From: Rob Clark <[email protected]>
drm_self_refresh_helper_update_avg_times() was incorrectly accessing the
new incoming state after drm_atomic_helper_commit_hw_done(). But this
state might have already been superceeded by an !nonblock atomic update
resulting in dereferencing an already free'd crtc_state.
TODO I *think* this will more or less do the right thing.. althought I'm
not 100% sure if, for example, we enter psr in a nonblock commit, and
then leave psr in a !nonblock commit that overtakes the completion of
the nonblock commit. Not sure if this sort of scenario can happen in
practice. But not crashing is better than crashing, so I guess we
should either take this patch or rever the self-refresh helpers until
Sean can figure out a better solution.
Fixes: d4da4e33341c ("drm: Measure Self Refresh Entry/Exit times to avoid thrashing")
Cc: Sean Paul <[email protected]>
Signed-off-by: Rob Clark <[email protected]>
---
drivers/gpu/drm/drm_atomic_helper.c | 14 +++++++++++++-
drivers/gpu/drm/drm_self_refresh_helper.c | 15 +++++++++------
include/drm/drm_self_refresh_helper.h | 3 ++-
3 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
index 3ef2ac52ce94..648494c813e5 100644
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -1581,8 +1581,11 @@ static void commit_tail(struct drm_atomic_state *old_state)
{
struct drm_device *dev = old_state->dev;
const struct drm_mode_config_helper_funcs *funcs;
+ struct drm_crtc_state *new_crtc_state;
+ struct drm_crtc *crtc;
ktime_t start;
s64 commit_time_ms;
+ unsigned i, new_self_refresh_mask = 0;
funcs = dev->mode_config.helper_private;
@@ -1602,6 +1605,14 @@ static void commit_tail(struct drm_atomic_state *old_state)
drm_atomic_helper_wait_for_dependencies(old_state);
+ /*
+ * We cannot safely access new_crtc_state after drm_atomic_helper_commit_hw_done()
+ * so figure out which crtc's have self-refresh active beforehand:
+ */
+ for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i)
+ if (new_crtc_state->self_refresh_active)
+ new_self_refresh_mask |= BIT(i);
+
if (funcs && funcs->atomic_commit_tail)
funcs->atomic_commit_tail(old_state);
else
@@ -1610,7 +1621,8 @@ static void commit_tail(struct drm_atomic_state *old_state)
commit_time_ms = ktime_ms_delta(ktime_get(), start);
if (commit_time_ms > 0)
drm_self_refresh_helper_update_avg_times(old_state,
- (unsigned long)commit_time_ms);
+ (unsigned long)commit_time_ms,
+ new_self_refresh_mask);
drm_atomic_helper_commit_cleanup_done(old_state);
diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c
index 68f4765a5896..011b8d5f7dd6 100644
--- a/drivers/gpu/drm/drm_self_refresh_helper.c
+++ b/drivers/gpu/drm/drm_self_refresh_helper.c
@@ -133,6 +133,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
* drm_self_refresh_helper_update_avg_times - Updates a crtc's SR time averages
* @state: the state which has just been applied to hardware
* @commit_time_ms: the amount of time in ms that this commit took to complete
+ * @new_self_refresh_mask: bitmask of crtc's that have self_refresh_active in
+ * new state
*
* Called after &drm_mode_config_funcs.atomic_commit_tail, this function will
* update the average entry/exit self refresh times on self refresh transitions.
@@ -140,22 +142,23 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
* entering self refresh mode after activity.
