Re: [PATCH] drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()

From: Javier Martinez Canillas
Date: Tue Feb 07 2023 - 05:45:04 EST

Next message: David Howells: "Re: Need help tracking down a bug in the bio-FOLL_PIN patches"
Previous message: Andrew Jones: "Re: [PATCH v6 2/8] RISC-V: KVM: Add SBI PMU extension support"
In reply to: Asahi Lina: "Re: [PATCH] drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()"
Next in thread: Thomas Zimmermann: "Re: [PATCH] drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/7/23 11:33, Asahi Lina wrote:
> On 07/02/2023 03.47, Javier Martinez Canillas wrote:
>> Hello Lina,
>>
>> On 2/5/23 13:51, Asahi Lina wrote:
>>> Other functions touching shmem->sgt take the pages lock, so do that here
>>> too. drm_gem_shmem_get_pages() & co take the same lock, so move to the
>>> _locked() variants to avoid recursive locking.
>>>
>>> Discovered while auditing locking to write the Rust abstractions.
>>>
>>> Fixes: 2194a63a818d ("drm: Add library for shmem backed GEM objects")
>>> Fixes: 4fa3d66f132b ("drm/shmem: Do dma_unmap_sg before purging pages")
>>> Signed-off-by: Asahi Lina <lina@xxxxxxxxxxxxx>
>>> ---
>>
>> Good catch. The patch looks good to me.
>>
>> Reviewed-by: Javier Martinez Canillas <javierm@xxxxxxxxxx>
>>
>> What about drm_gem_shmem_free() BTW, I believe that the helper should also
>> grab the lock before unmap / free the sgtable?
>
> That's called from driver free callbacks, so it should only be called
> when there are no other users left and the refcount is zero, right? If
> there's anyone else racing it I think we have bigger problems than the
> pages lock at that point, since the last thing it does is `kfree(shmem);` ^^
>

Yes, I was wondering only for the critical section that does:

if (shmem->sgt) {
dma_unmap_sgtable(obj->dev->dev, shmem->sgt,
DMA_BIDIRECTIONAL, 0);
sg_free_table(shmem->sgt);
kfree(shmem->sgt);
}
if (shmem->pages)
drm_gem_shmem_put_pages(shmem);

> (In Rust terms this is equivalent to the Drop trait, which takes a
> mutable/exclusive reference, which means no other reference to the
> object can exist at that point, so no races are possible. And in fact in
> my Rust abstraction I trigger a drop of the Rust object embedded in the
> shmem object before calling drm_gem_shmem_free(), so if this invariant
> doesn't hold that code would be wrong too!)
>

But I guess you are correct and would be safe to assume that the .free
callback won't race against other struct drm_gem_object_funcs handlers.
I just felt to ask since wasn't sure about that.

I'll wait a few days in case someone else wants to take a look to your
patch and then push it to drm-misc. Thanks again!

--
Best regards,

Javier Martinez Canillas
Core Platforms
Red Hat

Next message: David Howells: "Re: Need help tracking down a bug in the bio-FOLL_PIN patches"
Previous message: Andrew Jones: "Re: [PATCH v6 2/8] RISC-V: KVM: Add SBI PMU extension support"
In reply to: Asahi Lina: "Re: [PATCH] drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()"
Next in thread: Thomas Zimmermann: "Re: [PATCH] drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]