Re: [PATCH] drm/sched: fix potential page fault in drm_sched_job_init()

From: Luben Tuikov
Date: Wed Nov 08 2023 - 23:27:05 EST

Next message: Herbert Xu: "Re: [RFC PATCH 71/86] treewide: lib: remove cond_resched()"
Previous message: Can Guo: "Re: [PATCH v2 3/7] scsi: ufs: ufs-qcom: Allow the first init start with the maximum supported gear"
In reply to: Danilo Krummrich: "Re: [PATCH] drm/sched: fix potential page fault in drm_sched_job_init()"
Next in thread: Danilo Krummrich: "Re: [PATCH] drm/sched: fix potential page fault in drm_sched_job_init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2023-11-08 19:09, Danilo Krummrich wrote:
> On 11/8/23 06:46, Luben Tuikov wrote:
>> Hi,
>>
>> Could you please use my gmail address, the one one I'm responding from--I don't want
>> to miss any DRM scheduler patches. BTW, the luben.tuikov@xxxxxxx email should bounce
>> as undeliverable.
>>
>> On 2023-11-07 21:26, Danilo Krummrich wrote:
>>> Commit 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable
>>> number of run-queues") introduces drm_err() in drm_sched_job_init(), in
>>> order to indicate that the given entity has no runq, however at this
>>> time job->sched is not yet set, likely to be NULL initialized, and hence
>>> shouldn't be used.
>>>
>>> Replace the corresponding drm_err() call with pr_err() to avoid a
>>> potential page fault.
>>>
>>> While at it, extend the documentation of drm_sched_job_init() to
>>> indicate that job->sched is not a valid pointer until
>>> drm_sched_job_arm() has been called.
>>>
>>> Fixes: 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues")
>>> Signed-off-by: Danilo Krummrich <dakr@xxxxxxxxxx>
>>> ---
>>> drivers/gpu/drm/scheduler/sched_main.c | 5 ++++-
>>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c
>>> index 27843e37d9b7..dd28389f0ddd 100644
>>> --- a/drivers/gpu/drm/scheduler/sched_main.c
>>> +++ b/drivers/gpu/drm/scheduler/sched_main.c
>>> @@ -680,6 +680,9 @@ EXPORT_SYMBOL(drm_sched_resubmit_jobs);
>>> * This function returns -ENOENT in this case (which probably should be -EIO as
>>> * a more meanigful return value).
>>> *
>>> + * Note that job->sched is not a valid pointer until drm_sched_job_arm() has
>>> + * been called.
>>> + *
>>
>> Good catch!
>>
>> Did you actually get this to page-fault and have a kernel log?
>
> No, I just found it because I was about to make the same mistake.
>
>>
>> I'm asking because we see it correctly set in this kernel log coming from AMD,
>
> I think that's because amdgpu just sets job->sched to *some* scheduler instance after
> job allocation [1].
>
> [1] https://elixir.bootlin.com/linux/latest/source/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c#L108
>
>>
>> [ 11.886024] amdgpu 0000:0a:00.0: [drm] *ERROR* drm_sched_job_init: entity has no rq!
>>
>> in this email,
>> https://lore.kernel.org/r/CADnq5_PS64jYS_Y3kGW27m-kuWP+FQFiaVcOaZiB=JLSgPnXBQ@xxxxxxxxxxxxxx
>>
>>> * Returns 0 for success, negative error code otherwise.
>>> */
>>> int drm_sched_job_init(struct drm_sched_job *job,
>>> @@ -691,7 +694,7 @@ int drm_sched_job_init(struct drm_sched_job *job,
>>> * or worse--a blank screen--leave a trail in the
>>> * logs, so this can be debugged easier.
>>> */
>>> - drm_err(job->sched, "%s: entity has no rq!\n", __func__);
>>> + pr_err("%s: entity has no rq!\n", __func__);
>>
>> Is it feasible to do something like the following?
>>
>> dev_err(job->sched ? job->sched->dev : NULL, "%s: entity has no rq!\n", __func__);
>
> I don't think that's a good idea. Although I'd assume that every driver zero-initializes its job
> structures, I can't see a rule enforcing that. Hence, job->sched can be a random value until
> drm_sched_job_arm() is called.