*/
void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state,
- unsigned int commit_time_ms)
+ unsigned int commit_time_ms,
+ unsigned int new_self_refresh_mask)
{
struct drm_crtc *crtc;
- struct drm_crtc_state *old_crtc_state, *new_crtc_state;
+ struct drm_crtc_state *old_crtc_state;
int i;
- for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state,
- new_crtc_state, i) {
+ for_each_old_crtc_in_state(state, crtc, old_crtc_state, i) {
+ bool new_self_refresh_active = new_self_refresh_mask & BIT(i);
struct drm_self_refresh_data *sr_data = crtc->self_refresh_data;
struct ewma_psr_time *time;
if (old_crtc_state->self_refresh_active ==
- new_crtc_state->self_refresh_active)
+ new_self_refresh_active)
continue;
- if (new_crtc_state->self_refresh_active)
+ if (new_self_refresh_active)
time = &sr_data->entry_avg_ms;
else
time = &sr_data->exit_avg_ms;
diff --git a/include/drm/drm_self_refresh_helper.h b/include/drm/drm_self_refresh_helper.h
index 5b79d253fb46..b2c08b328aa1 100644
--- a/include/drm/drm_self_refresh_helper.h
+++ b/include/drm/drm_self_refresh_helper.h
@@ -13,7 +13,8 @@ struct drm_crtc;
void drm_self_refresh_helper_alter_state(struct drm_atomic_state *state);
void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state,
- unsigned int commit_time_ms);
+ unsigned int commit_time_ms,
+ unsigned int new_self_refresh_mask);
int drm_self_refresh_helper_init(struct drm_crtc *crtc);
void drm_self_refresh_helper_cleanup(struct drm_crtc *crtc);
--
2.23.0
On Mon, Nov 4, 2019 at 9:39 AM Rob Clark <[email protected]> wrote:
>
> From: Rob Clark <[email protected]>
>
> drm_self_refresh_helper_update_avg_times() was incorrectly accessing the
> new incoming state after drm_atomic_helper_commit_hw_done(). But this
> state might have already been superceeded by an !nonblock atomic update
> resulting in dereferencing an already free'd crtc_state.
>
> TODO I *think* this will more or less do the right thing.. althought I'm
> not 100% sure if, for example, we enter psr in a nonblock commit, and
> then leave psr in a !nonblock commit that overtakes the completion of
> the nonblock commit. Not sure if this sort of scenario can happen in
> practice. But not crashing is better than crashing, so I guess we
> should either take this patch or rever the self-refresh helpers until
> Sean can figure out a better solution.
btw, I think we can drop this TODO para from the commit msg.. but
would be nice to get this (1/2) landed in v5.4-fixes as it fixes an
actual regressions..
patch 2/2 probably shouldn't be for v5.4, since according to kbuild
robot it is turning up some other problems.. but I still think it is
probably a good idea
BR,
-R
>
> Fixes: d4da4e33341c ("drm: Measure Self Refresh Entry/Exit times to avoid thrashing")
> Cc: Sean Paul <[email protected]>
> Signed-off-by: Rob Clark <[email protected]>
> ---
> drivers/gpu/drm/drm_atomic_helper.c | 14 +++++++++++++-
> drivers/gpu/drm/drm_self_refresh_helper.c | 15 +++++++++------
> include/drm/drm_self_refresh_helper.h | 3 ++-
> 3 files changed, 24 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
> index 3ef2ac52ce94..648494c813e5 100644
> --- a/drivers/gpu/drm/drm_atomic_helper.c
> +++ b/drivers/gpu/drm/drm_atomic_helper.c
> @@ -1581,8 +1581,11 @@ static void commit_tail(struct drm_atomic_state *old_state)
> {
> struct drm_device *dev = old_state->dev;
> const struct drm_mode_config_helper_funcs *funcs;
> + struct drm_crtc_state *new_crtc_state;
> + struct drm_crtc *crtc;
> ktime_t start;
> s64 commit_time_ms;
> + unsigned i, new_self_refresh_mask = 0;
>
> funcs = dev->mode_config.helper_private;
>
> @@ -1602,6 +1605,14 @@ static void commit_tail(struct drm_atomic_state *old_state)
>
> drm_atomic_helper_wait_for_dependencies(old_state);
>
> + /*
> + * We cannot safely access new_crtc_state after drm_atomic_helper_commit_hw_done()
> + * so figure out which crtc's have self-refresh active beforehand:
> + */
> + for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i)
> + if (new_crtc_state->self_refresh_active)
> + new_self_refresh_mask |= BIT(i);
> +
> if (funcs && funcs->atomic_commit_tail)
> funcs->atomic_commit_tail(old_state);
> else
> @@ -1610,7 +1621,8 @@ static void commit_tail(struct drm_atomic_state *old_state)
> commit_time_ms = ktime_ms_delta(ktime_get(), start);
> if (commit_time_ms > 0)
> drm_self_refresh_helper_update_avg_times(old_state,
> - (unsigned long)commit_time_ms);
> + (unsigned long)commit_time_ms,
> + new_self_refresh_mask);
>
> drm_atomic_helper_commit_cleanup_done(old_state);
>
> diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c
> index 68f4765a5896..011b8d5f7dd6 100644
> --- a/drivers/gpu/drm/drm_self_refresh_helper.c
> +++ b/drivers/gpu/drm/drm_self_refresh_helper.c
> @@ -133,6 +133,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
> * drm_self_refresh_helper_update_avg_times - Updates a crtc's SR time averages
> * @state: the state which has just been applied to hardware
> * @commit_time_ms: the amount of time in ms that this commit took to complete
> + * @new_self_refresh_mask: bitmask of crtc's that have self_refresh_active in
> + * new state
> *
> * Called after &drm_mode_config_funcs.atomic_commit_tail, this function will
> * update the average entry/exit self refresh times on self refresh transitions.
