From: jeffy <jeffy.chen@rock-chips.com>
To: "Hans de Goede" <hdegoede@redhat.com>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"Sean Paul" <seanpaul@chromium.org>,
linux-kernel@vger.kernel.org, briannorris@chromium.org,
dianders@chromium.org, tfiga@chromium.org, zyw@rock-chips.com,
marcheu@chromium.org, mark.yao@rock-chips.com, hshi@chromium.org,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Jani Nikula" <jani.nikula@linux.intel.com>,
dri-devel@lists.freedesktop.org,
"David Airlie" <airlied@linux.ie>, "Tom Gundersen" <teg@jklm.no>,
"Marco Diego Aurélio Mesquita" <marcodiegomesquita@gmail.com>,
"Patrik Jakobsson" <patrik.r.jakobsson@gmail.com>,
"Dave Airlie" <airlied@redhat.com>
Subject: Re: [PATCH v11] drm: Unplug drm device when unregistering it (v8)
Date: Wed, 31 May 2017 10:39:13 +0800 [thread overview]
Message-ID: <592E2CD1.8080206@rock-chips.com> (raw)
In-Reply-To: <47c5eca2-3624-edbc-bb2d-453645b6bf3b@redhat.com>
Hi Hans,
thanx for investigating :)
On 05/30/2017 03:06 PM, Hans de Goede wrote:
> Hi,
>
> On 29-05-17 22:25, Chris Wilson wrote:
>> On Fri, Apr 14, 2017 at 11:15:04AM -0400, Sean Paul wrote:
>>> On Thu, Apr 13, 2017 at 03:32:44PM +0800, Jeffy Chen wrote:
>>>> After unbinding drm, the user space may still owns the drm dev fd, and
>>>> may still be able to call drm ioctl.
>>>>
>>>> We're using an unplugged state to prevent something like that, so let's
>>>> reuse it here.
>>>>
>>>> Also drop drm_unplug_dev, because it would be unused after other
>>>> changes.
>>>>
>>>> Verified on rk3399 chromebook kevin(with cros 4.4 kernel), no more
>>>> crashes
>>>> when unbinding drm with ui service still running.
>>>>
>>>> v2: Fix some commit messages.
>>>> v3: Reuse unplug status.
>>>> v4: Add drm_device_set_plug_state helper.
>>>> v5: Fix hang when unregistering drm dev with open_count 0.
>>>> v6: Move drm_device_set_plug_state into drm_drv.
>>>> v7: Add missing drm_dev_unref in udl_drv.
>>>> v8: Fix compiler errors after enable udl.
>>>>
>>>> Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
>>>>
>>>> ---
>>>
>>> Hi Jeffy,
>>> Given the trouble we've had with this patch already, coupled with the
>>> fact that
>>> unbinding while userspace is active is a contrived/pathological case,
>>> I don't
>>> think it's worth picking this patch upstream.
>>>
>>> If it's really causing issues downstream, you can add my Reviewed-by
>>> for a CHROMIUM
>>> patch, but I'd rather not carry patches in the CrOS repo if we don't
>>> need to.
>>
>> Would a
>>
>> Fixes: a39be606f99d ("drm: Do a full device unregister when unplugging")
>> Reported-by: Marco Diego Aurélio Mesquita <marcodiegomesquita@gmail.com>
>> Cc: Hans de Goede <hdegoede@redhat.com>
>>
>> convince us to look into this patch again?
>
> The problem is this patch is wrong, see below.
