1. 04 5月, 2020 8 次提交
  2. 03 5月, 2020 1 次提交
  3. 02 5月, 2020 4 次提交
  4. 01 5月, 2020 3 次提交
  5. 30 4月, 2020 10 次提交
  6. 29 4月, 2020 7 次提交
  7. 28 4月, 2020 4 次提交
  8. 27 4月, 2020 3 次提交
    • C
      drm/i915/gt: Sanitize GT first · 4243cd53
      Chris Wilson 提交于
      We see that if the HW doesn't actually sleep, the HW may eat the poison
      we set in its write-only HWSP during sanitize:
      
        intel_gt_resume.part.8: 0000:00:02.0
        __gt_unpark: 0000:00:02.0
        gt_sanitize: 0000:00:02.0 force:yes
        process_csb: 0000:00:02.0 vcs0: cs-irq head=5, tail=90
        process_csb: 0000:00:02.0 vcs0: csb[0]: status=0x5a5a5a5a:0x5a5a5a5a
        assert_pending_valid: Nothing pending for promotion!
      
      The CS TAIL pointer should have been reset by reset_csb_pointers(), so
      in this case it is likely that we have read back from the CPU cache and
      so we must clflush our control over that page. In doing so, push the
      sanitisation to the start of the GT sequence so that our poisoning is
      assuredly before we start talking to the HW.
      
      References: https://gitlab.freedesktop.org/drm/intel/-/issues/1794Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Reviewed-by: NTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20200427084000.10999-1-chris@chris-wilson.co.uk
      4243cd53
    • C
      drm/i915/gt: Check cacheline is valid before acquiring · 2759e395
      Chris Wilson 提交于
      The hwsp_cacheline pointer from i915_request is very, very flimsy. The
      i915_request.timeline (and the hwsp_cacheline) are lost upon retiring
      (after an RCU grace). Therefore we need to confirm that once we have the
      right pointer for the cacheline, it is not in the process of being
      retired and disposed of before we attempt to acquire a reference to the
      cacheline.
      
      <3>[  547.208237] BUG: KASAN: use-after-free in active_debug_hint+0x6a/0x70 [i915]
      <3>[  547.208366] Read of size 8 at addr ffff88822a0d2710 by task gem_exec_parall/2536
      
      <4>[  547.208547] CPU: 3 PID: 2536 Comm: gem_exec_parall Tainted: G     U            5.7.0-rc2-ged7a286b5d02d-kasan_117+ #1
      <4>[  547.208556] Hardware name: Dell Inc. XPS 13 9350/, BIOS 1.4.12 11/30/2016
      <4>[  547.208564] Call Trace:
      <4>[  547.208579]  dump_stack+0x96/0xdb
      <4>[  547.208707]  ? active_debug_hint+0x6a/0x70 [i915]
      <4>[  547.208719]  print_address_description.constprop.6+0x16/0x310
      <4>[  547.208841]  ? active_debug_hint+0x6a/0x70 [i915]
      <4>[  547.208963]  ? active_debug_hint+0x6a/0x70 [i915]
      <4>[  547.208975]  __kasan_report+0x137/0x190
      <4>[  547.209106]  ? active_debug_hint+0x6a/0x70 [i915]
      <4>[  547.209127]  kasan_report+0x32/0x50
      <4>[  547.209257]  ? i915_gemfs_fini+0x40/0x40 [i915]
      <4>[  547.209376]  active_debug_hint+0x6a/0x70 [i915]
      <4>[  547.209389]  debug_print_object+0xa7/0x220
      <4>[  547.209405]  ? lockdep_hardirqs_on+0x348/0x5f0
      <4>[  547.209426]  debug_object_assert_init+0x297/0x430
      <4>[  547.209449]  ? debug_object_free+0x360/0x360
      <4>[  547.209472]  ? lock_acquire+0x1ac/0x8a0
      <4>[  547.209592]  ? intel_timeline_read_hwsp+0x4f/0x840 [i915]
      <4>[  547.209737]  ? i915_active_acquire_if_busy+0x66/0x120 [i915]
      <4>[  547.209861]  i915_active_acquire_if_busy+0x66/0x120 [i915]
      <4>[  547.209990]  ? __live_alloc.isra.15+0xc0/0xc0 [i915]
      <4>[  547.210005]  ? rcu_read_lock_sched_held+0xd0/0xd0
      <4>[  547.210017]  ? print_usage_bug+0x580/0x580
      <4>[  547.210153]  intel_timeline_read_hwsp+0xbc/0x840 [i915]
      <4>[  547.210284]  __emit_semaphore_wait+0xd5/0x480 [i915]
      <4>[  547.210415]  ? i915_fence_get_timeline_name+0x110/0x110 [i915]
      <4>[  547.210428]  ? lockdep_hardirqs_on+0x348/0x5f0
      <4>[  547.210442]  ? _raw_spin_unlock_irq+0x2a/0x40
      <4>[  547.210567]  ? __await_execution.constprop.51+0x2e0/0x570 [i915]
      <4>[  547.210706]  i915_request_await_dma_fence+0x8f7/0xc70 [i915]
      
      Fixes: 85bedbf1 ("drm/i915/gt: Eliminate the trylock for reading a timeline's hwsp")
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
      Cc: <stable@vger.kernel.org> # v5.6+
      Reviewed-by: NTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20200427093038.29219-1-chris@chris-wilson.co.uk
      2759e395
    • C
      drm/i915/execlists: Check preempt-timeout target before submit_ports · 68ace460
      Chris Wilson 提交于
      We evaluate *active, which is a pointer into execlists->inflight[]
      during dequeue to decide how long a preempt-timeout we need to apply.
      However, as soon as we do the submit_ports, the HW may send its ACK
      interrupt causing us to promote execlists->pending[] tp
      execlists->inflight[], overwriting the value of *active. We know *active
      is only stable until we submit (as we only submit when there is no
      pending promotion).
      
      [   16.102328] BUG: KCSAN: data-race in execlists_dequeue+0x1449/0x1600 [i915]
      [   16.102356]
      [   16.102375] race at unknown origin, with read to 0xffff8881e9500488 of 8 bytes by task 429 on cpu 1:
      [   16.102780]  execlists_dequeue+0x1449/0x1600 [i915]
      [   16.103160]  __execlists_submission_tasklet+0x48/0x60 [i915]
      [   16.103540]  execlists_submit_request+0x38e/0x3c0 [i915]
      [   16.103940]  submit_notify+0x8f/0xc0 [i915]
      [   16.104308]  __i915_sw_fence_complete+0x61/0x420 [i915]
      [   16.104683]  i915_sw_fence_complete+0x58/0x80 [i915]
      [   16.105054]  i915_sw_fence_commit+0x16/0x20 [i915]
      [   16.105457]  __i915_request_queue+0x60/0x70 [i915]
      [   16.105843]  i915_gem_do_execbuffer+0x2d6b/0x4230 [i915]
      [   16.106227]  i915_gem_execbuffer2_ioctl+0x2b0/0x580 [i915]
      [   16.106257]  drm_ioctl_kernel+0xe9/0x130
      [   16.106279]  drm_ioctl+0x27d/0x45e
      [   16.106311]  ksys_ioctl+0x89/0xb0
      [   16.106336]  __x64_sys_ioctl+0x42/0x60
      [   16.106370]  do_syscall_64+0x6e/0x2c0
      [   16.106397]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
      Reviewed-by: NTvrtko Ursulin <tvrtko.ursulin@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20200426094231.21995-1-chris@chris-wilson.co.uk
      68ace460