APPLIED: [Unstable][PATCH] UBUNTU: SAUCE: drm/i915: Synchronize active and retire callbacks

[Andrea Righi]

On Thu, Apr 09, 2020 at 02:21:12PM -0700, Sultan Alsawaf wrote:
> From: Sultan Alsawaf <sultan at kerneltoast.com>
> 
> Active and retire callbacks can run simultaneously, causing panics and
> mayhem. The most notable case is with the intel_context_pin/unpin race
> that causes ring and page table corruption. In 5.4, this race is more
> noticeable because intel_ring_unpin() sets ring->vaddr to NULL and
> causes a clean NULL-pointer-dereference panic, but in newer kernels this
> race goes unnoticed.
> 
> Here is an example of a crash caused by this race on 5.4:
> BUG: unable to handle page fault for address: 0000000000003448
> RIP: 0010:gen8_emit_flush_render+0x163/0x190
> Call Trace:
>  execlists_request_alloc+0x25/0x40
>  __i915_request_create+0x1f4/0x2c0
>  i915_request_create+0x71/0xc0
>  i915_gem_do_execbuffer+0xb98/0x1a80
>  ? preempt_count_add+0x68/0xa0
>  ? _raw_spin_lock+0x13/0x30
>  ? _raw_spin_unlock+0x16/0x30
>  i915_gem_execbuffer2_ioctl+0x1de/0x3c0
>  ? i915_gem_busy_ioctl+0x7f/0x1d0
>  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0
>  drm_ioctl_kernel+0xb2/0x100
>  drm_ioctl+0x209/0x360
>  ? i915_gem_execbuffer_ioctl+0x2d0/0x2d0
>  ksys_ioctl+0x87/0xc0
>  __x64_sys_ioctl+0x16/0x20
>  do_syscall_64+0x4e/0x150
>  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> 
> Protect the active and retire callbacks with their own lock to prevent
> them from running at the same time as one another.
> 
> Fixes: 12c255b5dad1 ("drm/i915: Provide an i915_active.acquire callback")
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Sultan Alsawaf <sultan at kerneltoast.com>
> Signed-off-by: Sultan Alsawaf <sultan.alsawaf at canonical.com>

Applied to unstable/master-next, thanks.

-Andrea