>
>>>> drivers/gpu/drm/drm_drv.c | 26 ++++++++++----------------
>>>> drivers/gpu/drm/udl/udl_drv.c | 3 ++-
>>>> include/drm/drmP.h | 6 ------
>>>> include/drm/drm_drv.h | 1 -
>>>> 4 files changed, 12 insertions(+), 24 deletions(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
>>>> index b5c6bb4..e1da4d1 100644
>>>> --- a/drivers/gpu/drm/drm_drv.c
>>>> +++ b/drivers/gpu/drm/drm_drv.c
>>>> @@ -355,22 +355,6 @@ void drm_put_dev(struct drm_device *dev)
>>>> }
>>>> EXPORT_SYMBOL(drm_put_dev);
>>>> -void drm_unplug_dev(struct drm_device *dev)
>>>> -{
>>>> - /* for a USB device */
>>>> - drm_dev_unregister(dev);
>>>> -
>>>> - mutex_lock(&drm_global_mutex);
>>>> -
>>>> - drm_device_set_unplugged(dev);
>>>> -
>>>> - if (dev->open_count == 0) {
>>>> - drm_put_dev(dev);
>>>> - }
>>>> - mutex_unlock(&drm_global_mutex);
>>>> -}
>>>> -EXPORT_SYMBOL(drm_unplug_dev);
>>>> -
>>>> /*
>>>> * DRM internal mount
>>>> * We want to be able to allocate our own "struct address_space"
>>>> to control
>>>> @@ -733,6 +717,13 @@ static void remove_compat_control_link(struct
>>>> drm_device *dev)
>>>> kfree(name);
>>>> }
>>>> +static inline void drm_device_set_plug_state(struct drm_device *dev,
>>>> + bool plugged)
>>>> +{
>>>> + smp_wmb();
>>>> + atomic_set(&dev->unplugged, !plugged);
>>>> +}
>>>> +
>>>> /**
>>>> * drm_dev_register - Register DRM device
>>>> * @dev: Device to register
>>>> @@ -787,6 +778,8 @@ int drm_dev_register(struct drm_device *dev,
>>>> unsigned long flags)
>>>> if (drm_core_check_feature(dev, DRIVER_MODESET))
>>>> drm_modeset_register_all(dev);
>>>> + drm_device_set_plug_state(dev, true);
>>>> +
>>>> ret = 0;
>>>> DRM_INFO("Initialized %s %d.%d.%d %s for %s on minor %d\n",
>>>> @@ -826,6 +819,7 @@ void drm_dev_unregister(struct drm_device *dev)
>>>> drm_lastclose(dev);
>>>> dev->registered = false;
>>>> + drm_device_set_plug_state(dev, false);
>>>> if (drm_core_check_feature(dev, DRIVER_MODESET))
>>>> drm_modeset_unregister_all(dev);
>>>> diff --git a/drivers/gpu/drm/udl/udl_drv.c
>>>> b/drivers/gpu/drm/udl/udl_drv.c
>>>> index cd8b017..fc73e24 100644
>>>> --- a/drivers/gpu/drm/udl/udl_drv.c
>>>> +++ b/drivers/gpu/drm/udl/udl_drv.c
>>>> @@ -108,7 +108,8 @@ static void udl_usb_disconnect(struct
>>>> usb_interface *interface)
>>>> drm_kms_helper_poll_disable(dev);
>>>> udl_fbdev_unplug(dev);
>>>> udl_drop_usb(dev);
>>>> - drm_unplug_dev(dev);
>>>> + drm_dev_unregister(dev);
>>>> + drm_dev_unref(dev);
>
> The unref here will cause the device struct to get free-ed even if
> userspace still holds references to it through the drm_dev. To fix
> this we would need to call drm_dev_ref on a open from userspace and
> drm_dev_unref from drm_release.
right, but i think we are already did the ref/unref in the open/release
through drm_minor_acquire/drm_minor_release.
i think the problem would be:
1/ we are trying to unregister&unref when disconnected
2/ the drm_release would try to unregister&unref(by calling drm_put_dev)
when found it unplugged.
and your patch "drm: Do not call drm_dev_unregister twice on
drm_unplug_dev" looks like a good way to fix this(to me), maybe we can
place this patch after yours, and check for open_count here?
