Re: [RFC PATCH] fpga: remove module reference counting from core components
From: Marco Pagani
Date: Fri Nov 03 2023 - 16:32:02 EST
On 2023-10-30 09:32, Xu Yilun wrote:
> On Fri, Oct 27, 2023 at 05:29:27PM +0200, Marco Pagani wrote:
>> Remove unnecessary module reference counting from the core components
>> of the subsystem. Low-level driver modules cannot be removed before
>> core modules since they use their exported symbols.
>
> Could you help show the code for this conclusion?
>
> This is different from what I remember, a module cannot be removed when
> its exported symbols are being used by other modules. IOW, the core
> modules cannot be removed when there exist related low-level driver
> modules. But the low-level driver modules could be removed freely
> without other protecting mechanism.
>
My understanding was that we wanted to remove module reference counting
from the fpga core and ease it from the responsibility of preventing
low-level driver modules from being unloaded.
If we want to keep reference counting in the fpga core, we could add a
struct module *owner field in the struct fpga_manager_ops (and others
core *_ops) so that the low-level driver can set it to THIS_MODULE.
In this way, we can later use it in fpga_mgr_register() to bump up the
refcount of the low-level driver module by calling
try_module_get(mgr->mops->owner) directly when it registers the manager.
Finally, fpga_mgr_unregister() would call module_put(mgr->mops->owner)
to allow unloading the low-level driver module.
In this way, it would no longer be necessary to call try_module_get()
in fpga_mrg_get() since we could use a kref (included in the struct
fpga_manager) to do refcounting for the in-kernel API users. Only when
the kref reaches zero fpga_mgr_unregister() would succeed and put the
low-level driver module.
I think this approach would be safer since it would avoid the crash
that can currently happen if the low-level driver module is removed
right when executing try_module_get() in fpga_mrg_get(). The possible
caveat is that it would be required to call fpga_mgr_unregister()
before being able to remove the low-level driver module.
>>
>> For more context, refer to this thread:
>> https://lore.kernel.org/linux-fpga/ZS6hhlvjUcqyv8zL@yilunxu-OptiPlex-7050
>>
>> Other changes:
>>
>> In __fpga_bridge_get(): do a (missing ?) get_device() and bind the
>
> I think get_device() is in (of)_fpga_bridge_get() -> class_find_device()
> and put_device() correspond to it.
>
You are right. I missed that one.
> But the code style here is rather misleading, the put_device() should be
> moved out to (of)_fpga_bridge_get().
>
Right, I'll improve the (of)_fpga_bridge_get() style for the next version.
>> image to the bridge only after the mutex has been acquired.
>
> This is good to me.
>
>>
>> In __fpga_mgr_get(): do a get_device(). Currently, get_device() is
>> called when allocating an image in fpga_image_info_alloc().
>> However, since there are still two (of_)fpga_mgr_get() functions
>> exposed by the core, I think they should behave as expected.
>
> Same as fpga bridge.
>
>>
>> In fpga_region_get() / fpga_region_put(): call get_device() before
>> acquiring the mutex and put_device() after having released the mutex
>> to avoid races.
>
> Could you help elaborate more about the race?
>
I accidentally misused the word race. My concern was that memory might
be released after the last put_device(), causing mutex_unlock() to be
called on a mutex that does not exist anymore. It should not happen
for the moment since the region does not use devres, but I think it
still makes the code more brittle.
> Thanks,
> Yilun
>
>>
>> Fixes: 654ba4cc0f3e ("fpga manager: ensure lifetime with of_fpga_mgr_get")
>> Signed-off-by: Marco Pagani <marpagan@xxxxxxxxxx>
>> ---
>> drivers/fpga/fpga-bridge.c | 24 +++++++-----------------
>> drivers/fpga/fpga-mgr.c | 8 +-------
>> drivers/fpga/fpga-region.c | 14 ++++----------
>> 3 files changed, 12 insertions(+), 34 deletions(-)
>>
>> diff --git a/drivers/fpga/fpga-bridge.c b/drivers/fpga/fpga-bridge.c
>> index a024be2b84e2..3bcc9c9849c5 100644
>> --- a/drivers/fpga/fpga-bridge.c
>> +++ b/drivers/fpga/fpga-bridge.c
>> @@ -58,30 +58,21 @@ EXPORT_SYMBOL_GPL(fpga_bridge_disable);
>> static struct fpga_bridge *__fpga_bridge_get(struct device *dev,
>> struct fpga_image_info *info)
>> {
>> - struct fpga_bridge *bridge;
>> - int ret = -ENODEV;
>> -
>> - bridge = to_fpga_bridge(dev);
>> + struct fpga_bridge *bridge = to_fpga_bridge(dev);
>>
>> - bridge->info = info;
>> + get_device(dev);
>>
>> if (!mutex_trylock(&bridge->mutex)) {
>> - ret = -EBUSY;
>> - goto err_dev;
>> + dev_dbg(dev, "%s: FPGA Bridge already in use\n", __func__);
>> + put_device(dev);
>> + return ERR_PTR(-EBUSY);
>> }
>>
>> - if (!try_module_get(dev->parent->driver->owner))
>> - goto err_ll_mod;
>> + bridge->info = info;
>>
>> dev_dbg(&bridge->dev, "get\n");
>>
>> return bridge;
>> -
>> -err_ll_mod:
>> - mutex_unlock(&bridge->mutex);
>> -err_dev:
>> - put_device(dev);
>> - return ERR_PTR(ret);
>> }
>>
>> /**
>> @@ -93,7 +84,7 @@ static struct fpga_bridge *__fpga_bridge_get(struct device *dev,
>> * Return:
>> * * fpga_bridge struct pointer if successful.
