commit d4aeee776017b6da6dcd12f453cd82a3c951a0dc · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

drm/i915: Disable pagefaults along execbuffer relocation fast path

Along the fast path for relocation handling, we attempt to copy directly
from the user data structures whilst holding our mutex. This causes
lockdep to warn about circular lock dependencies if we need to pagefault
the user pages. [Since when handling a page fault on a mmapped bo, we
need to acquire the struct mutex whilst already holding the mm
semaphore, it is then verboten to acquire the mm semaphore when already
holding the struct mutex. The likelihood of the user passing in the
relocations contained in a GTT mmaped bo is low, but conceivable for
extreme pathology.] In order to force the mm to return EFAULT rather
than handle the pagefault, we therefore need to disable pagefaults
across the relocation fast path.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: stable@kernel.org
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>

Chris Wilson 15 years ago d4aeee77 ed0291fd

+16 -3

1 changed file

expand all

unified split

drivers

gpu

drm

i915

i915_gem_execbuffer.c

+16 -3

drivers/gpu/drm/i915/i915_gem_execbuffer.c

··· 367 uint32_t __iomem *reloc_entry; 368 void __iomem *reloc_page; 369 370 ret = i915_gem_object_set_to_gtt_domain(obj, 1); 371 if (ret) 372 return ret; ··· 444 struct list_head *objects) 445 { 446 struct drm_i915_gem_object *obj; 447 - int ret; 448 449 list_for_each_entry(obj, objects, exec_list) { 450 ret = i915_gem_execbuffer_relocate_object(obj, eb); 451 if (ret) 452 - return ret; 453 } 454 455 - return 0; 456 } 457 458 static int

··· 367 uint32_t __iomem *reloc_entry; 368 void __iomem *reloc_page; 369 370 + /* We can't wait for rendering with pagefaults disabled */ 371 + if (obj->active && in_atomic()) 372 + return -EFAULT; 373 + 374 ret = i915_gem_object_set_to_gtt_domain(obj, 1); 375 if (ret) 376 return ret; ··· 440 struct list_head *objects) 441 { 442 struct drm_i915_gem_object *obj; 443 + int ret = 0; 444 445 + /* This is the fast path and we cannot handle a pagefault whilst 446 + * holding the struct mutex lest the user pass in the relocations 447 + * contained within a mmaped bo. For in such a case we, the page 448 + * fault handler would call i915_gem_fault() and we would try to 449 + * acquire the struct mutex again. Obviously this is bad and so 450 + * lockdep complains vehemently. 451 + */ 452 + pagefault_disable(); 453 list_for_each_entry(obj, objects, exec_list) { 454 ret = i915_gem_execbuffer_relocate_object(obj, eb); 455 if (ret) 456 + break; 457 } 458 + pagefault_enable(); 459 460 + return ret; 461 } 462 463 static int