- drm_unplug_dev(dev);
+ if (dev->open_count == 0)
+ drm_dev_unref(dev);
>
> Regards,
>
> Hans
>
>
>
>
>>>> }
>>>> /*
>>>> diff --git a/include/drm/drmP.h b/include/drm/drmP.h
>>>> index 3bfafcd..980a204 100644
>>>> --- a/include/drm/drmP.h
>>>> +++ b/include/drm/drmP.h
>>>> @@ -488,12 +488,6 @@ static __inline__ int
>>>> drm_core_check_feature(struct drm_device *dev,
>>>> return ((dev->driver->driver_features & feature) ? 1 : 0);
>>>> }
>>>> -static inline void drm_device_set_unplugged(struct drm_device *dev)
>>>> -{
>>>> - smp_wmb();
>>>> - atomic_set(&dev->unplugged, 1);
>>>> -}
>>>> -
>>>> static inline int drm_device_is_unplugged(struct drm_device *dev)
>>>> {
>>>> int ret = atomic_read(&dev->unplugged);
>>>> diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h
>>>> index 0fefc3f..eb63078 100644
>>>> --- a/include/drm/drm_drv.h
>>>> +++ b/include/drm/drm_drv.h
>>>> @@ -544,7 +544,6 @@ void drm_dev_unregister(struct drm_device *dev);
>>>> void drm_dev_ref(struct drm_device *dev);
>>>> void drm_dev_unref(struct drm_device *dev);
>>>> void drm_put_dev(struct drm_device *dev);
>>>> -void drm_unplug_dev(struct drm_device *dev);
>>>> int drm_dev_set_unique(struct drm_device *dev, const char *name);
>>
>
>
>
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: jeffy <jeffy.chen@rock-chips.com>
To: "Hans de Goede" <hdegoede@redhat.com>,
"Chris Wilson" <chris@chris-wilson.co.uk>,
"Sean Paul" <seanpaul@chromium.org>,
linux-kernel@vger.kernel.org, briannorris@chromium.org,
dianders@chromium.org, tfiga@chromium.org, zyw@rock-chips.com,
marcheu@chromium.org, mark.yao@rock-chips.com, hshi@chromium.org,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Jani Nikula" <jani.nikula@linux.intel.com>,
dri-devel@lists.freedesktop.org,
"David Airlie" <airlied@linux.ie>, "Tom Gundersen" <teg@jklm.no>,
"Marco Diego Aurélio Mesquita" <marcodiegomesquita@gmail.com>,
"Patrik Jakobsson" <patrik.r.jakobsson@gmail.com>,
"Dave Airlie" <airlied@redhat.com>
Subject: Re: [PATCH v11] drm: Unplug drm device when unregistering it (v8)
Date: Wed, 31 May 2017 10:39:13 +0800 [thread overview]
Message-ID: <592E2CD1.8080206@rock-chips.com> (raw)
In-Reply-To: <47c5eca2-3624-edbc-bb2d-453645b6bf3b@redhat.com>
Hi Hans,
thanx for investigating :)
On 05/30/2017 03:06 PM, Hans de Goede wrote:
> Hi,
>
> On 29-05-17 22:25, Chris Wilson wrote:
>> On Fri, Apr 14, 2017 at 11:15:04AM -0400, Sean Paul wrote:
>>> On Thu, Apr 13, 2017 at 03:32:44PM +0800, Jeffy Chen wrote:
>>>> After unbinding drm, the user space may still owns the drm dev fd, and
>>>> may still be able to call drm ioctl.
>>>>
>>>> We're using an unplugged state to prevent something like that, so let's
>>>> reuse it here.
>>>>
>>>> Also drop drm_unplug_dev, because it would be unused after other
>>>> changes.
>>>>
>>>> Verified on rk3399 chromebook kevin(with cros 4.4 kernel), no more
>>>> crashes
>>>> when unbinding drm with ui service still running.
>>>>
>>>> v2: Fix some commit messages.
>>>> v3: Reuse unplug status.
>>>> v4: Add drm_device_set_plug_state helper.
>>>> v5: Fix hang when unregistering drm dev with open_count 0.
>>>> v6: Move drm_device_set_plug_state into drm_drv.
>>>> v7: Add missing drm_dev_unref in udl_drv.
>>>> v8: Fix compiler errors after enable udl.
>>>>
>>>> Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
>>>>
>>>> ---
>>>
>>> Hi Jeffy,
>>> Given the trouble we've had with this patch already, coupled with the
>>> fact that
>>> unbinding while userspace is active is a contrived/pathological case,
>>> I don't
>>> think it's worth picking this patch upstream.
>>>
>>> If it's really causing issues downstream, you can add my Reviewed-by
>>> for a CHROMIUM
>>> patch, but I'd rather not carry patches in the CrOS repo if we don't
>>> need to.
