On Sun, 4 Sep 2011 17:35:01 +0200
Daniel Vetter <daniel.vet...@ffwll.ch> wrote:
> This patch closes the following race:
>
> We get a PM interrupt A, mask it, set dev_priv->iir = PM_A and kick
> of the work item. Scheduler isn't grumpy, so the work queue takes
> rps_lock, grabs pm_iir = dev_priv->pm_iir and pm_imr = READ(PMIMR).
> Note that pm_imr == pm_iir because we've just masked the interrupt
> we've got.
>
> Now hw sends out PM interrupt B (not masked), we process it and mask
> it. Later on the irq handler also clears PMIIR.
>
> Then the work item proceeds and at the end clears PMIMR. Because
> (local) pm_imr == pm_iir we have
> pm_imr & ~pm_iir == 0
> so all interrupts are enabled.
>
> Hardware is still interrupt-happy, and sends out a new PM interrupt B.
> PMIMR doesn't mask B (it does not mask anything), PMIIR is cleared, so
> we get it and hit the WARN in the interrupt handler (because
> dev_priv->pm_iir == PM_B).
>
> That's why I've moved the
> WRITE(PMIMR, 0)
> up under the protection of the rps_lock. And write an uncoditional 0
> to PMIMR, because that's what we'll do anyway.
>
> This races looks much more likely because we can arbitrarily extend
> the window by grabing dev->struct mutex right after the irq handler
> has processed the first PM_B interrupt.
>
> Signed-off-by: Daniel Vetter <daniel.vet...@ffwll.ch>
> ---
> drivers/gpu/drm/i915/i915_irq.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_irq.c
> b/drivers/gpu/drm/i915/i915_irq.c index 2fdd9f9..21ebcbd 100644
> --- a/drivers/gpu/drm/i915/i915_irq.c
> +++ b/drivers/gpu/drm/i915/i915_irq.c
> @@ -383,6 +383,7 @@ static void gen6_pm_rps_work(struct work_struct
> *work) pm_iir = dev_priv->pm_iir;
> dev_priv->pm_iir = 0;
> pm_imr = I915_READ(GEN6_PMIMR);
> + I915_WRITE(GEN6_PMIMR, 0);
> spin_unlock_irq(&dev_priv->rps_lock);
>
> if (!pm_iir)
> @@ -420,7 +421,6 @@ static void gen6_pm_rps_work(struct work_struct
> *work)
> * an *extremely* unlikely race with gen6_rps_enable() that
> is prevented
> * by holding struct_mutex for the duration of the write.
> */
> - I915_WRITE(GEN6_PMIMR, pm_imr & ~pm_iir);
> mutex_unlock(&dev_priv->dev->struct_mutex);
> }
>
How about this:
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
index 55518e3..3bc1479 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -415,12 +415,7 @@ static void gen6_pm_rps_work(struct work_struct *work)
gen6_set_rps(dev_priv->dev, new_delay);
dev_priv->cur_delay = new_delay;
- /*
- * rps_lock not held here because clearing is non-destructive. There is
- * an *extremely* unlikely race with gen6_rps_enable() that is prevented
- * by holding struct_mutex for the duration of the write.
- */
- I915_WRITE(GEN6_PMIMR, pm_imr & ~pm_iir);
+ I915_WRITE(GEN6_PMIMR, pm_imr & dev_priv->pm_iir);
mutex_unlock(&dev_priv->dev->struct_mutex);
}
Ben
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
