From: Boris Brezillon <boris.brezillon@collabora.com>
To: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: kernel@collabora.com, "Thomas Zimmermann" <tzimmermann@suse.de>,
"Emma Anholt" <emma@anholt.net>,
"Christian König" <christian.koenig@amd.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
"Maxime Ripard" <mripard@kernel.org>,
"Gurchetan Singh" <gurchetansingh@chromium.org>,
"Melissa Wen" <mwen@igalia.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Steven Price" <steven.price@arm.com>,
virtualization@lists.linux-foundation.org,
"Qiang Yu" <yuq825@gmail.com>
Subject: Re: [PATCH v16 02/20] drm/shmem-helper: Use flag for tracking page count bumped by get_pages_sgt()
Date: Tue, 5 Sep 2023 09:40:50 +0200 [thread overview]
Message-ID: <20230905094050.3c918a43@collabora.com> (raw)
In-Reply-To: <20230903170736.513347-3-dmitry.osipenko@collabora.com>
On Sun, 3 Sep 2023 20:07:18 +0300
Dmitry Osipenko <dmitry.osipenko@collabora.com> wrote:
> Use separate flag for tracking page count bumped by shmem->sgt to avoid
> imbalanced page counter during of drm_gem_shmem_free() time. It's fragile
> to assume that populated shmem->pages at a freeing time means that the
> count was bumped by drm_gem_shmem_get_pages_sgt(), using a flag removes
> the ambiguity.
>
> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
> ---
> drivers/gpu/drm/drm_gem_shmem_helper.c | 11 ++++++++++-
> drivers/gpu/drm/lima/lima_gem.c | 1 +
> include/drm/drm_gem_shmem_helper.h | 7 +++++++
> 3 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c
> index 6693d4061ca1..848435e08eb2 100644
> --- a/drivers/gpu/drm/drm_gem_shmem_helper.c
> +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
> @@ -152,8 +152,10 @@ void drm_gem_shmem_free(struct drm_gem_shmem_object *shmem)
> sg_free_table(shmem->sgt);
> kfree(shmem->sgt);
> }
> - if (shmem->pages)
> + if (shmem->pages) {
> drm_gem_shmem_put_pages(shmem);
> + drm_WARN_ON(obj->dev, !shmem->got_pages_sgt);
> + }
Already mentioned in v15, but I keep thinking the following:
if (shmem->sgt) {
// existing code in the preceding
// if (shmem->sgt) branch
...
/*
* Release the implicit pages ref taken in
* drm_gem_shmem_get_pages_sgt_locked().
*/
drm_gem_shmem_put_pages(shmem);
}
does exactly the same without requiring the addition of a new field.
>
> drm_WARN_ON(obj->dev, shmem->pages_use_count);
>
> @@ -693,6 +695,13 @@ static struct sg_table *drm_gem_shmem_get_pages_sgt_locked(struct drm_gem_shmem_
> if (ret)
> goto err_free_sgt;
>
> + /*
> + * This flag prevents imbalanced pages_use_count during
> + * drm_gem_shmem_free(), where pages_use_count=1 only if
> + * drm_gem_shmem_get_pages_sgt() was used by a driver.