>>
>> Would a
>>
>> Fixes: a39be606f99d ("drm: Do a full device unregister when unplugging")
>> Reported-by: Marco Diego Aurélio Mesquita <marcodiegomesquita@gmail.com>
>> Cc: Hans de Goede <hdegoede@redhat.com>
>>
>> convince us to look into this patch again?
>
> The problem is this patch is wrong, see below.
>
>>>> drivers/gpu/drm/drm_drv.c | 26 ++++++++++----------------
>>>> drivers/gpu/drm/udl/udl_drv.c | 3 ++-
>>>> include/drm/drmP.h | 6 ------
>>>> include/drm/drm_drv.h | 1 -
>>>> 4 files changed, 12 insertions(+), 24 deletions(-)
>>>>
>>>> diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
>>>> index b5c6bb4..e1da4d1 100644
>>>> --- a/drivers/gpu/drm/drm_drv.c
>>>> +++ b/drivers/gpu/drm/drm_drv.c
>>>> @@ -355,22 +355,6 @@ void drm_put_dev(struct drm_device *dev)
>>>> }
>>>> EXPORT_SYMBOL(drm_put_dev);
>>>> -void drm_unplug_dev(struct drm_device *dev)
>>>> -{
>>>> - /* for a USB device */
>>>> - drm_dev_unregister(dev);
>>>> -
>>>> - mutex_lock(&drm_global_mutex);
>>>> -
>>>> - drm_device_set_unplugged(dev);
>>>> -
>>>> - if (dev->open_count == 0) {
>>>> - drm_put_dev(dev);
>>>> - }
>>>> - mutex_unlock(&drm_global_mutex);
>>>> -}
>>>> -EXPORT_SYMBOL(drm_unplug_dev);
>>>> -
>>>> /*
>>>> * DRM internal mount
>>>> * We want to be able to allocate our own "struct address_space"
>>>> to control
>>>> @@ -733,6 +717,13 @@ static void remove_compat_control_link(struct
>>>> drm_device *dev)
>>>> kfree(name);
>>>> }
>>>> +static inline void drm_device_set_plug_state(struct drm_device *dev,
>>>> + bool plugged)
>>>> +{
>>>> + smp_wmb();
>>>> + atomic_set(&dev->unplugged, !plugged);
>>>> +}
>>>> +
>>>> /**
>>>> * drm_dev_register - Register DRM device
>>>> * @dev: Device to register
>>>> @@ -787,6 +778,8 @@ int drm_dev_register(struct drm_device *dev,
>>>> unsigned long flags)
>>>> if (drm_core_check_feature(dev, DRIVER_MODESET))
>>>> drm_modeset_register_all(dev);
>>>> + drm_device_set_plug_state(dev, true);
>>>> +
>>>> ret = 0;
>>>> DRM_INFO("Initialized %s %d.%d.%d %s for %s on minor %d\n",
>>>> @@ -826,6 +819,7 @@ void drm_dev_unregister(struct drm_device *dev)
>>>> drm_lastclose(dev);
>>>> dev->registered = false;
>>>> + drm_device_set_plug_state(dev, false);
>>>> if (drm_core_check_feature(dev, DRIVER_MODESET))
>>>> drm_modeset_unregister_all(dev);
>>>> diff --git a/drivers/gpu/drm/udl/udl_drv.c
>>>> b/drivers/gpu/drm/udl/udl_drv.c
>>>> index cd8b017..fc73e24 100644
>>>> --- a/drivers/gpu/drm/udl/udl_drv.c
>>>> +++ b/drivers/gpu/drm/udl/udl_drv.c
>>>> @@ -108,7 +108,8 @@ static void udl_usb_disconnect(struct
>>>> usb_interface *interface)
>>>> drm_kms_helper_poll_disable(dev);
>>>> udl_fbdev_unplug(dev);
>>>> udl_drop_usb(dev);
>>>> - drm_unplug_dev(dev);
>>>> + drm_dev_unregister(dev);
>>>> + drm_dev_unref(dev);
>
> The unref here will cause the device struct to get free-ed even if
> userspace still holds references to it through the drm_dev. To fix
> this we would need to call drm_dev_ref on a open from userspace and
> drm_dev_unref from drm_release.
right, but i think we are already did the ref/unref in the open/release
through drm_minor_acquire/drm_minor_release.
i think the problem would be:
1/ we are trying to unregister&unref when disconnected
2/ the drm_release would try to unregister&unref(by calling drm_put_dev)
when found it unplugged.
and your patch "drm: Do not call drm_dev_unregister twice on
drm_unplug_dev" looks like a good way to fix this(to me), maybe we can
place this patch after yours, and check for open_count here?
