1. 06 12月, 2013 2 次提交
    • D
      drm/i915: Fix use-after-free in do_switch · acc240d4
      Daniel Vetter 提交于
      So apparently under ridiculous amounts of memory pressure we can get
      into trouble in do_switch when we try to move the old hw context
      backing storage object onto the active lists.
      
      With list debugging enabled that usually results in us chasing a
      poisoned pointer - which means we've hit upon a vma that has been
      removed from all lrus with list_del (and then deallocated, so it's a
      real use-after free).
      
      Ian Lister has done some great callchain chasing and noticed that we
      can reenter do_switch:
      
      i915_gem_do_execbuffer()
      
      i915_switch_context()
      
      do_switch()
         from = ring->last_context;
         i915_gem_object_pin()
      
            i915_gem_object_bind_to_gtt()
               ret = drm_mm_insert_node_in_range_generic();
               // If the above call fails then it will try i915_gem_evict_something()
               // If that fails it will call i915_gem_evict_everything() ...
      	 i915_gem_evict_everything()
      	    i915_gpu_idle()
      	       i915_switch_context(DEFAULT_CONTEXT)
      
      Like with everything else where the shrinker or eviction code can
      invalidate pointers we need to reload relevant state.
      
      Note that there's no need to recheck whether a context switch is still
      required because:
      
      - Doing a switch to the same context is harmless (besides wasting a
        bit of energy).
      
      - This can only happen with the default context. But since that one's
        pinned we'll never call down into evict_everything under normal
        circumstances. Note that there's a little driver bringup fun
        involved namely that we could recourse into do_switch for the
        initial switch. Atm we're fine since we assign the context pointer
        only after the call to do_switch at driver load or resume time. And
        in the gpu reset case we skip the entire setup sequence (which might
        be a bug on its own, but definitely not this one here).
      
      Cc'ing stable since apparently ChromeOS guys are seeing this in the
      wild (and not just on artificial stress tests), see the reference.
      
      Note that in upstream code doesn't calle evict_everything directly
      from evict_something, that's an extension in this product branch. But
      we can still hit upon this bug (and apparently we do, see the linked
      backtraces). I've noticed this while trying to construct a testcase
      for this bug and utterly failed to provoke it. It looks like we need
      to driver the system squarly into the lowmem wall and provoke the
      shrinker to evict the context object by doing the last-ditch
      evict_everything call.
      
      Aside: There's currently no means to get a badly-fragmenting hw
      context object away from a bad spot in the upstream code. We should
      fix this by at least adding some code to evict_something to handle hw
      contexts.
      
      References: https://code.google.com/p/chromium/issues/detail?id=248191Reported-by: NIan Lister <ian.lister@intel.com>
      Cc: Ian Lister <ian.lister@intel.com>
      Cc: stable@vger.kernel.org
      Cc: Ben Widawsky <benjamin.widawsky@intel.com>
      Cc: Stéphane Marchesin <marcheu@chromium.org>
      Cc: Bloomfield, Jon <jon.bloomfield@intel.com>
      Tested-by: NRafael Barbalho <rafael.barbalho@intel.com>
      Reviewed-by: NIan Lister <ian.lister@intel.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      acc240d4
    • D
      drm/i915: fix pm init ordering · f742a552
      Daniel Vetter 提交于
      Shovel a bit more of the the code into the setup function, and call
      it earlier. Otherwise lockdep is unhappy since we cancel the delayed
      resume work before it's initialized.
      
      While at it also shovel the pc8 setup code into the same functions.
      I wanted to also ditch the header declaration of the hws pc8 functions,
      but for unfathomable reasons that stuff is in intel_display.c instead
      of intel_pm.c.
      
      Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=71980Tested-by: NGuo Jinxian <jinxianx.guo@intel.com>
      Reviewed-by: NDamien Lespiau <damien.lespiau@intel.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      f742a552
  2. 04 12月, 2013 4 次提交
  3. 29 11月, 2013 5 次提交
  4. 28 11月, 2013 3 次提交
  5. 27 11月, 2013 2 次提交
  6. 25 11月, 2013 1 次提交
  7. 21 11月, 2013 1 次提交
  8. 20 11月, 2013 1 次提交
    • D
      drm/i915: Fix gen3 self-refresh watermarks · f727b490
      Daniel Vetter 提交于
      This regression has been introduced in
      
      commit 4fe8590a
      Author: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Date:   Wed Sep 4 18:25:22 2013 +0300
      
          drm/i915: Use adjusted_mode appropriately when computing watermarks
      
      I guess we should renable the enabled local variable into something a
      notch more descriptive, but that's something for -next.
      
      The effect on my i945gme netbook is pretty severe amounts of underruns
      - usually the very first pixel gets used for the entire screeen.
      
      Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Cc: Damien Lespiau <damien.lespiau@intel.com>
      Reviewed-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      f727b490
  9. 19 11月, 2013 5 次提交
  10. 18 11月, 2013 1 次提交
    • D
      drm/i915: restore the early forcewake cleanup · ef46e0d2
      Daniel Vetter 提交于
      Some BIOS just leak the forcewak bits, which we clean up.
      Unfortunately this has been broken in
      
      commit 521198a2
      Author: Mika Kuoppala <mika.kuoppala@linux.intel.com>
      Date:   Fri Aug 23 16:52:30 2013 +0300
      
          drm/i915: sanitize forcewake registers on reset
      
      To make this work both for resets and for BIOS takeover just add the
      forcewake clearing call back to intel_uncore_early_sanitize.
      
      We need to clear the forcewake in early sanitize so that the forcewak
      dance in intel_uncore_init (to figure out whether we have mt or legacy
      forcewake on ivb) works. That cleanup fits in nicely with the general
      topic of early_sanitize to prepare for the very first mmio ops.
      
      Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Reported-by: NJörg Otte <jrg.otte@gmail.com>
      Cc: Jörg Otte <jrg.otte@gmail.com>
      References: https://lkml.org/lkml/2013/11/16/40
      Cc: stable@vger.kernel.org (for 3.12 only)
      Reviewed-by: NChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      ef46e0d2
  11. 16 11月, 2013 2 次提交
  12. 15 11月, 2013 1 次提交
  13. 14 11月, 2013 6 次提交
  14. 13 11月, 2013 3 次提交
  15. 12 11月, 2013 1 次提交
  16. 11 11月, 2013 1 次提交
    • D
      Merge branch 'gma500-next' of git://github.com/patjak/drm-gma500 into drm-next · cf0613d2
      Dave Airlie 提交于
      SDVO support for minnowboard
      
      * 'gma500-next' of git://github.com/patjak/drm-gma500:
        drm/gma500/mrst: Add SDVO to output init
        drm/gma500/mrst: Don't blindly guess a mode for LVDS
        drm/gma500/mrst: Setup GMBUS for oaktrail/mrst
        drm/gma500/mrst: Replace WMs and chickenbits with values from EMGD
        drm/gma500/mrst: Add aux register writes to SDVO
        drm/gma500/mrst: Properly route oaktrail hdmi hooks
        drm/gma500/mrst: Add aux register writes when programming pipe
        drm/gma500/mrst: Add SDVO clock calculation
        drm/gma500: Add aux device support for gmbus
        drm/gma500: Add support for aux pci vdc device
        drm/gma500: Add chip specific sdvo masks
        drm/gma500: Add Minnowboard to the IS_MRST() macro
      cf0613d2
  17. 10 11月, 2013 1 次提交