[PATCH 5.10 081/120] drm/i915/gt: Close race between enable_breadcrumbs and cancel_breadcrumbs

From: Greg Kroah-Hartman
Date: Mon Feb 08 2021 - 12:23:55 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.10 086/120] io_uring: dont modify identitys files uncess identity is cowed"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 043/120] net/mlx5e: Release skb in case of failure in tc update skb"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 043/120] net/mlx5e: Release skb in case of failure in tc update skb"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 086/120] io_uring: dont modify identitys files uncess identity is cowed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>

commit e4747cb3ec3c232d65c84cbe77633abd5871fda3 upstream.

If we enable_breadcrumbs for a request while that request is being
removed from HW; we may see that the request is active as we take the
ce->signal_lock and proceed to attach the request to ce->signals.
However, during unsubmission after marking the request as inactive, we
see that the request has not yet been added to ce->signals and so skip
the removal. Pull the check during cancel_breadcrumbs under the same
spinlock as enabling so that we the two tests are consistent in
enable/cancel.

Otherwise, we may insert a request onto ce->signals that we expect should
not be there:

intel_context_remove_breadcrumbs:488 GEM_BUG_ON(!__i915_request_is_complete(rq))

While updating, we can note that we are always called with
irqs-disabled, due to the engine->active.lock being held at the single
caller, and so remove the irqsave/restore making it symmetric to
enable_breadcrumbs.

Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/2931
Fixes: c18636f76344 ("drm/i915: Remove requirement for holding i915_request.lock for breadcrumbs")
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
Cc: Andi Shyti <andi.shyti@xxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx> # v5.10+
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20210119162057.31097-1-chris@xxxxxxxxxxxxxxxxxx
(cherry picked from commit e7004ea4f5f528f5a5018f0b70cab36d25315498)
Signed-off-by: Jani Nikula <jani.nikula@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/gpu/drm/i915/gt/intel_breadcrumbs.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/i915/gt/intel_breadcrumbs.c
+++ b/drivers/gpu/drm/i915/gt/intel_breadcrumbs.c
@@ -451,10 +451,12 @@ void i915_request_cancel_breadcrumb(stru
struct intel_context *ce = rq->context;
bool release;

- if (!test_and_clear_bit(I915_FENCE_FLAG_SIGNAL, &rq->fence.flags))
+ spin_lock(&ce->signal_lock);
+ if (!test_and_clear_bit(I915_FENCE_FLAG_SIGNAL, &rq->fence.flags)) {
+ spin_unlock(&ce->signal_lock);
return;
+ }

- spin_lock(&ce->signal_lock);
list_del_rcu(&rq->signal_link);
release = remove_signaling_context(rq->engine->breadcrumbs, ce);
spin_unlock(&ce->signal_lock);

Next message: Greg Kroah-Hartman: "[PATCH 5.10 086/120] io_uring: dont modify identitys files uncess identity is cowed"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 043/120] net/mlx5e: Release skb in case of failure in tc update skb"
In reply to: Greg Kroah-Hartman: "[PATCH 5.10 043/120] net/mlx5e: Release skb in case of failure in tc update skb"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.10 086/120] io_uring: dont modify identitys files uncess identity is cowed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]