From: Steven Price <steven.price@arm.com>
To: "Adrián Larumbe" <adrian.larumbe@collabora.com>
Cc: "Boris Brezillon" <boris.brezillon@collabora.com>,
"Liviu Dudau" <liviu.dudau@arm.com>,
"Maarten Lankhorst" <maarten.lankhorst@linux.intel.com>,
"Maxime Ripard" <mripard@kernel.org>,
"Thomas Zimmermann" <tzimmermann@suse.de>,
"David Airlie" <airlied@gmail.com>,
"Simona Vetter" <simona@ffwll.ch>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Christian König" <christian.koenig@amd.com>,
kernel@collabora.com, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org
Subject: Re: [PATCH v7 1/4] drm/panthor: Introduce BO labeling
Date: Wed, 16 Apr 2025 10:14:24 +0100 [thread overview]
Message-ID: <283c18ed-6b28-4e9b-ae59-5a9b522d9f4a@arm.com> (raw)
In-Reply-To: <ejq47pilr3phywio3oudfrqbj2a3u2j3irk7uhlwd4pz24ve2c@3pc3cbdlerqk>
On 14/04/2025 20:43, Adrián Larumbe wrote:
> Hi Steven,
>
> On 14.04.2025 10:50, Steven Price wrote:
>> Hi Adrián,
>>
>> On 11/04/2025 16:03, Adrián Larumbe wrote:
>>> Add a new character string Panthor BO field, and a function that allows
>>> setting it from within the driver.
>>>
>>> Driver takes care of freeing the string when it's replaced or no longer
>>> needed at object destruction time, but allocating it is the responsibility
>>> of callers.
>>>
>>> Signed-off-by: Adrián Larumbe <adrian.larumbe@collabora.com>
>>> Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
>>> ---
>>> drivers/gpu/drm/panthor/panthor_gem.c | 39 +++++++++++++++++++++++++++
>>> drivers/gpu/drm/panthor/panthor_gem.h | 17 ++++++++++++
>>> 2 files changed, 56 insertions(+)
>>>
>>> diff --git a/drivers/gpu/drm/panthor/panthor_gem.c b/drivers/gpu/drm/panthor/panthor_gem.c
>>> index 8244a4e6c2a2..af0ac17f357f 100644
>>> --- a/drivers/gpu/drm/panthor/panthor_gem.c
>>> +++ b/drivers/gpu/drm/panthor/panthor_gem.c
>>> @@ -2,6 +2,7 @@
>>> /* Copyright 2019 Linaro, Ltd, Rob Herring <robh@kernel.org> */
>>> /* Copyright 2023 Collabora ltd. */
>>>
>>> +#include <linux/cleanup.h>
>>> #include <linux/dma-buf.h>
>>> #include <linux/dma-mapping.h>
>>> #include <linux/err.h>
>>> @@ -18,6 +19,14 @@ static void panthor_gem_free_object(struct drm_gem_object *obj)
>>> struct panthor_gem_object *bo = to_panthor_bo(obj);
>>> struct drm_gem_object *vm_root_gem = bo->exclusive_vm_root_gem;
>>>
>>> + /*
>>> + * Label might have been allocated with kstrdup_const(),
>>> + * we need to take that into account when freeing the memory
>>> + */
>>> + kfree_const(bo->label.str);
>>> +
>>> + mutex_destroy(&bo->label.lock);
>>> +
>>> drm_gem_free_mmap_offset(&bo->base.base);
>>> mutex_destroy(&bo->gpuva_list_lock);
>>> drm_gem_shmem_free(&bo->base);
>>> @@ -196,6 +205,7 @@ struct drm_gem_object *panthor_gem_create_object(struct drm_device *ddev, size_t
>>> obj->base.map_wc = !ptdev->coherent;
>>> mutex_init(&obj->gpuva_list_lock);
>>> drm_gem_gpuva_set_lock(&obj->base.base, &obj->gpuva_list_lock);
>>> + mutex_init(&obj->label.lock);
>>>
>>> return &obj->base.base;
>>> }
>>> @@ -247,3 +257,32 @@ panthor_gem_create_with_handle(struct drm_file *file,
>>>
>>> return ret;
>>> }
>>> +
>>> +void
>>> +panthor_gem_bo_set_label(struct drm_gem_object *obj, const char *label)
>>> +{
>>> + struct panthor_gem_object *bo = to_panthor_bo(obj);
>>> + const char *old_label;
>>> +
>>> + scoped_guard(mutex, &bo->label.lock) {
>>> + old_label = bo->label.str;
>>> + bo->label.str = label;
>>> + }
>>> +
>>> + kfree(old_label);
>>
>> Shouldn't this be kfree_const()? I suspect as things stand we can't
>> trigger this bug but it's inconsistent.
>
> This could only be called either from the set_label() ioctl, in which case
> old_label could be NULL or a pointer to a string obtained from strdup(); or from
> panthor_gem_kernel_bo_set_label(). In the latter case, it could only ever be
> NULL, since we don't reassign kernel BO labels, so it'd be safe too.
Yeah I thought it probably doesn't cause problems now, but it's a foot
gun for the future.
