We need to serialise the addition of a new fence into the shared list
such that the fence is visible before we claim it is there. Otherwise a
concurrent reader of the shared fence list will see an uninitialised
fence slot before it is set.
<4> [109.613162] general protection fault: 0000 [#1] PREEMPT SMP PTI
<4> [109.613177] CPU: 1 PID: 1357 Comm: gem_busy Tainted: G U
4.19.0-rc8-CI-CI_DRM_5035+ #1
<4> [109.613189] Hardware name: Dell Inc. XPS 8300 /0Y2MRG, BIOS A06
10/17/2011
<4> [109.613252] RIP: 0010:i915_gem_busy_ioctl+0x146/0x380 [i915]
<4> [109.613261] Code: 0b 43 04 49 83 c6 08 4d 39 e6 89 43 04 74 6d 4d 8b 3e
e8 5d 54 f4 e0 85 c0 74 0d 80 3d 08 71 1d 00 00
0f 84 bb 00 00 00 31 c0 <49> 81 7f 08 20 3a 2c a0 75 cc 41 8b 97 50 02 00 00
49 8b 8f a8 00
<4> [109.613283] RSP: 0018:ffffc9000044bcf8 EFLAGS: 00010246
<4> [109.613292] RAX: 0000000000000000 RBX: ffffc9000044bdc0 RCX:
0000000000000001
<4> [109.613302] RDX: 0000000000000000 RSI: 00000000ffffffff RDI:
ffffffff822474a0
<4> [109.613311] RBP: ffffc9000044bd28 R08: ffff88021e158680 R09:
0000000000000001
<4> [109.613321] R10: 0000000000000040 R11: 0000000000000000 R12:
ffff88021e1641b8
<4> [109.613331] R13: 0000000000000003 R14: ffff88021e1641b0 R15:
6b6b6b6b6b6b6b6b
<4> [109.613341] FS: 00007f9c9fc84980(0000) GS:ffff880227a40000(0000)
knlGS:0000000000000000
<4> [109.613352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [109.613360] CR2: 00007f9c9fcb8000 CR3: 00000002247d4005 CR4:
00000000000606e0
Fixes: 27836b641c1b ("dma-buf: remove shared fence staging in reservation
object")
Testcase: igt/gem_busy/close-race
Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk>
Cc: Christian König <christian.koe...@amd.com>
Cc: Junwei Zhang <jerry.zh...@amd.com>
Cc: Huang Rui <ray.hu...@amd.com>
Cc: Sumit Semwal <sumit.sem...@linaro.org>
---
drivers/dma-buf/reservation.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/dma-buf/reservation.c b/drivers/dma-buf/reservation.c
index 5fb4fd461908..c1618335ca99 100644
--- a/drivers/dma-buf/reservation.c
+++ b/drivers/dma-buf/reservation.c
@@ -147,16 +147,17 @@ void reservation_object_add_shared_fence(struct
reservation_object *obj,
struct dma_fence *fence)
{
struct reservation_object_list *fobj;
- unsigned int i;
+ unsigned int i, count;
dma_fence_get(fence);
fobj = reservation_object_get_list(obj);
+ count = fobj->shared_count;
preempt_disable();
write_seqcount_begin(&obj->seq);
- for (i = 0; i < fobj->shared_count; ++i) {
+ for (i = 0; i < count; ++i) {
struct dma_fence *old_fence;
old_fence = rcu_dereference_protected(fobj->shared[i],
@@ -169,14 +170,13 @@ void reservation_object_add_shared_fence(struct
reservation_object *obj,
}
BUG_ON(fobj->shared_count >= fobj->shared_max);
- fobj->shared_count++;
+ count++;
replace:
- /*
- * memory barrier is added by write_seqcount_begin,
- * fobj->shared_count is protected by this lock too
- */
RCU_INIT_POINTER(fobj->shared[i], fence);
+ /* pointer update must be visible before we extend the shared_count */
+ smp_store_mb(fobj->shared_count, count);
+
write_seqcount_end(&obj->seq);
preempt_enable();
}
--
2.19.1
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
