linux_dsm_epyc7002/drivers/gpu/drm/i915
Chris Wilson 4f2a572eda drm/i915/userptr: Never allow userptr into the mappable GGTT
Daniel Vetter uncovered a nasty cycle in using the mmu-notifiers to
invalidate userptr objects which also happen to be pulled into GGTT
mmaps. That is when we unbind the userptr object (on mmu invalidation),
we revoke all CPU mmaps, which may then recurse into mmu invalidation.

We looked for ways of breaking the cycle, but the revocation on
invalidation is required and cannot be avoided. The only solution we
could see was to not allow such GGTT bindings of userptr objects in the
first place. In practice, no one really wants to use a GGTT mmapping of
a CPU pointer...

Just before Daniel's explosive lockdep patches land in v5.4-rc1, we got
a genuine blip from CI:

<4>[  246.793958] ======================================================
<4>[  246.793972] WARNING: possible circular locking dependency detected
<4>[  246.793989] 5.3.0-gbd6c56f50d15-drmtip_372+ #1 Tainted: G     U
<4>[  246.794003] ------------------------------------------------------
<4>[  246.794017] kswapd0/145 is trying to acquire lock:
<4>[  246.794030] 000000003f565be6 (&dev->struct_mutex/1){+.+.}, at: userptr_mn_invalidate_range_start+0x18f/0x220 [i915]
<4>[  246.794250]
                  but task is already holding lock:
<4>[  246.794263] 000000001799cef9 (&anon_vma->rwsem){++++}, at: page_lock_anon_vma_read+0xe6/0x2a0
<4>[  246.794291]
                  which lock already depends on the new lock.

<4>[  246.794307]
                  the existing dependency chain (in reverse order) is:
<4>[  246.794322]
                  -> #3 (&anon_vma->rwsem){++++}:
<4>[  246.794344]        down_write+0x33/0x70
<4>[  246.794357]        __vma_adjust+0x3d9/0x7b0
<4>[  246.794370]        __split_vma+0x16a/0x180
<4>[  246.794385]        mprotect_fixup+0x2a5/0x320
<4>[  246.794399]        do_mprotect_pkey+0x208/0x2e0
<4>[  246.794413]        __x64_sys_mprotect+0x16/0x20
<4>[  246.794429]        do_syscall_64+0x55/0x1c0
<4>[  246.794443]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[  246.794456]
                  -> #2 (&mapping->i_mmap_rwsem){++++}:
<4>[  246.794478]        down_write+0x33/0x70
<4>[  246.794493]        unmap_mapping_pages+0x48/0x130
<4>[  246.794519]        i915_vma_revoke_mmap+0x81/0x1b0 [i915]
<4>[  246.794519]        i915_vma_unbind+0x11d/0x4a0 [i915]
<4>[  246.794519]        i915_vma_destroy+0x31/0x300 [i915]
<4>[  246.794519]        __i915_gem_free_objects+0xb8/0x4b0 [i915]
<4>[  246.794519]        drm_file_free.part.0+0x1e6/0x290
<4>[  246.794519]        drm_release+0xa6/0xe0
<4>[  246.794519]        __fput+0xc2/0x250
<4>[  246.794519]        task_work_run+0x82/0xb0
<4>[  246.794519]        do_exit+0x35b/0xdb0
<4>[  246.794519]        do_group_exit+0x34/0xb0
<4>[  246.794519]        __x64_sys_exit_group+0xf/0x10
<4>[  246.794519]        do_syscall_64+0x55/0x1c0
<4>[  246.794519]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[  246.794519]
                  -> #1 (&vm->mutex){+.+.}:
<4>[  246.794519]        i915_gem_shrinker_taints_mutex+0x6d/0xe0 [i915]
<4>[  246.794519]        i915_address_space_init+0x9f/0x160 [i915]
<4>[  246.794519]        i915_ggtt_init_hw+0x55/0x170 [i915]
<4>[  246.794519]        i915_driver_probe+0xc9f/0x1620 [i915]
<4>[  246.794519]        i915_pci_probe+0x43/0x1b0 [i915]
<4>[  246.794519]        pci_device_probe+0x9e/0x120
<4>[  246.794519]        really_probe+0xea/0x3d0
<4>[  246.794519]        driver_probe_device+0x10b/0x120
<4>[  246.794519]        device_driver_attach+0x4a/0x50
<4>[  246.794519]        __driver_attach+0x97/0x130
<4>[  246.794519]        bus_for_each_dev+0x74/0xc0
<4>[  246.794519]        bus_add_driver+0x13f/0x210
<4>[  246.794519]        driver_register+0x56/0xe0
<4>[  246.794519]        do_one_initcall+0x58/0x300
<4>[  246.794519]        do_init_module+0x56/0x1f6
<4>[  246.794519]        load_module+0x25bd/0x2a40
<4>[  246.794519]        __se_sys_finit_module+0xd3/0xf0
<4>[  246.794519]        do_syscall_64+0x55/0x1c0
<4>[  246.794519]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[  246.794519]
                  -> #0 (&dev->struct_mutex/1){+.+.}:
<4>[  246.794519]        __lock_acquire+0x15d8/0x1e90
<4>[  246.794519]        lock_acquire+0xa6/0x1c0
<4>[  246.794519]        __mutex_lock+0x9d/0x9b0
<4>[  246.794519]        userptr_mn_invalidate_range_start+0x18f/0x220 [i915]
<4>[  246.794519]        __mmu_notifier_invalidate_range_start+0x85/0x110
<4>[  246.794519]        try_to_unmap_one+0x76b/0x860
<4>[  246.794519]        rmap_walk_anon+0x104/0x280
<4>[  246.794519]        try_to_unmap+0xc0/0xf0
<4>[  246.794519]        shrink_page_list+0x561/0xc10
<4>[  246.794519]        shrink_inactive_list+0x220/0x440
<4>[  246.794519]        shrink_node_memcg+0x36e/0x740
<4>[  246.794519]        shrink_node+0xcb/0x490
<4>[  246.794519]        balance_pgdat+0x241/0x580
<4>[  246.794519]        kswapd+0x16c/0x530
<4>[  246.794519]        kthread+0x119/0x130
<4>[  246.794519]        ret_from_fork+0x24/0x50
<4>[  246.794519]
                  other info that might help us debug this:

<4>[  246.794519] Chain exists of:
                    &dev->struct_mutex/1 --> &mapping->i_mmap_rwsem --> &anon_vma->rwsem

<4>[  246.794519]  Possible unsafe locking scenario:

<4>[  246.794519]        CPU0                    CPU1
<4>[  246.794519]        ----                    ----
<4>[  246.794519]   lock(&anon_vma->rwsem);
<4>[  246.794519]                                lock(&mapping->i_mmap_rwsem);
<4>[  246.794519]                                lock(&anon_vma->rwsem);
<4>[  246.794519]   lock(&dev->struct_mutex/1);
<4>[  246.794519]
                   *** DEADLOCK ***

v2: Say no to mmap_ioctl

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111744
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=111870
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: stable@vger.kernel.org
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190928082546.3473-1-chris@chris-wilson.co.uk
(cherry picked from commit a4311745bb)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2019-10-16 10:56:50 -07:00
..
display drm/i915: Favor last VBT child device with conflicting AUX ch/DDC pin 2019-10-16 10:56:50 -07:00
gem drm/i915/userptr: Never allow userptr into the mappable GGTT 2019-10-16 10:56:50 -07:00
gt drm/i915/execlists: Refactor -EIO markup of hung requests 2019-10-16 10:55:36 -07:00
gvt drm main pull for 5.4-rc1 2019-09-19 16:24:24 -07:00
oa drm/i915/perf: Refactor oa object to better manage resources 2019-08-07 20:34:39 +01:00
selftests drm/i915: Perform GGTT restore much earlier during resume 2019-10-07 10:44:46 -07:00
i915_active_types.h drm/i915: Markup expected timeline locks for i915_active 2019-08-16 18:02:07 +01:00
i915_active.c drm/i915: i915_active.retire() is optional 2019-08-19 16:41:19 +01:00
i915_active.h drm/i915: Markup expected timeline locks for i915_active 2019-08-16 18:02:07 +01:00
i915_buddy.c drm/i915/buddy: use kmemleak_update_trace 2019-08-16 16:28:41 +01:00
i915_buddy.h drm/i915: buddy allocator 2019-08-10 19:47:40 +01:00
i915_cmd_parser.c drm/i915: extract i915_memcpy.h from i915_drv.h 2019-08-09 12:03:25 +03:00
i915_debugfs.c drm/i915: Pull obj->userfault tracking under the ggtt->mutex 2019-08-22 08:53:41 +01:00
i915_debugfs.h
i915_drv.c drm/i915: Perform GGTT restore much earlier during resume 2019-10-07 10:44:46 -07:00
i915_drv.h drm/i915: to make vgpu ppgtt notificaiton as atomic operation 2019-09-06 09:53:12 -07:00
i915_fixed.h
i915_gem_evict.c drm/i915: Replace PIN_NONFAULT with calls to PIN_NOEVICT 2019-08-21 14:07:54 +01:00
i915_gem_fence_reg.c drm/i915: Replace i915_vma_put_fence() 2019-08-22 08:53:42 +01:00
i915_gem_fence_reg.h drm/i915: Track ggtt fence reservations under its own mutex 2019-08-22 08:53:40 +01:00
i915_gem_gtt.c drm/i915: to make vgpu ppgtt notificaiton as atomic operation 2019-09-06 09:53:12 -07:00
i915_gem_gtt.h drm/i915: Replace PIN_NONFAULT with calls to PIN_NOEVICT 2019-08-21 14:07:54 +01:00
i915_gem.c drm/i915/userptr: Never allow userptr into the mappable GGTT 2019-10-16 10:56:50 -07:00
i915_gem.h drm/i915/gt: execlists->active is serialised by the tasklet 2019-10-09 14:39:31 -07:00
i915_getparam.c drm/i915: Isolate i915_getparam_ioctl() 2019-08-07 16:48:24 +01:00
i915_globals.c drm/i915: buddy allocator 2019-08-10 19:47:40 +01:00
i915_globals.h drm/i915: buddy allocator 2019-08-10 19:47:40 +01:00
i915_gpu_error.c Merge drm/drm-next into drm-intel-next-queued 2019-08-22 00:10:36 -07:00
i915_gpu_error.h drm/i915: Only include active engines in the capture state 2019-08-08 21:54:08 +01:00
i915_ioc32.c
i915_irq.c drm/i915/bdw+: Move misc display IRQ handling to it own function 2019-08-13 15:51:12 -07:00
i915_irq.h drm/i915: Extract general GT interrupt handlers 2019-08-12 15:36:13 +01:00
i915_memcpy.c drm/i915: extract i915_memcpy.h from i915_drv.h 2019-08-09 12:03:25 +03:00
i915_memcpy.h drm/i915: extract i915_memcpy.h from i915_drv.h 2019-08-09 12:03:25 +03:00
i915_mm.c drm/i915: Drop expectations of VM_IO from our GGTT mmappings 2019-08-07 12:06:07 +01:00
i915_params.c
i915_params.h
i915_pci.c drm/i915/gtt: disable 2M pages for pre-gen11 2019-08-10 13:19:00 +01:00
i915_perf.c drm/i915: extract i915_perf.h from i915_drv.h 2019-08-09 11:52:04 +03:00
i915_perf.h drm/i915: extract i915_perf.h from i915_drv.h 2019-08-09 11:52:04 +03:00
i915_pmu.c drm/i915: Convert a few more bland dmesg info to be device specific 2019-08-15 13:13:23 +01:00
i915_pmu.h
i915_priolist_types.h drm/i915: Push the wakeref->count deferral to the backend 2019-08-13 21:09:49 +01:00
i915_pvinfo.h
i915_query.c drm/i915/gt: Move the [class][inst] lookup for engines onto the GT 2019-08-06 15:00:43 +01:00
i915_query.h
i915_reg.h drm/i915/tgl: Updated Private PAT programming 2019-08-20 15:23:33 +01:00
i915_request.c drm/i915: Only enqueue already completed requests 2019-10-09 13:18:26 -07:00
i915_request.h drm/i915: Only enqueue already completed requests 2019-10-09 13:18:26 -07:00
i915_scatterlist.c
i915_scatterlist.h
i915_scheduler_types.h
i915_scheduler.c drm/i915: Push the wakeref->count deferral to the backend 2019-08-13 21:09:49 +01:00
i915_scheduler.h
i915_selftest.h drm/i915: make i915_selftest.h self-contained 2019-07-30 13:41:35 -07:00
i915_suspend.c drm/i915: extract i915_suspend.h from i915_drv.h 2019-08-09 12:03:05 +03:00
i915_suspend.h drm/i915: extract i915_suspend.h from i915_drv.h 2019-08-09 12:03:05 +03:00
i915_sw_fence_work.c drm/i915: Generalise the clflush dma-worker 2019-08-22 08:27:44 +01:00
i915_sw_fence_work.h drm/i915: Generalise the clflush dma-worker 2019-08-22 08:27:44 +01:00