> However I do agree that it's not consistent, and then in the future perhaps
> relabelling kernel BO's might be justified, so I'll change it to kfree_const().
Thanks!
>>> +}
>>> +
>>> +void
>>> +panthor_gem_kernel_bo_set_label(struct panthor_kernel_bo *bo, const char *label)
>>> +{
>>> + const char *str;
>>> +
>>> + str = kstrdup_const(label, GFP_KERNEL);
>>> + if (!str) {
>>
>> In the next patch you permit user space to clear the label
>> (args->size==0) which means label==NULL and AFAICT kstrdup_const() will
>> return NULL in this case triggering this warning.
>
> Kernel and UM-exposed BO's should never experience cross-labelling, so in theory
> this scenario ought to be impossible. The only way panthor_gem_kernel_bo_set_label()
> might take NULL in the 'label' argument is that someone called panthor_kernel_bo_create()
> with NULL for its name 'argument'.
You're absolutely correct - I somehow got confused between the kernel
and user paths. It's the user path above which needs to handle NULL (and
does).
> I think as a defensive check, I could do something as follows
>
> void
> panthor_gem_kernel_bo_set_label(struct panthor_kernel_bo *bo, const char *label)
> {
> const char *str;
>
> /* We should never attempt labelling a UM-exposed GEM object */
> if (drm_WARN_ON(bo->obj->dev, &bo->obj->handle_count > 0))
> return;
>
> if (!label)
> return;
>
> [...]
> }
I'm happy for you to do nothing here - that was my mistake getting the
two functions muddled. Sorry for the noise. I'm equally happy for the
defensive checks above.
Steve
>> Thanks,
>> Steve
>>
>>> + /* Failing to allocate memory for a label isn't a fatal condition */
>>> + drm_warn(bo->obj->dev, "Not enough memory to allocate BO label");
>>> + return;
>>> + }
>>> +
>>> + panthor_gem_bo_set_label(bo->obj, str);
>>> +}
>>> diff --git a/drivers/gpu/drm/panthor/panthor_gem.h b/drivers/gpu/drm/panthor/panthor_gem.h
>>> index 1a363bb814f4..af0d77338860 100644
>>> --- a/drivers/gpu/drm/panthor/panthor_gem.h
>>> +++ b/drivers/gpu/drm/panthor/panthor_gem.h
>>> @@ -46,6 +46,20 @@ struct panthor_gem_object {
>>>
>>> /** @flags: Combination of drm_panthor_bo_flags flags. */
>>> u32 flags;
>>> +
>>> + /**
>>> + * @label: BO tagging fields. The label can be assigned within the
>>> + * driver itself or through a specific IOCTL.
>>> + */
>>> + struct {
>>> + /**
>>> + * @label.str: Pointer to NULL-terminated string,
>>> + */
>>> + const char *str;
>>> +
>>> + /** @lock.str: Protects access to the @label.str field. */
>>> + struct mutex lock;
>>> + } label;
>>> };
>>>
>>> /**
>>> @@ -91,6 +105,9 @@ panthor_gem_create_with_handle(struct drm_file *file,
>>> struct panthor_vm *exclusive_vm,
>>> u64 *size, u32 flags, uint32_t *handle);
>>>
>>> +void panthor_gem_bo_set_label(struct drm_gem_object *obj, const char *label);
>>> +void panthor_gem_kernel_bo_set_label(struct panthor_kernel_bo *bo, const char *label);
>>> +
>>> static inline u64
>>> panthor_kernel_bo_gpuva(struct panthor_kernel_bo *bo)
>>> {
>
> Adrian Larumbe
next prev parent reply other threads:[~2025-04-16 9:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-11 15:03 [PATCH v7 0/4] Panthor BO tagging and GEMS debug display Adrián Larumbe
2025-04-11 15:03 ` [PATCH v7 1/4] drm/panthor: Introduce BO labeling Adrián Larumbe
2025-04-14 9:50 ` Steven Price
2025-04-14 19:43 ` Adrián Larumbe
2025-04-16 9:14 ` Steven Price [this message]
2025-04-11 15:03 ` [PATCH v7 2/4] drm/panthor: Add driver IOCTL for setting BO labels Adrián Larumbe
2025-04-14 10:01 ` Steven Price
2025-04-14 20:41 ` Adrián Larumbe
2025-04-16 9:22 ` Steven Price
2025-04-15 11:07 ` Daniel Stone
2025-04-11 15:03 ` [PATCH v7 3/4] drm/panthor: Label all kernel BO's Adrián Larumbe
2025-04-14 10:01 ` Steven Price
2025-04-14 13:38 ` kernel test robot
2025-04-11 15:03 ` [PATCH v7 4/4] drm/panthor: show device-wide list of DRM GEM objects over DebugFS Adrián Larumbe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=283c18ed-6b28-4e9b-ae59-5a9b522d9f4a@arm.com \
--to=steven.price@arm.com \
--cc=adrian.larumbe@collabora.com \
--cc=airlied@gmail.com \
--cc=boris.brezillon@collabora.com \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=kernel@collabora.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=liviu.dudau@arm.com \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=simona@ffwll.ch \
--cc=sumit.semwal@linaro.org \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox