),%rax
ba21436587      mov $0x87654321,%edx
488b00          mov (%rax),%rax       *** CRASH

"Grep showed 0x87654321 is SG_MAGIC, so likely candidate for this code
pattern is:

static inline struct page *sg_page(struct scatterlist *sg)
{
    BUG_ON(sg->sg_magic != SG_MAGIC);
    BUG_ON(sg_is_chain(sg));
    return (struct page *)((sg)->page_link & ~0x3);
}

"Which would mean the offender is in intel_logical_ring_cleanup is most
likely:

...
    if (ring->status_page.obj) {
        kunmap(sg_page(ring->status_page.obj->pages->sgl));
        ring->status_page.obj = NULL;
    }
...

"I think that the i915_gem_context_fini will do a final unref on
dev_priv->kernel_context and then the ring buff has a copy which is
left dangling because:

    lrc_setup_hardware_status_page(ring,
        dev_priv->kernel_context->engine[ring->id].state);

and:

ring->status_page.obj = default_ctx_obj;

"Where default_ctx_obj == dev_priv->kernel_context->engine[ring->id].state
So indeed looks like the unload ordering is the trigger.  In fact it
is almost the same fragility wrt/ kernel_context hidden dependency I
expressed my worry about in an e-mail yesterday or so. It only shows
if CONFIG_DEBUG_SG is set, otherwise it accesses freed memory and
probably just survives."

This causes serious trouble in our CI system since it took out all
gen8+ machines. Not yet clear why this wasn't caught in pre-merge
testing.

Backtrace from CI, for posterity:

[  163.737836] general protection fault: 0000 [#1] PREEMPT SMP
[  163.737849] Modules linked in: ax88179_178a usbnet mii snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic i915(-) x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm mei_me mei i2c_hid e1000e ptp pps_core [last unloaded: snd_hda_intel]
[  163.737902] CPU: 0 PID: 5812 Comm: rmmod Tainted: G     U  W       4.5.0-rc1-gfxbench+ #1
[  163.737911] Hardware name: System manufacturer System Product Name/Z170M-PLUS, BIOS 0505 11/16/2015
[  163.737920] task: ffff8800bb99cf80 ti: ffff88022ff2c000 task.ti: ffff88022ff2c000
[  163.737928] RIP: 0010:[<ffffffffa018f723>]  [<ffffffffa018f723>] intel_logical_ring_cleanup+0x83/0x100 [i915]
[  163.737969] RSP: 0018:ffff88022ff2fd30  EFLAGS: 00010282
[  163.737975] RAX: 6b6b6b6b6b6b6b6b RBX: ffff8800bb2f31b8 RCX: 0000000000000002
[  163.737982] RDX: 0000000087654321 RSI: 000000000000000d RDI: ffff8800bb2f31f0
[  163.737989] RBP: ffff88022ff2fd40 R08: 0000000000000000 R09: 0000000000000001
[  163.737996] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800bb2f0000
[  163.738003] R13: ffff8800bb2f8fc8 R14: ffff8800bb285668 R15: 000055af1ae55210
[  163.738010] FS:  00007f187014b700(0000) GS:ffff88023bc00000(0000) knlGS:0000000000000000
[  163.738021] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  163.738030] CR2: 0000558f84e4cbc8 CR3: 000000022cd55000 CR4: 00000000003406f0
[  163.738039] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  163.738048] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  163.738057] Stack:
[  163.738062]  ffff8800bb2f31b8 ffff8800bb2f0000 ffff88022ff2fd70 ffffffffa0180414
[  163.738079]  ffff8800bb2f0000 ffff8800bb285668 ffff8800bb2856c8 ffffffffa0242460
[  163.738094]  ffff88022ff2fd98 ffffffffa0202d30 ffff8800bb285668 ffff8800bb285668
[  163.738109] Call Trace:
[  163.738140]  [<ffffffffa0180414>] i915_gem_cleanup_engines+0x34/0x60 [i915]
[  163.738185]  [<ffffffffa0202d30>] i915_driver_unload+0x150/0x270 [i915]
[  163.738198]  [<ffffffff815100f4>] drm_dev_unregister+0x24/0xa0
[  163.738208]  [<ffffffff815106ce>] drm_put_dev+0x1e/0x60
[  163.738225]  [<ffffffffa01412a0>] i915_pci_remove+0x10/0x20 [i915]
[  163.738237]  [<ffffffff8143d9b4>] pci_device_remove+0x34/0xb0
[  163.738249]  [<ffffffff81533d15>] __device_release_driver+0x95/0x140
[  163.738259]  [<ffffffff81533eb6>] driver_detach+0xb6/0xc0
[  163.738268]  [<ffffffff81532de3>] bus_remove_driver+0x53/0xd0
[  163.738278]  [<ffffffff815348d7>] driver_unregister+0x27/0x50
[  163.738289]  [<ffffffff8143ca15>] pci_unregister_driver+0x25/0x70
[  163.738299]  [<ffffffff81511de4>] drm_pci_exit+0x74/0x90
[  163.738337]  [<ffffffffa02034a9>] i915_exit+0x20/0x1a5 [i915]
[  163.738349]  [<ffffffff8110400f>] SyS_delete_module+0x18f/0x1f0
[  163.738361]  [<ffffffff817b8a9b>] entry_SYSCALL_64_fastpath+0x16/0x73
[  163.738370] Code: ff d0 48 89 df e8 de a1 fd ff 48 8d 7b 38 e8 25 ab fd ff 48 8b 83 90 00 00 00 48 85 c0 74 25 48 8b 80 98 01 00 00 ba 21 43 65 87 <48> 8b 00 48 39 10 75 3c f6 40 08 01 75 38 48 c7 83 90 00 00 00
[  163.738459] RIP  [<ffffffffa018f723>] intel_logical_ring_cleanup+0x83/0x100 [i915]
[  163.738498]  RSP <ffff88022ff2fd30>
[  163.738507] ---[ end trace 68f69ce4740fa44f ]---

