lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 23 Nov 2017 16:26:37 +0800
From:   Tina Zhang <tina.zhang@...el.com>
To:     alex.williamson@...hat.com, kraxel@...hat.com,
        chris@...is-wilson.co.uk, joonas.lahtinen@...ux.intel.com,
        zhenyuw@...ux.intel.com, zhiyuan.lv@...el.com,
        zhi.a.wang@...el.com, kevin.tian@...el.com, daniel@...ll.ch,
        kwankhede@...dia.com, hang.yuan@...el.com
Cc:     Tina Zhang <tina.zhang@...el.com>, intel-gfx@...ts.freedesktop.org,
        intel-gvt-dev@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: [PATCH v19 6/6] drm/i915/gvt: Handle orphan dmabuf_objs

dmabuf_obj's destruction relys on GEM release operation, which is managed
in i915 driver. And there is a time window between vgpu's destruction and
its dmabuf_objs' destruction. This patch is to free the orphan dmabuf_objs
correctly after the vgpu passes away.

Signed-off-by: Tina Zhang <tina.zhang@...el.com>
Cc: Zhenyu Wang <zhenyuw@...ux.intel.com>
---
 drivers/gpu/drm/i915/gvt/dmabuf.c | 56 ++++++++++++++++++++++++---------------
 1 file changed, 35 insertions(+), 21 deletions(-)

diff --git a/drivers/gpu/drm/i915/gvt/dmabuf.c b/drivers/gpu/drm/i915/gvt/dmabuf.c
index 190710c..50215b2 100644
--- a/drivers/gpu/drm/i915/gvt/dmabuf.c
+++ b/drivers/gpu/drm/i915/gvt/dmabuf.c
@@ -88,19 +88,26 @@ static void dmabuf_gem_object_free(struct kref *kref)
 		container_of(kref, struct intel_vgpu_dmabuf_obj, kref);
 	struct intel_vgpu *vgpu = obj->vgpu;
 	struct list_head *pos;
-
 	struct intel_vgpu_dmabuf_obj *dmabuf_obj;
 
-	list_for_each(pos, &vgpu->dmabuf_obj_list_head) {
-		dmabuf_obj = container_of(pos, struct intel_vgpu_dmabuf_obj,
-						list);
-		if (dmabuf_obj == obj) {
-			idr_remove(&vgpu->object_idr, dmabuf_obj->dmabuf_id);
-			kfree(dmabuf_obj->info);
-			kfree(dmabuf_obj);
-			list_del(pos);
-			break;
+	if (vgpu) {
+		list_for_each(pos, &vgpu->dmabuf_obj_list_head) {
+			dmabuf_obj = container_of(pos,
+					struct intel_vgpu_dmabuf_obj, list);
+			if (dmabuf_obj == obj) {
+				intel_gvt_hypervisor_put_vfio_device(vgpu);
+				idr_remove(&vgpu->object_idr,
+					   dmabuf_obj->dmabuf_id);
+				kfree(dmabuf_obj->info);
+				kfree(dmabuf_obj);
+				list_del(pos);
+				break;
+			}
 		}
+	} else {
+		/* Free the orphan dmabuf_objs here */
+		kfree(obj->info);
+		kfree(obj);
 	}
 }
 
@@ -122,11 +129,16 @@ static void vgpu_gem_release(struct drm_i915_gem_object *gem_obj)
 	struct intel_vgpu_dmabuf_obj *obj = fb_info->obj;
 	struct intel_vgpu *vgpu = obj->vgpu;
 
-	mutex_lock(&vgpu->dmabuf_lock);
-	gem_obj->base.dma_buf = NULL;
-	dmabuf_obj_put(obj);
-	intel_gvt_hypervisor_put_vfio_device(vgpu);
-	mutex_unlock(&vgpu->dmabuf_lock);
+	if (vgpu) {
+		mutex_lock(&vgpu->dmabuf_lock);
+		gem_obj->base.dma_buf = NULL;
+		dmabuf_obj_put(obj);
+		mutex_unlock(&vgpu->dmabuf_lock);
+	} else {
+		/* vgpu is NULL, as it has been removed already */
+		gem_obj->base.dma_buf = NULL;
+		dmabuf_obj_put(obj);
+	}
 }
 
 static const struct drm_i915_gem_object_ops intel_vgpu_gem_ops = {
@@ -471,12 +483,6 @@ int intel_vgpu_get_dmabuf(struct intel_vgpu *vgpu, unsigned int dmabuf_id)
 	}
 	dmabuf_fd = ret;
 
-	if (intel_gvt_hypervisor_get_vfio_device(vgpu)) {
-		gvt_vgpu_err("get vfio device failed\n");
-		put_unused_fd(ret);
-		goto out_free_dmabuf;
-	}
-
 	dmabuf_obj_get(dmabuf_obj);
 
 	if (dmabuf_obj->initref) {
@@ -518,6 +524,14 @@ void intel_vgpu_dmabuf_cleanup(struct intel_vgpu *vgpu)
 			dmabuf_obj->initref = false;
 			dmabuf_obj_put(dmabuf_obj);
 		}
+
+		idr_remove(&vgpu->object_idr, dmabuf_obj->dmabuf_id);
+
+		if (dmabuf_obj->vgpu)
+			intel_gvt_hypervisor_put_vfio_device(vgpu);
+
+		dmabuf_obj->vgpu = NULL;
+
 	}
 	mutex_unlock(&vgpu->dmabuf_lock);
 }
-- 
2.7.4

Powered by blists - more mailing lists