From: Boris Brezillon <boris.brezillon@collabora.com>
To: Steven Price <steven.price@arm.com>
Cc: Liviu Dudau <liviu.dudau@arm.com>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Simona Vetter <simona@ffwll.ch>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
Jann Horn <jannh@google.com>
Subject: Re: [PATCH] drm/panthor: Lock XArray when getting entries for heap and VM
Date: Wed, 6 Nov 2024 14:34:02 +0100 [thread overview]
Message-ID: <20241106143402.4bbaea96@collabora.com> (raw)
In-Reply-To: <20d75e2c-c5a5-48c3-ac99-a9e15f19b872@arm.com>
On Wed, 6 Nov 2024 13:17:29 +0000
Steven Price <steven.price@arm.com> wrote:
> On 06/11/2024 12:07, Liviu Dudau wrote:
> > Similar to cac075706f29 ("drm/panthor: Fix race when converting
> > group handle to group object") we need to use the XArray's internal
> > locking when retrieving a pointer from there for heap and vm.
> >
> > Reported-by: Jann Horn <jannh@google.com>
> > Cc: Boris Brezillon <boris.brezillon@collabora.com>
> > Cc: Steven Price <steven.price@arm.com>
> > Signed-off-by: Liviu Dudau <liviu.dudau@arm.com>
> > ---
> > drivers/gpu/drm/panthor/panthor_heap.c | 15 +++++++++++++--
> > drivers/gpu/drm/panthor/panthor_mmu.c | 2 ++
> > 2 files changed, 15 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/panthor/panthor_heap.c b/drivers/gpu/drm/panthor/panthor_heap.c
> > index 3796a9eb22af2..fe0bcb6837f74 100644
> > --- a/drivers/gpu/drm/panthor/panthor_heap.c
> > +++ b/drivers/gpu/drm/panthor/panthor_heap.c
> > @@ -351,6 +351,17 @@ int panthor_heap_create(struct panthor_heap_pool *pool,
> > return ret;
> > }
> >
> > +static struct panthor_heap *panthor_heap_from_id(struct pathor_heap_pool *pool, u32 id)
> > +{
> > + struct panthor_heap *heap;
> > +
> > + xa_lock(&pool->xa);
> > + heap = xa_load(&pool->xa, id);
> > + xa_unlock(&pool->va);
> > +
> > + return heap;
> > +}
>
> This locking doesn't actually achieve anything - XArray already deals
> with the concurrency (with RCU), and if we're doing nothing more than an
> xa_load() then we don't need (extra) locking (unless using the __
> prefixed functions).
>
> And, as Boris has pointed out, pool->lock is held. As you mention in
> your email the missing bit might be panthor_heap_pool_release() - if
> it's not holding a lock then the heap could be freed immediately after
> panthor_heap_from_id() returns (even with the above change).
Hm, if we call panthor_heap_from_id(), that means we have a heap pool to
pass, and incidentally, we're supposed to hold a ref on this pool. So I
don't really see how the heap pool can go away, unless someone messed
up with the refcounting in the meantime.
>
> Steve
>
> > +
> > /**
> > * panthor_heap_return_chunk() - Return an unused heap chunk
> > * @pool: The pool this heap belongs to.
> > @@ -375,7 +386,7 @@ int panthor_heap_return_chunk(struct panthor_heap_pool *pool,
> > return -EINVAL;
> >
> > down_read(&pool->lock);
> > - heap = xa_load(&pool->xa, heap_id);
> > + heap = panthor_heap_from_id(pool, heap_id);
> > if (!heap) {
> > ret = -EINVAL;
> > goto out_unlock;
> > @@ -438,7 +449,7 @@ int panthor_heap_grow(struct panthor_heap_pool *pool,
> > return -EINVAL;
> >
> > down_read(&pool->lock);
> > - heap = xa_load(&pool->xa, heap_id);
> > + heap = panthor_heap_from_id(pool, heap_id);
> > if (!heap) {
> > ret = -EINVAL;
> > goto out_unlock;
> > diff --git a/drivers/gpu/drm/panthor/panthor_mmu.c b/drivers/gpu/drm/panthor/panthor_mmu.c
> > index 8ca85526491e6..8b5cda9d21768 100644
> > --- a/drivers/gpu/drm/panthor/panthor_mmu.c
> > +++ b/drivers/gpu/drm/panthor/panthor_mmu.c
> > @@ -1580,7 +1580,9 @@ panthor_vm_pool_get_vm(struct panthor_vm_pool *pool, u32 handle)
> > {
> > struct panthor_vm *vm;
> >
> > + xa_lock(&pool->xa);
> > vm = panthor_vm_get(xa_load(&pool->xa, handle));
> > + xa_unlock(&pool->va);
> >
> > return vm;
> > }
>
next prev parent reply other threads:[~2024-11-06 13:34 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-06 12:07 [PATCH] drm/panthor: Lock XArray when getting entries for heap and VM Liviu Dudau
2024-11-06 12:14 ` Mihail Atanassov
2024-11-06 14:54 ` Mihail Atanassov
2024-11-06 12:16 ` Boris Brezillon
2024-11-06 13:10 ` Liviu Dudau
2024-11-06 13:21 ` Boris Brezillon
2024-11-06 18:59 ` Liviu Dudau
2024-11-06 12:17 ` Boris Brezillon
2024-11-06 13:17 ` Steven Price
2024-11-06 13:34 ` Boris Brezillon [this message]
2024-11-06 13:40 ` Steven Price
2024-11-06 17:32 ` kernel test robot
2024-11-06 17:53 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241106143402.4bbaea96@collabora.com \
--to=boris.brezillon@collabora.com \
--cc=airlied@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=liviu.dudau@arm.com \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=simona@ffwll.ch \
--cc=steven.price@arm.com \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.