- drm_unplug_dev(dev);
+ if (dev->open_count == 0)
+ drm_dev_unref(dev);
>
> Regards,
>
> Hans
>
>
>
>
>>>> }
>>>> /*
>>>> diff --git a/include/drm/drmP.h b/include/drm/drmP.h
>>>> index 3bfafcd..980a204 100644
>>>> --- a/include/drm/drmP.h
>>>> +++ b/include/drm/drmP.h
>>>> @@ -488,12 +488,6 @@ static __inline__ int
>>>> drm_core_check_feature(struct drm_device *dev,
>>>> return ((dev->driver->driver_features & feature) ? 1 : 0);
>>>> }
>>>> -static inline void drm_device_set_unplugged(struct drm_device *dev)
>>>> -{
>>>> - smp_wmb();
>>>> - atomic_set(&dev->unplugged, 1);
>>>> -}
>>>> -
>>>> static inline int drm_device_is_unplugged(struct drm_device *dev)
>>>> {
>>>> int ret = atomic_read(&dev->unplugged);
>>>> diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h
>>>> index 0fefc3f..eb63078 100644
>>>> --- a/include/drm/drm_drv.h
>>>> +++ b/include/drm/drm_drv.h
>>>> @@ -544,7 +544,6 @@ void drm_dev_unregister(struct drm_device *dev);
>>>> void drm_dev_ref(struct drm_device *dev);
>>>> void drm_dev_unref(struct drm_device *dev);
>>>> void drm_put_dev(struct drm_device *dev);
>>>> -void drm_unplug_dev(struct drm_device *dev);
>>>> int drm_dev_set_unique(struct drm_device *dev, const char *name);
>>
>
>
>
next prev parent reply other threads:[~2017-05-31 2:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-13 7:32 [PATCH v11] drm: Unplug drm device when unregistering it (v8) Jeffy Chen
2017-04-14 15:15 ` Sean Paul
2017-04-14 15:15 ` Sean Paul
2017-05-29 20:25 ` Chris Wilson
2017-05-29 20:25 ` Chris Wilson
2017-05-29 21:18 ` Marco Diego Aurélio Mesquita
2017-05-30 7:06 ` Hans de Goede
2017-05-30 7:06 ` Hans de Goede
2017-05-31 2:39 ` jeffy [this message]
2017-05-31 2:39 ` jeffy
2017-06-01 12:13 ` Hans de Goede
2017-06-01 12:13 ` Hans de Goede
2017-06-01 12:22 ` Chris Wilson
2017-06-01 12:22 ` Chris Wilson
2017-06-01 12:26 ` Hans de Goede
2017-06-01 12:26 ` Hans de Goede
2017-06-01 13:03 ` Chris Wilson
2017-06-01 13:03 ` Chris Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=592E2CD1.8080206@rock-chips.com \
--to=jeffy.chen@rock-chips.com \
--cc=airlied@linux.ie \
--cc=airlied@redhat.com \
--cc=briannorris@chromium.org \
--cc=chris@chris-wilson.co.uk \
--cc=daniel.vetter@intel.com \
--cc=dianders@chromium.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=hdegoede@redhat.com \
--cc=hshi@chromium.org \
--cc=jani.nikula@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=marcheu@chromium.org \
--cc=marcodiegomesquita@gmail.com \
--cc=mark.yao@rock-chips.com \
--cc=patrik.r.jakobsson@gmail.com \
--cc=seanpaul@chromium.org \
--cc=teg@jklm.no \
--cc=tfiga@chromium.org \
--cc=zyw@rock-chips.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.