On 09/06/2021 22:29, Jason Ekstrand wrote:
Ever since 0eafec6d3244 ("drm/i915: Enable lockless lookup of request
tracking via RCU"), the i915 driver has used SLAB_TYPESAFE_BY_RCU (it
was called SLAB_DESTROY_BY_RCU at the time) in order to allow RCU on
i915_request. As nifty as SLAB_TYPESAFE_BY_RCU may be, it comes with
some serious disclaimers. In particular, objects can get recycled while
RCU readers are still in-flight. This can be ok if everyone who touches
these objects knows about the disclaimers and is careful. However,
because we've chosen to use SLAB_TYPESAFE_BY_RCU for i915_request and
because i915_request contains a dma_fence, we've leaked
SLAB_TYPESAFE_BY_RCU and its whole pile of disclaimers to every driver
in the kernel which may consume a dma_fence.
I don't think the part about leaking is true...
We've tried to keep it somewhat contained by doing most of the hard work
to prevent access of recycled objects via dma_fence_get_rcu_safe().
However, a quick grep of kernel sources says that, of the 30 instances
of dma_fence_get_rcu*, only 11 of them use dma_fence_get_rcu_safe().
It's likely there bear traps in DRM and related subsystems just waiting
for someone to accidentally step in them.
...because dma_fence_get_rcu_safe apears to be about whether the
*pointer* to the fence itself is rcu protected, not about the fence
object itself.
If one has a stable pointer to a fence dma_fence_get_rcu is I think
enough to deal with SLAB_TYPESAFE_BY_RCU used by i915_request (as dma
fence is a base object there). Unless you found a bug in rq field
recycling. But access to the dma fence is all tightly controlled so I
don't get what leaks.
This patch series stops us using SLAB_TYPESAFE_BY_RCU for i915_request
and, instead, does an RCU-safe slab free via rcu_call(). This should
let us keep most of the perf benefits of slab allocation while avoiding
the bear traps inherent in SLAB_TYPESAFE_BY_RCU. It then removes support
for SLAB_TYPESAFE_BY_RCU from dma_fence entirely.
According to the rationale behind SLAB_TYPESAFE_BY_RCU traditional RCU
freeing can be a lot more costly so I think we need a clear
justification on why this change is being considered.
Regards,
Tvrtko
Note: The last patch is labled DONOTMERGE. This was at Daniel Vetter's
request as we may want to let this bake for a couple releases before we
rip out dma_fence_get_rcu_safe entirely.
Signed-off-by: Jason Ekstrand <[email protected]>
Cc: Jon Bloomfield <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Christian König <[email protected]>
Cc: Dave Airlie <[email protected]>
Cc: Matthew Auld <[email protected]>
Cc: Maarten Lankhorst <[email protected]>
Jason Ekstrand (5):
drm/i915: Move intel_engine_free_request_pool to i915_request.c
drm/i915: Use a simpler scheme for caching i915_request
drm/i915: Stop using SLAB_TYPESAFE_BY_RCU for i915_request
dma-buf: Stop using SLAB_TYPESAFE_BY_RCU in selftests
DONOTMERGE: dma-buf: Get rid of dma_fence_get_rcu_safe
drivers/dma-buf/dma-fence-chain.c | 8 +-
drivers/dma-buf/dma-resv.c | 4 +-
drivers/dma-buf/st-dma-fence-chain.c | 24 +---
drivers/dma-buf/st-dma-fence.c | 27 +---
drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 4 +-
drivers/gpu/drm/i915/gt/intel_engine_cs.c | 8 --
drivers/gpu/drm/i915/i915_active.h | 4 +-
drivers/gpu/drm/i915/i915_request.c | 147 ++++++++++++----------
drivers/gpu/drm/i915/i915_request.h | 2 -
drivers/gpu/drm/i915/i915_vma.c | 4 +-
include/drm/drm_syncobj.h | 4 +-
include/linux/dma-fence.h | 50 --------
include/linux/dma-resv.h | 4 +-
13 files changed, 110 insertions(+), 180 deletions(-)