> @@ -140,22 +142,23 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
> * entering self refresh mode after activity.
> */
> void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state,
> - unsigned int commit_time_ms)
> + unsigned int commit_time_ms,
> + unsigned int new_self_refresh_mask)
> {
> struct drm_crtc *crtc;
> - struct drm_crtc_state *old_crtc_state, *new_crtc_state;
> + struct drm_crtc_state *old_crtc_state;
> int i;
>
> - for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state,
> - new_crtc_state, i) {
> + for_each_old_crtc_in_state(state, crtc, old_crtc_state, i) {
> + bool new_self_refresh_active = new_self_refresh_mask & BIT(i);
> struct drm_self_refresh_data *sr_data = crtc->self_refresh_data;
> struct ewma_psr_time *time;
>
> if (old_crtc_state->self_refresh_active ==
> - new_crtc_state->self_refresh_active)
> + new_self_refresh_active)
> continue;
>
> - if (new_crtc_state->self_refresh_active)
> + if (new_self_refresh_active)
> time = &sr_data->entry_avg_ms;
> else
> time = &sr_data->exit_avg_ms;
> diff --git a/include/drm/drm_self_refresh_helper.h b/include/drm/drm_self_refresh_helper.h
> index 5b79d253fb46..b2c08b328aa1 100644
> --- a/include/drm/drm_self_refresh_helper.h
> +++ b/include/drm/drm_self_refresh_helper.h
> @@ -13,7 +13,8 @@ struct drm_crtc;
>
> void drm_self_refresh_helper_alter_state(struct drm_atomic_state *state);
> void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state,
> - unsigned int commit_time_ms);
> + unsigned int commit_time_ms,
> + unsigned int new_self_refresh_mask);
>
> int drm_self_refresh_helper_init(struct drm_crtc *crtc);
> void drm_self_refresh_helper_cleanup(struct drm_crtc *crtc);
> --
> 2.23.0
>
On Mon, Nov 04, 2019 at 09:37:36AM -0800, Rob Clark wrote:
> From: Rob Clark <[email protected]>
>
> drm_self_refresh_helper_update_avg_times() was incorrectly accessing the
> new incoming state after drm_atomic_helper_commit_hw_done(). But this
> state might have already been superceeded by an !nonblock atomic update
> resulting in dereferencing an already free'd crtc_state.
>
> TODO I *think* this will more or less do the right thing.. althought I'm
> not 100% sure if, for example, we enter psr in a nonblock commit, and
> then leave psr in a !nonblock commit that overtakes the completion of
> the nonblock commit. Not sure if this sort of scenario can happen in
> practice. But not crashing is better than crashing, so I guess we
> should either take this patch or rever the self-refresh helpers until
> Sean can figure out a better solution.
>
> Fixes: d4da4e33341c ("drm: Measure Self Refresh Entry/Exit times to avoid thrashing")
> Cc: Sean Paul <[email protected]>
> Signed-off-by: Rob Clark <[email protected]>
Thanks for tracking this down, Rob. I gave it a spin on my rk3399 kevin and it
behaved as expected.
