On Thu, Mar 31, 2022 at 04:25:13PM +0300, Ville Syrjälä wrote:
> On Thu, Mar 31, 2022 at 03:05:45PM +0200, Maxime Ripard wrote:
> > From: Daniel Vetter <daniel.vet...@ffwll.ch>
> >
> > The stuff never really worked, and leads to lots of fun because it
> > out-of-order frees atomic states. Which upsets KASAN, among other
> > things.
> >
> > For async updates we now have a more solid solution with the
> > ->atomic_async_check and ->atomic_async_commit hooks. Support for that
> > for msm and vc4 landed. nouveau and i915 have their own commit
> > routines, doing something similar.
> >
> > For everyone else it's probably better to remove the use-after-free
> > bug, and encourage folks to use the async support instead. The
> > affected drivers which register a legacy cursor plane and don't either
> > use the new async stuff or their own commit routine are: amdgpu,
> > atmel, mediatek, qxl, rockchip, sti, sun4i, tegra, virtio, and vmwgfx.
> >
> > Inspired by an amdgpu bug report.
> >
> > v2: Drop RFC, I think with amdgpu converted over to use
> > atomic_async_check/commit done in
> >
> > commit 674e78acae0dfb4beb56132e41cbae5b60f7d662
> > Author: Nicholas Kazlauskas <nicholas.kazlaus...@amd.com>
> > Date: Wed Dec 5 14:59:07 2018 -0500
> >
> > drm/amd/display: Add fast path for cursor plane updates
> >
> > we don't have any driver anymore where we have userspace expecting
> > solid legacy cursor support _and_ they are using the atomic helpers in
> > their fully glory. So we can retire this.
> >
> > v3: Paper over msm and i915 regression. The complete_all is the only
> > thing missing afaict.
> >
> > v4: Rebased on recent kernel, added extra link for vc4 bug.
> >
> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=199425
> > Link: https://lore.kernel.org/all/20220221134155.125447-9-max...@cerno.tech/
> > Cc: mikita.lip...@amd.com
> > Cc: Michel Dänzer <mic...@daenzer.net>
> > Cc: harry.wentl...@amd.com
> > Cc: Rob Clark <robdcl...@gmail.com>
> > Cc: "Kazlauskas, Nicholas" <nicholas.kazlaus...@amd.com>
> > Tested-by: Maxime Ripard <max...@cerno.tech>
> > Signed-off-by: Daniel Vetter <daniel.vet...@intel.com>
> > Signed-off-by: Maxime Ripard <max...@cerno.tech>
> > ---
> > drivers/gpu/drm/drm_atomic_helper.c | 13 -------------
> > drivers/gpu/drm/i915/display/intel_display.c | 13 +++++++++++++
> > drivers/gpu/drm/msm/msm_atomic.c | 2 ++
> > 3 files changed, 15 insertions(+), 13 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_atomic_helper.c
> > b/drivers/gpu/drm/drm_atomic_helper.c
> > index 9603193d2fa1..a2899af82b4a 100644
> > --- a/drivers/gpu/drm/drm_atomic_helper.c
> > +++ b/drivers/gpu/drm/drm_atomic_helper.c
> > @@ -1498,13 +1498,6 @@ drm_atomic_helper_wait_for_vblanks(struct drm_device
> > *dev,
> > int i, ret;
> > unsigned int crtc_mask = 0;
> >
> > - /*
> > - * Legacy cursor ioctls are completely unsynced, and userspace
> > - * relies on that (by doing tons of cursor updates).
> > - */
> > - if (old_state->legacy_cursor_update)
> > - return;
> > -
> > for_each_oldnew_crtc_in_state(old_state, crtc, old_crtc_state,
> > new_crtc_state, i) {
> > if (!new_crtc_state->active)
> > continue;
> > @@ -2135,12 +2128,6 @@ int drm_atomic_helper_setup_commit(struct
> > drm_atomic_state *state,
> > continue;
> > }
> >
> > - /* Legacy cursor updates are fully unsynced. */
> > - if (state->legacy_cursor_update) {
> > - complete_all(&commit->flip_done);
> > - continue;
> > - }
> > -
> > if (!new_crtc_state->event) {
> > commit->event = kzalloc(sizeof(*commit->event),
> > GFP_KERNEL);
> > diff --git a/drivers/gpu/drm/i915/display/intel_display.c
> > b/drivers/gpu/drm/i915/display/intel_display.c
> > index bf7ce684dd8e..bde32f5a33cb 100644
> > --- a/drivers/gpu/drm/i915/display/intel_display.c
> > +++ b/drivers/gpu/drm/i915/display/intel_display.c
> > @@ -8855,6 +8855,19 @@ static int intel_atomic_commit(struct drm_device
> > *dev,
> > state->base.legacy_cursor_update = false;
> > }
> >
> > + /*
> > + * FIXME: Cut over to (async) commit helpers instead of hand-rolling
> > + * everything.
> > + */
>
> Intel cursors can't even do async updates so this is rather
> nonsensical. What we need is some kind of reasonable mailbox
> support.
This is not the async plane update you're thinking of. i915 really should
switch over more to atomic helpers.
> > + if (state->base.legacy_cursor_update) {
> > + struct intel_crtc_state *new_crtc_state;
> > + struct intel_crtc *crtc;
> > + int i;
> > +
> > + for_each_new_intel_crtc_in_state(state, crtc, new_crtc_state, i)
> > + complete_all(&new_crtc_state->uapi.commit->flip_done);
> > + }
>
> You can complete what doesn't yet exist. Missing cc: intel-gfx for fireworks.
Yeah that's a rebase error, my patch has it at the right place further
down.
-Daniel
>
> > +
> > ret = intel_atomic_prepare_commit(state);
> > if (ret) {
> > drm_dbg_atomic(&dev_priv->drm,
> > diff --git a/drivers/gpu/drm/msm/msm_atomic.c
> > b/drivers/gpu/drm/msm/msm_atomic.c
> > index 27c9ae563f2f..6ed14fafa40c 100644
> > --- a/drivers/gpu/drm/msm/msm_atomic.c
> > +++ b/drivers/gpu/drm/msm/msm_atomic.c
> > @@ -237,6 +237,8 @@ void msm_atomic_commit_tail(struct drm_atomic_state
> > *state)
> > /* async updates are limited to single-crtc updates: */
> > WARN_ON(crtc_mask != drm_crtc_mask(async_crtc));
> >
> > + complete_all(&async_crtc->state->commit->flip_done);
> > +
> > /*
> > * Start timer if we don't already have an update pending
> > * on this crtc:
> > --
> > 2.35.1
>
> --
> Ville Syrjälä
> Intel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
