Quoting Christian König (2020-07-07 11:58:26)
Am 07.07.20 um 10:59 schrieb Daniel Vetter:
On Tue, Jul 7, 2020 at 9:27 AM Lepton Wu ytht.net@gmail.com wrote:
For pages which are allocated in ttm with transparent huge pages, tail pages have zero as reference count. The current vgem code use get_page on them and it will trigger BUG when release_pages get called on those pages later.
Here I attach the minimal code to trigger this bug on a qemu VM which enables virtio gpu (card1) and vgem (card0). BTW, since the upstream virtio gpu has changed to use drm gem and moved away from ttm. So we have to use an old kernel like 5.4 to reproduce it. But I guess same thing could happen for a real GPU if the real GPU use similar code path to allocate pages from ttm. I am not sure about two things: first, do we need to fix this? will a real GPU hit this code path? Second, suppose this need to be fixed, should this be fixed in ttm side or vgem side? If we remove "huge_flags &= ~__GFP_COMP" from ttm_get_pages, then get_page in vgem works fine. But it's there for fix another bug: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.freed... It could also be "fixed" with this patch. But I am really not sure if this is the way to go.
For imported dma-buf objects, vgem should not handle this itself, but forward to the exporter through the dma_buf_mmap stuff. We have helpers for this all now, probably just not wired up correctly. Trying to ensure that all combinations of mmap code across all drivers work the same doesn't work.
Yes, Daniel is right what vgem does here is fundamentally broken in many ways.
First of all nobody should ever call get_page() on the pages TTM has allocated. Those pages come out of a block box and should not be touched by anybody.
It doesn't. It's only used on the pages vgem allocates (from shmemfs). So I'm really confused as to how ttm gets involved here. -Chris