Cc: Nick Hoath <nicholas.hoath@intel.com>
Cc: Dave Gordon <david.s.gordon@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Reviewed-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Tested-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
2016-01-27 13:47:50 +01:00
..
dvo.h drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
dvo_ch7xxx.c drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
dvo_ch7017.c drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
dvo_ivch.c drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
dvo_ns2501.c drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
dvo_sil164.c drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
dvo_tfp410.c drm/i915: constify intel_dvo_dev_ops structures 2015-12-09 08:21:10 +01:00
i915_cmd_parser.c drm/i915: Type safe register read/write 2015-11-18 15:39:11 +02:00
i915_debugfs.c drm/i915/gen9: Add framework to whitelist specific GPU registers 2016-01-25 16:48:04 +01:00
i915_dma.c Revert "drm/i915: Fix context/engine cleanup order" 2016-01-27 13:47:50 +01:00
i915_drv.c drm/i915: Tune down "GT register while GT waking disabled" message 2016-01-21 11:50:52 +02:00
i915_drv.h Revert "drm/i915: Fix context/engine cleanup order" 2016-01-27 13:47:50 +01:00
i915_gem.c Revert "drm/i915: Fix context/engine cleanup order" 2016-01-27 13:47:50 +01:00
i915_gem_batch_pool.c
i915_gem_batch_pool.h
i915_gem_context.c drm/i915: abolish separate per-ring default_context pointers 2016-01-21 09:21:29 +01:00
i915_gem_debug.c
i915_gem_dmabuf.c
i915_gem_evict.c drm/i915: Add soft-pinning API for execbuffer 2015-12-09 10:20:17 +00:00
i915_gem_execbuffer.c drm/i915: Decouple execbuf uAPI from internal implementation 2016-01-21 10:55:44 +00:00
i915_gem_fence.c Linux 4.4-rc4 2015-12-08 11:04:26 +10:00
i915_gem_gtt.c drm/i915: Pass the dma_addr_t array as const to rotate_pages() 2016-01-15 21:04:27 +02:00
i915_gem_gtt.h drm/i915: Do not call API requiring struct_mutex where it is not available 2016-01-18 09:58:36 +00:00
i915_gem_render_state.c drm/i915: mark GEM object pages dirty when mapped & written by the CPU 2015-12-11 18:11:53 +01:00
i915_gem_render_state.h
i915_gem_shrinker.c drm/i915: Disable shrinker for non-swapped backed objects 2016-01-05 11:05:38 +01:00
i915_gem_stolen.c drm/i915: Allow use of get_dma_address for stolen backed objects 2016-01-05 17:46:27 +01:00
i915_gem_tiling.c drm/i915: get runtime PM reference around GEM set_tiling IOCTL 2015-11-17 18:43:30 +02:00
i915_gem_userptr.c drm/i915: Improve handling of overlapping objects 2016-01-25 19:03:46 +01:00
i915_gpu_error.c drm/i915: abolish separate per-ring default_context pointers 2016-01-21 09:21:29 +01:00