I've pushed this patch to drm-misc-fixes in hopes it'll catch 5.4
Sean
> ---
> drivers/gpu/drm/drm_atomic_helper.c | 14 +++++++++++++-
> drivers/gpu/drm/drm_self_refresh_helper.c | 15 +++++++++------
> include/drm/drm_self_refresh_helper.h | 3 ++-
> 3 files changed, 24 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
> index 3ef2ac52ce94..648494c813e5 100644
> --- a/drivers/gpu/drm/drm_atomic_helper.c
> +++ b/drivers/gpu/drm/drm_atomic_helper.c
> @@ -1581,8 +1581,11 @@ static void commit_tail(struct drm_atomic_state *old_state)
> {
> struct drm_device *dev = old_state->dev;
> const struct drm_mode_config_helper_funcs *funcs;
> + struct drm_crtc_state *new_crtc_state;
> + struct drm_crtc *crtc;
> ktime_t start;
> s64 commit_time_ms;
> + unsigned i, new_self_refresh_mask = 0;
>
> funcs = dev->mode_config.helper_private;
>
> @@ -1602,6 +1605,14 @@ static void commit_tail(struct drm_atomic_state *old_state)
>
> drm_atomic_helper_wait_for_dependencies(old_state);
>
> + /*
> + * We cannot safely access new_crtc_state after drm_atomic_helper_commit_hw_done()
> + * so figure out which crtc's have self-refresh active beforehand:
> + */
> + for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i)
> + if (new_crtc_state->self_refresh_active)
> + new_self_refresh_mask |= BIT(i);
> +
> if (funcs && funcs->atomic_commit_tail)
> funcs->atomic_commit_tail(old_state);
> else
> @@ -1610,7 +1621,8 @@ static void commit_tail(struct drm_atomic_state *old_state)
> commit_time_ms = ktime_ms_delta(ktime_get(), start);
> if (commit_time_ms > 0)
> drm_self_refresh_helper_update_avg_times(old_state,
> - (unsigned long)commit_time_ms);
> + (unsigned long)commit_time_ms,
> + new_self_refresh_mask);
>
> drm_atomic_helper_commit_cleanup_done(old_state);
>
> diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c
> index 68f4765a5896..011b8d5f7dd6 100644
> --- a/drivers/gpu/drm/drm_self_refresh_helper.c
> +++ b/drivers/gpu/drm/drm_self_refresh_helper.c
> @@ -133,6 +133,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
> * drm_self_refresh_helper_update_avg_times - Updates a crtc's SR time averages
> * @state: the state which has just been applied to hardware
> * @commit_time_ms: the amount of time in ms that this commit took to complete
> + * @new_self_refresh_mask: bitmask of crtc's that have self_refresh_active in
> + * new state
> *
> * Called after &drm_mode_config_funcs.atomic_commit_tail, this function will
> * update the average entry/exit self refresh times on self refresh transitions.
> @@ -140,22 +142,23 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
> * entering self refresh mode after activity.
> */
> void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state,
> - unsigned int commit_time_ms)
> + unsigned int commit_time_ms,
> + unsigned int new_self_refresh_mask)
> {
> struct drm_crtc *crtc;
> - struct drm_crtc_state *old_crtc_state, *new_crtc_state;
> + struct drm_crtc_state *old_crtc_state;
> int i;
>
> - for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state,
> - new_crtc_state, i) {
> + for_each_old_crtc_in_state(state, crtc, old_crtc_state, i) {
> + bool new_self_refresh_active = new_self_refresh_mask & BIT(i);
> struct drm_self_refresh_data *sr_data = crtc->self_refresh_data;
> struct ewma_psr_time *time;
>
> if (old_crtc_state->self_refresh_active ==
> - new_crtc_state->self_refresh_active)
> + new_self_refresh_active)
> continue;
>
> - if (new_crtc_state->self_refresh_active)
> + if (new_self_refresh_active)
> time = &sr_data->entry_avg_ms;
> else
> time = &sr_data->exit_avg_ms;
> diff --git a/include/drm/drm_self_refresh_helper.h b/include/drm/drm_self_refresh_helper.h
> index 5b79d253fb46..b2c08b328aa1 100644
> --- a/include/drm/drm_self_refresh_helper.h
> +++ b/include/drm/drm_self_refresh_helper.h
> @@ -13,7 +13,8 @@ struct drm_crtc;
>
> void drm_self_refresh_helper_alter_state(struct drm_atomic_state *state);
> void drm_self_refresh_helper_update_avg_times(struct drm_atomic_state *state,
> - unsigned int commit_time_ms);
> + unsigned int commit_time_ms,
> + unsigned int new_self_refresh_mask);
>
> int drm_self_refresh_helper_init(struct drm_crtc *crtc);
> void drm_self_refresh_helper_cleanup(struct drm_crtc *crtc);
> --
> 2.23.0
>
--
Sean Paul, Software Engineer, Google / Chromium OS