• Thomas Hellström's avatar
    drm/i915/ttm: Rework object initialization slightly · 068396bb
    Thomas Hellström authored
    We may end up in i915_ttm_bo_destroy() in an error path before the
    object is fully initialized. In that case it's not correct to call
    __i915_gem_free_object(), because that function
    a) Assumes the gem object refcount is 0, which it isn't.
    b) frees the placements which are owned by the caller until the
    init_object() region ops returns successfully. Fix this by providing
    a lightweight cleanup function __i915_gem_object_fini() which is also
    called by __i915_gem_free_object().
    
    While doing this, also make sure we call dma_resv_fini() as part of
    ordinary object destruction and not from the RCU callback that frees
    the object. This will help track down bugs where the object is incorrectly
    locked from an RCU lookup.
    
    Finally, make sure the object isn't put on the region list until it's
    either locked or fully initialized in order to block list processing of
    partially initialized objects.
    
    v2:
    - The TTM object backend memory was freed before the gem pages were
      put. Separate this functionality into __i915_gem_object_pages_fini()
      and call it from the TTM delete_mem_notify() callback.
    v3:
    - Include i915_gem_object_free_mmaps() in __i915_gem_object_pages_fini()
      to make sure we don't inadvertedly introduce a race.
    
    Fixes: 48b09612 ("drm/i915: Move __i915_gem_free_object to ttm_bo_destroy")
    Signed-off-by: default avatarThomas Hellström <thomas.hellstrom@linux.intel.com>
    Reviewed-by: Matthew Auld <matthew.auld@intel.com> #v1
    Link: https://patchwork.freedesktop.org/patch/msgid/20210930113236.583531-1-thomas.hellstrom@linux.intel.com
    068396bb
i915_gem_object.c 20.1 KB