From: Boris Brezillon <boris.brezillon@collabora.com>
To: "Christian König" <christian.koenig@amd.com>
Cc: phasta@kernel.org, dakr@kernel.org,
Tvrtko Ursulin <tvrtko.ursulin@igalia.com>,
dri-devel <dri-devel@lists.freedesktop.org>
Subject: Re: dma_fence: force users to take the lock manually
Date: Fri, 6 Mar 2026 11:37:23 +0100 [thread overview]
Message-ID: <20260306113723.1f13010c@fedora> (raw)
In-Reply-To: <9718fa34-95f7-4461-9d01-2ad4eed60b14@amd.com>
On Fri, 6 Mar 2026 10:58:07 +0100
Christian König <christian.koenig@amd.com> wrote:
> On 3/6/26 10:46, Boris Brezillon wrote:
> > On Fri, 6 Mar 2026 09:10:52 +0100
> > Christian König <christian.koenig@amd.com> wrote:
> >> Well as I wrote above you either have super reliable locking in your signaling path or you will need that for error handling.
> >
> > Not really. With rust's ownership model, you can make it so only one
> > thread gets to own the DriverFence (the signal-able fence object), and
> > the DriverFence::signal() method consumes this object. This implies
> > that only one path gets to signal the DriverFence, and after that it
> > vanishes, so no one else can signal it anymore. Just to clarify, by
> > vanishes, I mean that the signal-able view disappears, but the
> > observable object (Fence) can stay around, so it can be monitored (and
> > only monitored) by others. With this model, it doesn't matter that
> > _set_error() is set under a dma_fence locked section or not, because
> > the concurrency is addressed at a higher level.
>
> That whole approach won't work. You have at least the IRQ handler which signals completion and the timeout handler which signals completion with an error.
From a pure rust standpoint, and assuming both path (IRQ handler and
timeout handler) are written in rust, the compiler won't let you signal
concurrently if we design the thing properly, that's what I'm trying to
say. Just to be clear, it doesn't mean you can't have one worker (in a
workqueue context) that can signal a fence and an IRQ handler that can
signal the same fence. It just means that rust won't let you do that
unless you have proper locking in place, and rust will also guarantee
you won't be able to signal a fence that has already been signaled,
because as soon as it's signaled, the signal-able fence should be
consumed.
>
> We have documented that this handling is mandatory for DMA-fences since so many driver implementations got it wrong.
Again, I'm just talking about the rust implementation we're aiming for.
If you start mixing C and rust in the same driver, you're back to the
original problem you described.
>
> That's why Philips patch set removed the return value from dma_fence_signal().
I don't mind that. Just saying that's hopefully a non-issue in the rust
abstraction.
next prev parent reply other threads:[~2026-03-06 10:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 13:54 dma_fence: force users to take the lock manually Philipp Stanner
2026-03-05 13:59 ` Christian König
2026-03-05 15:12 ` Boris Brezillon
2026-03-06 8:10 ` Christian König
2026-03-06 9:46 ` Boris Brezillon
2026-03-06 9:54 ` Philipp Stanner
2026-03-06 10:27 ` Boris Brezillon
2026-03-06 9:58 ` Christian König
2026-03-06 10:37 ` Boris Brezillon [this message]
2026-03-06 11:03 ` Christian König
2026-03-06 11:24 ` Boris Brezillon
2026-03-06 11:57 ` Philipp Stanner
2026-03-06 12:31 ` Christian König
2026-03-06 12:36 ` Philipp Stanner
2026-03-06 12:54 ` Christian König
2026-03-06 14:55 ` Boris Brezillon
2026-03-09 9:33 ` Christian König
2026-03-09 15:06 ` Boris Brezillon
2026-03-09 16:46 ` Christian König
2026-03-06 13:03 ` Danilo Krummrich
2026-03-06 13:15 ` Christian König
2026-03-06 13:36 ` Philipp Stanner
2026-03-06 14:37 ` Christian König
2026-03-06 15:25 ` Boris Brezillon
2026-03-06 15:43 ` Boris Brezillon
2026-03-06 19:02 ` Philipp Stanner
2026-03-09 8:16 ` Boris Brezillon
2026-03-09 9:36 ` Christian König
2026-03-06 14:21 ` Boris Brezillon
2026-03-06 12:48 ` Boris Brezillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260306113723.1f13010c@fedora \
--to=boris.brezillon@collabora.com \
--cc=christian.koenig@amd.com \
--cc=dakr@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=phasta@kernel.org \
--cc=tvrtko.ursulin@igalia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.