From: Lee Jones <lee.jones@linaro.org>
To: Felix Kuehling <felix.kuehling@amd.com>
Cc: "David Airlie" <airlied@linux.ie>,
"Pan, Xinhui" <Xinhui.Pan@amd.com>,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
amd-gfx@lists.freedesktop.org,
"Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH 1/1] drm/amdkfd: Protect the Client whilst it is being operated on
Date: Thu, 17 Mar 2022 15:00:25 +0000 [thread overview]
Message-ID: <YjNNCXc8harOvwqe@google.com> (raw)
In-Reply-To: <8702f8a5-62a1-c07e-c7b7-e9378be069b6@amd.com>
Good afternoon Felix,
Thanks for your review.
> Am 2022-03-17 um 09:16 schrieb Lee Jones:
> > Presently the Client can be freed whilst still in use.
> >
> > Use the already provided lock to prevent this.
> >
> > Cc: Felix Kuehling <Felix.Kuehling@amd.com>
> > Cc: Alex Deucher <alexander.deucher@amd.com>
> > Cc: "Christian König" <christian.koenig@amd.com>
> > Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com>
> > Cc: David Airlie <airlied@linux.ie>
> > Cc: Daniel Vetter <daniel@ffwll.ch>
> > Cc: amd-gfx@lists.freedesktop.org
> > Cc: dri-devel@lists.freedesktop.org
> > Signed-off-by: Lee Jones <lee.jones@linaro.org>
> > ---
> > drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > index e4beebb1c80a2..3b9ac1e87231f 100644
> > --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > @@ -145,8 +145,11 @@ static int kfd_smi_ev_release(struct inode *inode, struct file *filep)
> > spin_unlock(&dev->smi_lock);
> > synchronize_rcu();
> > +
> > + spin_lock(&client->lock);
> > kfifo_free(&client->fifo);
> > kfree(client);
> > + spin_unlock(&client->lock);
>
> The spin_unlock is after the spinlock data structure has been freed.
Good point.
If we go forward with this approach the unlock should perhaps be moved
to just before the kfree().
> There
> should be no concurrent users here, since we are freeing the data structure.
> If there still are concurrent users at this point, they will crash anyway.
> So the locking is unnecessary.
The users may well crash, as does the kernel unfortunately.
> > return 0;
> > }
> > @@ -247,11 +250,13 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
> > return ret;
> > }
> > + spin_lock(&client->lock);
>
> The client was just allocated, and it wasn't added to the client list or
> given to user mode yet. So there can be no concurrent users at this point.
> The locking is unnecessary.
>
> There could be potential issues if someone uses the file descriptor by dumb
> luck before this function returns. So maybe we need to move the
> anon_inode_getfd to the end of the function (just before list_add_rcu) so
> that we only create the file descriptor after the client structure is fully
> initialized.
Bingo. Well done. :)
I can move the function as suggested if that is the best route forward?
--
Lee Jones [李琼斯]
Principal Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
WARNING: multiple messages have this Message-ID (diff)
From: Lee Jones <lee.jones@linaro.org>
To: Felix Kuehling <felix.kuehling@amd.com>
Cc: "David Airlie" <airlied@linux.ie>,
"Pan, Xinhui" <Xinhui.Pan@amd.com>,
linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org,
dri-devel@lists.freedesktop.org,
"Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH 1/1] drm/amdkfd: Protect the Client whilst it is being operated on
Date: Thu, 17 Mar 2022 15:00:25 +0000 [thread overview]
Message-ID: <YjNNCXc8harOvwqe@google.com> (raw)
In-Reply-To: <8702f8a5-62a1-c07e-c7b7-e9378be069b6@amd.com>
Good afternoon Felix,
Thanks for your review.
> Am 2022-03-17 um 09:16 schrieb Lee Jones:
> > Presently the Client can be freed whilst still in use.
> >
> > Use the already provided lock to prevent this.
> >
> > Cc: Felix Kuehling <Felix.Kuehling@amd.com>
> > Cc: Alex Deucher <alexander.deucher@amd.com>
> > Cc: "Christian König" <christian.koenig@amd.com>
> > Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com>
> > Cc: David Airlie <airlied@linux.ie>
> > Cc: Daniel Vetter <daniel@ffwll.ch>
> > Cc: amd-gfx@lists.freedesktop.org
> > Cc: dri-devel@lists.freedesktop.org
> > Signed-off-by: Lee Jones <lee.jones@linaro.org>
> > ---
> > drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > index e4beebb1c80a2..3b9ac1e87231f 100644
> > --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > @@ -145,8 +145,11 @@ static int kfd_smi_ev_release(struct inode *inode, struct file *filep)
> > spin_unlock(&dev->smi_lock);
> > synchronize_rcu();
> > +
> > + spin_lock(&client->lock);
> > kfifo_free(&client->fifo);
> > kfree(client);
> > + spin_unlock(&client->lock);
>
> The spin_unlock is after the spinlock data structure has been freed.
Good point.
If we go forward with this approach the unlock should perhaps be moved
to just before the kfree().
> There
> should be no concurrent users here, since we are freeing the data structure.
> If there still are concurrent users at this point, they will crash anyway.
> So the locking is unnecessary.
The users may well crash, as does the kernel unfortunately.
> > return 0;
> > }
> > @@ -247,11 +250,13 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
> > return ret;
> > }
> > + spin_lock(&client->lock);
>
> The client was just allocated, and it wasn't added to the client list or
> given to user mode yet. So there can be no concurrent users at this point.
> The locking is unnecessary.
>
> There could be potential issues if someone uses the file descriptor by dumb
> luck before this function returns. So maybe we need to move the
> anon_inode_getfd to the end of the function (just before list_add_rcu) so
> that we only create the file descriptor after the client structure is fully
> initialized.
Bingo. Well done. :)
I can move the function as suggested if that is the best route forward?
--
Lee Jones [李琼斯]
Principal Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog
next prev parent reply other threads:[~2022-03-17 15:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 13:16 [PATCH 1/1] drm/amdkfd: Protect the Client whilst it is being operated on Lee Jones
2022-03-17 13:16 ` Lee Jones
2022-03-17 13:16 ` Lee Jones
2022-03-17 14:19 ` Lee Jones
2022-03-17 14:50 ` Felix Kuehling
2022-03-17 14:50 ` Felix Kuehling
2022-03-17 15:00 ` Lee Jones [this message]
2022-03-17 15:00 ` Lee Jones
2022-03-17 15:08 ` Felix Kuehling
2022-03-17 15:08 ` Felix Kuehling
2022-03-17 15:13 ` Lee Jones
2022-03-17 15:13 ` Lee Jones
2022-03-17 16:22 ` philip yang
2022-03-17 16:29 ` Lee Jones
2022-03-17 16:29 ` Lee Jones
2022-03-23 12:46 ` Lee Jones
2022-03-23 12:46 ` Lee Jones
2022-03-23 19:13 ` Felix Kuehling
2022-03-23 19:13 ` Felix Kuehling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjNNCXc8harOvwqe@google.com \
--to=lee.jones@linaro.org \
--cc=Xinhui.Pan@amd.com \
--cc=airlied@linux.ie \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=felix.kuehling@amd.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.