> + */
> + shmem->got_pages_sgt = true;
> +
> shmem->sgt = sgt;
>
> return sgt;
> diff --git a/drivers/gpu/drm/lima/lima_gem.c b/drivers/gpu/drm/lima/lima_gem.c
> index 4f9736e5f929..67c39b95e30e 100644
> --- a/drivers/gpu/drm/lima/lima_gem.c
> +++ b/drivers/gpu/drm/lima/lima_gem.c
> @@ -48,6 +48,7 @@ int lima_heap_alloc(struct lima_bo *bo, struct lima_vm *vm)
>
> bo->base.pages = pages;
> bo->base.pages_use_count = 1;
> + bo->base.got_pages_sgt = true;
>
> mapping_set_unevictable(mapping);
> }
> diff --git a/include/drm/drm_gem_shmem_helper.h b/include/drm/drm_gem_shmem_helper.h
> index ec70a98a8fe1..a53c0874b3c4 100644
> --- a/include/drm/drm_gem_shmem_helper.h
> +++ b/include/drm/drm_gem_shmem_helper.h
> @@ -73,6 +73,13 @@ struct drm_gem_shmem_object {
> */
> unsigned int vmap_use_count;
>
> + /**
> + * @got_pages_sgt:
> + *
> + * True if SG table was retrieved using drm_gem_shmem_get_pages_sgt()
> + */
> + bool got_pages_sgt : 1;
> +
> /**
> * @imported_sgt:
> *
next prev parent reply other threads:[~2023-09-05 7:40 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-03 17:07 [PATCH v16 00/20] Add generic memory shrinker to VirtIO-GPU and Panfrost DRM drivers Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 01/20] drm/shmem-helper: Fix UAF in error path when freeing SGT of imported GEM Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 02/20] drm/shmem-helper: Use flag for tracking page count bumped by get_pages_sgt() Dmitry Osipenko
2023-09-05 7:40 ` Boris Brezillon [this message]
2023-09-11 23:41 ` Dmitry Osipenko
2023-09-12 7:07 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 03/20] drm/gem: Change locked/unlocked postfix of drm_gem_v/unmap() function names Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 04/20] drm/gem: Add _locked postfix to functions that have unlocked counterpart Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 05/20] drm/v3d: Replace open-coded drm_gem_shmem_free() with drm_gem_object_put() Dmitry Osipenko
2023-09-05 7:33 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 06/20] drm/virtio: Replace " Dmitry Osipenko
2023-09-05 7:20 ` Boris Brezillon
2023-09-11 23:32 ` Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 07/20] drm/shmem-helper: Make all exported symbols GPL Dmitry Osipenko
2023-09-05 7:05 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 08/20] drm/shmem-helper: Refactor locked/unlocked functions Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 09/20] drm/shmem-helper: Remove obsoleted is_iomem test Dmitry Osipenko
2023-09-05 6:46 ` Boris Brezillon
2023-09-13 0:06 ` Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 10/20] drm/shmem-helper: Add and use pages_pin_count Dmitry Osipenko
2023-09-05 6:39 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 11/20] drm/shmem-helper: Use refcount_t for pages_use_count Dmitry Osipenko
2023-09-05 6:56 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 12/20] drm/shmem-helper: Add and use lockless drm_gem_shmem_get_pages() Dmitry Osipenko
2023-09-05 6:58 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 13/20] drm/shmem-helper: Switch drm_gem_shmem_vmap/vunmap to use pin/unpin Dmitry Osipenko
2023-09-05 7:00 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 14/20] drm/shmem-helper: Use refcount_t for vmap_use_count Dmitry Osipenko
2023-09-05 7:05 ` Boris Brezillon
2023-09-03 17:07 ` [PATCH v16 15/20] drm/shmem-helper: Add memory shrinker Dmitry Osipenko
2023-09-05 8:03 ` Boris Brezillon
2023-09-13 0:56 ` Dmitry Osipenko
2023-09-13 7:48 ` Boris Brezillon
2023-09-14 4:02 ` Dmitry Osipenko
2023-09-14 7:36 ` Boris Brezillon
2023-09-14 7:50 ` Dmitry Osipenko
2023-09-14 8:27 ` Boris Brezillon
2023-09-14 11:36 ` Dmitry Osipenko
2023-09-14 11:58 ` Boris Brezillon
2023-09-14 13:01 ` Dmitry Osipenko
2023-09-14 13:27 ` Boris Brezillon
2023-09-14 13:30 ` Boris Brezillon
2023-09-14 13:58 ` Dmitry Osipenko
2023-09-07 10:03 ` Dan Carpenter
2023-09-07 10:03 ` Dan Carpenter
2023-09-11 23:44 ` Dmitry Osipenko
2023-09-11 23:44 ` Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 16/20] drm/shmem-helper: Export drm_gem_shmem_get_pages_sgt_locked() Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 17/20] drm/virtio: Pin display framebuffer BO Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 18/20] drm/virtio: Attach shmem BOs dynamically Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 19/20] drm/virtio: Support memory shrinking Dmitry Osipenko
2023-09-03 17:07 ` [PATCH v16 20/20] drm/panfrost: Switch to generic memory shrinker Dmitry Osipenko
2023-09-04 13:20 ` Steven Price
2023-09-05 8:08 ` Boris Brezillon
2023-09-06 10:55 ` Steven Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230905094050.3c918a43@collabora.com \
--to=boris.brezillon@collabora.com \
--cc=christian.koenig@amd.com \
--cc=dmitry.osipenko@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=emma@anholt.net \
--cc=gurchetansingh@chromium.org \
--cc=kernel@collabora.com \
--cc=kraxel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mripard@kernel.org \
--cc=mwen@igalia.com \
--cc=steven.price@arm.com \
--cc=tzimmermann@suse.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=yuq825@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.