>> * * -EBUSY if someone already has a reference to the bridge.
>> - * * -ENODEV if @np is not an FPGA Bridge or can't take parent driver refcount.
>> + * * -ENODEV if @np is not an FPGA Bridge.
>> */
>> struct fpga_bridge *of_fpga_bridge_get(struct device_node *np,
>> struct fpga_image_info *info)
>> @@ -146,7 +137,6 @@ void fpga_bridge_put(struct fpga_bridge *bridge)
>> dev_dbg(&bridge->dev, "put\n");
>>
>> bridge->info = NULL;
>> - module_put(bridge->dev.parent->driver->owner);
>> mutex_unlock(&bridge->mutex);
>> put_device(&bridge->dev);
>> }
>> diff --git a/drivers/fpga/fpga-mgr.c b/drivers/fpga/fpga-mgr.c
>> index 06651389c592..6c355eafd18f 100644
>> --- a/drivers/fpga/fpga-mgr.c
>> +++ b/drivers/fpga/fpga-mgr.c
>> @@ -670,14 +670,9 @@ static struct fpga_manager *__fpga_mgr_get(struct device *dev)
>>
>> mgr = to_fpga_manager(dev);
>>
>> - if (!try_module_get(dev->parent->driver->owner))
>> - goto err_dev;
>> + get_device(&mgr->dev);
>>
>> return mgr;
>> -
>> -err_dev:
>> - put_device(dev);
>> - return ERR_PTR(-ENODEV);
>> }
>>
>> static int fpga_mgr_dev_match(struct device *dev, const void *data)
>> @@ -727,7 +722,6 @@ EXPORT_SYMBOL_GPL(of_fpga_mgr_get);
>> */
>> void fpga_mgr_put(struct fpga_manager *mgr)
>> {
>> - module_put(mgr->dev.parent->driver->owner);
>> put_device(&mgr->dev);
>> }
>> EXPORT_SYMBOL_GPL(fpga_mgr_put);
>> diff --git a/drivers/fpga/fpga-region.c b/drivers/fpga/fpga-region.c
>> index b364a929425c..c299956cafdc 100644
>> --- a/drivers/fpga/fpga-region.c
>> +++ b/drivers/fpga/fpga-region.c
>> @@ -41,22 +41,17 @@ EXPORT_SYMBOL_GPL(fpga_region_class_find);
>> * Return:
>> * * fpga_region struct if successful.
>> * * -EBUSY if someone already has a reference to the region.
>> - * * -ENODEV if can't take parent driver module refcount.
>> */
>> static struct fpga_region *fpga_region_get(struct fpga_region *region)
>> {
>> struct device *dev = ®ion->dev;
>>
>> + get_device(dev);
>> +
>> if (!mutex_trylock(®ion->mutex)) {
>> dev_dbg(dev, "%s: FPGA Region already in use\n", __func__);
>> - return ERR_PTR(-EBUSY);
>> - }
>> -
>> - get_device(dev);
>> - if (!try_module_get(dev->parent->driver->owner)) {
>> put_device(dev);
>> - mutex_unlock(®ion->mutex);
>> - return ERR_PTR(-ENODEV);
>> + return ERR_PTR(-EBUSY);
>> }
>>
>> dev_dbg(dev, "get\n");
>> @@ -75,9 +70,8 @@ static void fpga_region_put(struct fpga_region *region)
>>
>> dev_dbg(dev, "put\n");
>>
>> - module_put(dev->parent->driver->owner);
>> - put_device(dev);
>> mutex_unlock(®ion->mutex);
>> + put_device(dev);
>> }
>>
>> /**
>> --
>> 2.41.0
>>
>