i915_guc_reg.h drm/i915/guc: Add GuC ADS (Addition Data Structure) - allocation 2016-01-05 11:33:34 +01:00
i915_guc_submission.c drm/i915/guc: Decouple GuC engine id from ring id 2016-01-25 10:56:30 +00:00
i915_ioc32.c
i915_irq.c drm/i915/gen8: Factor out display interrupt handling 2016-01-13 10:01:53 +00:00
i915_params.c drm/i915: Decouple struct i915_params i915 into i915_params.h 2015-12-21 14:35:03 +01:00
i915_params.h drm/i915: Reorder i915_params struct. 2015-12-21 14:35:12 +01:00
i915_reg.h drm/i915/skl: Enable Per context Preemption granularity control 2016-01-25 16:48:52 +01:00
i915_suspend.c drm/i915: Separate cherryview from valleyview 2015-12-10 11:07:24 +01:00
i915_sysfs.c drm/i915: use kobj_to_dev() 2016-01-13 16:40:50 +01:00
i915_trace.h drm/i915: Type safe register read/write 2015-11-18 15:39:11 +02:00
i915_trace_points.c
i915_vgpu.c
i915_vgpu.h drm/i915: Type safe register read/write 2015-11-18 15:39:11 +02:00
intel_acpi.c
intel_atomic.c Revert "drm/i915: Add two-stage ILK-style watermark programming (v10)" 2016-01-20 10:07:22 +01:00
intel_atomic_plane.c drm/i915: Remove commit_plane function pointer. 2016-01-07 13:52:04 +01:00
intel_audio.c Add get_eld audio component for i915/HD-audio 2015-12-11 19:28:27 +01:00
intel_bios.c drm/i915/bios: Fix the sequence size calculations for MIPI seq v3 2016-01-15 11:38:11 +02:00
intel_bios.h drm/i915/bios: add defines for v3 sequence block 2016-01-11 19:16:19 +02:00
intel_crt.c Merge tag 'drm-intel-next-2015-12-18' of git://anongit.freedesktop.org/drm-intel into drm-next 2015-12-23 14:22:09 +10:00
intel_csr.c drm/i915: Demote user facing DMC firmware load failure message 2016-01-19 11:11:58 +01:00
intel_ddi.c Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued 2016-01-18 08:18:16 +01:00
intel_display.c drm/i915: simplify allocation of driver-internal requests 2016-01-21 09:21:29 +01:00
intel_dp.c drm/i915: Do not put big intel_crtc_state on the stack 2016-01-20 10:08:54 +00:00
intel_dp_link_training.c
intel_dp_mst.c Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued 2016-01-18 08:18:16 +01:00
intel_drv.h drm/i915: Do not put big intel_crtc_state on the stack 2016-01-20 10:08:54 +00:00
intel_dsi.c Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued 2016-01-18 08:18:16 +01:00
intel_dsi.h drm/i915/dsi: abstract get pclk platform differences 2016-01-08 13:25:12 +02:00
intel_dsi_panel_vbt.c drm/i915/dsi: add debug printing of the new sequence block names 2016-01-11 19:20:59 +02:00
intel_dsi_pll.c drm/i915/dsi: remove unused dsi_rr_formula() 2016-01-08 13:30:55 +02:00
intel_dvo.c drm: Pass 'name' to drm_encoder_init() 2015-12-11 09:13:20 +01:00
intel_fbc.c drm/i915: only recompress FBC after flushing a drawing operation 2015-12-03 11:38:11 -02:00