i915_sw_fence.c Merge drm/drm-next into drm-intel-next-queued 2019-08-22 00:10:36 -07:00
i915_sw_fence.h Merge drm/drm-next into drm-intel-next-queued 2019-08-22 00:10:36 -07:00
i915_syncmap.c
i915_syncmap.h
i915_sysfs.c drm/i915: extract i915_sysfs.h from i915_drv.h 2019-08-09 11:52:09 +03:00
i915_sysfs.h drm/i915: extract i915_sysfs.h from i915_drv.h 2019-08-09 11:52:09 +03:00
i915_trace_points.c
i915_trace.h drm/i915: rename intel_drv.h to display/intel_display_types.h 2019-08-07 12:43:50 +03:00
i915_user_extensions.c
i915_user_extensions.h
i915_utils.c drm/i915: move printing and load error inject to i915_utils.[ch] 2019-08-09 11:51:58 +03:00
i915_utils.h drm/i915/execlists: Lift process_csb() out of the irq-off spinlock 2019-08-16 20:59:02 +01:00
i915_vgpu.c drm/i915: to make vgpu ppgtt notificaiton as atomic operation 2019-09-06 09:53:12 -07:00
i915_vgpu.h
i915_vma.c drm/i915: Replace i915_vma_put_fence() 2019-08-22 08:53:42 +01:00
i915_vma.h drm/i915: Replace i915_vma_put_fence() 2019-08-22 08:53:42 +01:00
intel_csr.c drm/i915/tgl: update DMC firmware to 2.04 2019-08-20 12:49:29 -07:00
intel_csr.h
intel_device_info.c drm/i915/tgl: add support for reading the timestamp frequency 2019-08-20 12:48:57 -07:00
intel_device_info.h drm/i915/tgl: Tigerlake only has global MOCS registers 2019-07-31 07:40:32 -07:00
intel_gvt.c drm/i915: Add i915 to i915_inject_probe_failure 2019-08-02 21:14:29 +01:00
intel_gvt.h
intel_pch.c drm/i915/cml: Add second PCH ID for CMP 2019-10-09 13:00:56 -07:00
intel_pch.h drm/i915/cml: Add second PCH ID for CMP 2019-10-09 13:00:56 -07:00
intel_pm.c drm/i915/tgl: Introduce initial Tiger Lake workarounds 2019-08-20 15:23:33 +01:00
intel_pm.h
intel_runtime_pm.c drm/i915: avoid including intel_drv.h via i915_drv.h->i915_trace.h 2019-08-07 12:43:14 +03:00
intel_runtime_pm.h Merge drm/drm-next into drm-intel-next-queued 2019-07-29 08:51:48 -07:00
intel_sideband.c drm/i915: remove unnecessary includes of intel_display_types.h header 2019-08-07 12:43:55 +03:00
intel_sideband.h
intel_uncore.c drm/i915: split out uncore_mmio_debug 2019-08-09 20:25:24 +01:00
intel_uncore.h drm/i915: split out uncore_mmio_debug 2019-08-09 20:25:24 +01:00
intel_wakeref.c drm/i915: Push the wakeref->count deferral to the backend 2019-08-13 21:09:49 +01:00
intel_wakeref.h drm/i915: Push the wakeref->count deferral to the backend 2019-08-13 21:09:49 +01:00
intel_wopcm.c drm/i915/wopcm: Fix SPDX tag location 2019-08-16 16:50:03 +01:00
intel_wopcm.h drm/i915/wopcm: Don't fail on WOPCM partitioning failure 2019-08-02 21:14:32 +01:00
Kconfig
Kconfig.debug drm-misc-next for 5.4: 2019-08-27 17:21:04 +10:00
Kconfig.profile
Makefile Kbuild updates for v5.4 2019-09-20 08:36:47 -07:00