Okay. However, when using pr_err() we're losing "[drm] *ERROR* " prefix and we scan for that
in the logs to quickly find the cause of the error.

Perhaps we can define pr_fmt() and also include "*ERROR*" so that we can get the desired result
as the attached patch shows?
--
Regards,
Luben
From 1f3ed97947a406a555a3efea05cab67da94172e7 Mon Sep 17 00:00:00 2001
From: Danilo Krummrich <dakr@xxxxxxxxxx>
Date: Wed, 8 Nov 2023 03:26:07 +0100
Subject: [PATCH] drm/sched: fix potential page fault in drm_sched_job_init()

Commit 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable
number of run-queues") introduces drm_err() in drm_sched_job_init(), in
order to indicate that the given entity has no runq, however at this
time job->sched is not yet set, likely to be NULL initialized, and hence
shouldn't be used.

Replace the corresponding drm_err() call with pr_err() to avoid a
potential page fault.

While at it, extend the documentation of drm_sched_job_init() to
indicate that job->sched is not a valid pointer until
drm_sched_job_arm() has been called.

v2: Add pr_fmt to drm_printk.h. Add "*ERROR*" to this pr_err() message. (Luben)

Fixes: 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues")
Signed-off-by: Danilo Krummrich <dakr@xxxxxxxxxx>
Link: https://patchwork.freedesktop.org/patch/msgid/20231108022716.15250-1-dakr@xxxxxxxxxx
Signed-off-by: Luben Tuikov <ltuikov89@xxxxxxxxx>
---
drivers/gpu/drm/scheduler/sched_main.c | 5 ++++-
include/drm/drm_print.h | 9 +++++++++
2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c
index cd0dc3f81d05f0..bd13d4c8c385a8 100644
--- a/drivers/gpu/drm/scheduler/sched_main.c
+++ b/drivers/gpu/drm/scheduler/sched_main.c
@@ -680,6 +680,9 @@ EXPORT_SYMBOL(drm_sched_resubmit_jobs);
* This function returns -ENOENT in this case (which probably should be -EIO as
* a more meanigful return value).
*
+ * Note that job->sched is not a valid pointer until drm_sched_job_arm() has
+ * been called.
+ *
* Returns 0 for success, negative error code otherwise.
*/
int drm_sched_job_init(struct drm_sched_job *job,
@@ -691,7 +694,7 @@ int drm_sched_job_init(struct drm_sched_job *job,
* or worse--a blank screen--leave a trail in the
* logs, so this can be debugged easier.
*/
- drm_err(job->sched, "%s: entity has no rq!\n", __func__);
+ pr_err("*ERROR* %s: entity has no rq!\n", __func__);
return -ENOENT;
}

diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h
index a93a387f8a1a15..0132d563c8cfb9 100644
--- a/include/drm/drm_print.h
+++ b/include/drm/drm_print.h
@@ -26,6 +26,15 @@
#ifndef DRM_PRINT_H_
#define DRM_PRINT_H_

+/* Define this before including linux/printk.h, so that the format
+ * string in pr_*() macros is correctly set for DRM. If a file wants
+ * to define this to something else, it should do so before including
+ * this header file.
+ */
+#ifndef pr_fmt
+#define pr_fmt(fmt) "[drm] " fmt
+#endif
+
#include <linux/compiler.h>
#include <linux/printk.h>
#include <linux/seq_file.h>

base-commit: 8d88e4cdce4f5c56de55174a4d32ea9c06f7fa66
--
2.42.1

Attachment: OpenPGP_0x4C15479431A334AF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Next message: Herbert Xu: "Re: [RFC PATCH 71/86] treewide: lib: remove cond_resched()"
Previous message: Can Guo: "Re: [PATCH v2 3/7] scsi: ufs: ufs-qcom: Allow the first init start with the maximum supported gear"
In reply to: Danilo Krummrich: "Re: [PATCH] drm/sched: fix potential page fault in drm_sched_job_init()"
Next in thread: Danilo Krummrich: "Re: [PATCH] drm/sched: fix potential page fault in drm_sched_job_init()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]