intel_fbdev.c drm/i915: Remove obsolete code from intelfb_alloc() 2015-12-21 17:03:25 +01:00
intel_fifo_underrun.c drm/i915: Introduce bdw_{update,enable,disable}_pipe_irq() 2015-11-26 18:55:39 +02:00
intel_frontbuffer.c
intel_guc.h drm/i915/guc: Decouple GuC engine id from ring id 2016-01-25 10:56:30 +00:00
intel_guc_fwif.h drm/i915/guc: Decouple GuC engine id from ring id 2016-01-25 10:56:30 +00:00
intel_guc_loader.c drm/i915/guc: Fix a memory leak where guc->execbuf_client is not freed 2016-01-18 09:58:49 +00:00
intel_hdmi.c Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued 2016-01-18 08:18:16 +01:00
intel_hotplug.c drm/i915: intel_hpd_init(): Fix suspend/resume reprobing 2016-01-13 10:49:42 +02:00
intel_i2c.c drm/i915: Separate cherryview from valleyview 2015-12-10 11:07:24 +01:00
intel_lrc.c drm/i915/guc: Decouple GuC engine id from ring id 2016-01-25 10:56:30 +00:00
intel_lrc.h drm/i915: Do not call API requiring struct_mutex where it is not available 2016-01-18 09:58:36 +00:00
intel_lvds.c drm: Pass 'name' to drm_encoder_init() 2015-12-11 09:13:20 +01:00
intel_mocs.c drm/i915: Type safe register read/write 2015-11-18 15:39:11 +02:00
intel_mocs.h
intel_modes.c
intel_opregion.c drm/i915/opregion: handle VBT sizes bigger than 6 KB 2015-12-17 11:40:57 +02:00
intel_overlay.c drm/i915: simplify allocation of driver-internal requests 2016-01-21 09:21:29 +01:00
intel_panel.c drm/i915/backlight: prefer dev_priv over dev pointer 2015-12-18 11:37:44 +02:00
intel_pm.c Revert "drm/i915: Add two-stage ILK-style watermark programming (v10)" 2016-01-20 10:07:22 +01:00
intel_psr.c drm/i915: PSR also doesn't have link_entry_time on SKL. 2015-12-11 16:32:56 -08:00
intel_renderstate.h
intel_renderstate_gen6.c
intel_renderstate_gen7.c
intel_renderstate_gen8.c
intel_renderstate_gen9.c
intel_ringbuffer.c drm/i915/gen9: Add WaOCLCoherentLineFlush 2016-01-25 16:49:15 +01:00
intel_ringbuffer.h drm/i915/guc: Decouple GuC engine id from ring id 2016-01-25 10:56:30 +00:00
intel_runtime_pm.c drm/i915: Kill intel_prepare_ddi() 2016-01-12 16:05:12 +02:00
intel_sdvo.c drm: Pass 'name' to drm_encoder_init() 2015-12-11 09:13:20 +01:00
intel_sdvo_regs.h drm/i915/sdvo: revert bogus kernel-doc comments to normal comments 2016-01-20 10:21:34 +02:00
intel_sideband.c
intel_sprite.c Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued 2016-01-18 08:18:16 +01:00
intel_tv.c drm: Pass 'name' to drm_encoder_init() 2015-12-11 09:13:20 +01:00
intel_uncore.c drm/i915: Limit the auto arming of mmio debugs on vlv/chv 2016-01-21 11:52:45 +02:00
Kconfig drm/i915: Remove select to deleted STOP_MACHINE from Kconfig 2016-01-25 16:38:39 +01:00
Makefile