lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87k1f8ww32.fsf@anholt.net>
Date:   Thu, 02 May 2019 11:27:29 -0700
From:   Eric Anholt <eric@...olt.net>
To:     Paul Kocialkowski <paul.kocialkowski@...tlin.com>,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Cc:     David Airlie <airlied@...ux.ie>, Daniel Vetter <daniel@...ll.ch>,
        Maxime Ripard <maxime.ripard@...tlin.com>,
        Eben Upton <eben@...pberrypi.org>
Subject: Re: [PATCH v7 4/4] drm/vc4: Allocate binner bo when starting to use the V3D

Paul Kocialkowski <paul.kocialkowski@...tlin.com> writes:

> Hi,
>
> On Thu, 2019-04-25 at 10:42 -0700, Eric Anholt wrote:
>> Paul Kocialkowski <paul.kocialkowski@...tlin.com> writes:
>> 
>> > The binner BO is not required until the V3D is in use, so avoid
>> > allocating it at probe and do it on the first non-dumb BO allocation.
>> > 
>> > Keep track of which clients are using the V3D and liberate the buffer
>> > when there is none left, using a kref. Protect the logic with a
>> > mutex to avoid race conditions.
>> > 
>> > The binner BO is created at the time of the first render ioctl and is
>> > destroyed when there is no client and no exec job using it left.
>> > 
>> > The Out-Of-Memory (OOM) interrupt also gets some tweaking, to avoid
>> > enabling it before having allocated a binner bo.
>> > 
>> > We also want to keep the BO alive during runtime suspend/resume to avoid
>> > failing to allocate it at resume. This happens when the CMA pool is
>> > full at that point and results in a hard crash.
>> > 
>> > Signed-off-by: Paul Kocialkowski <paul.kocialkowski@...tlin.com>
>> > ---
>> >  drivers/gpu/drm/vc4/vc4_bo.c  | 33 +++++++++++++++++++-
>> >  drivers/gpu/drm/vc4/vc4_drv.c |  6 ++++
>> >  drivers/gpu/drm/vc4/vc4_drv.h | 14 +++++++++
>> >  drivers/gpu/drm/vc4/vc4_gem.c | 13 ++++++++
>> >  drivers/gpu/drm/vc4/vc4_irq.c | 21 +++++++++----
>> >  drivers/gpu/drm/vc4/vc4_v3d.c | 58 +++++++++++++++++++++++++++--------
>> >  6 files changed, 125 insertions(+), 20 deletions(-)
>> > 
>> > diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c
>> > index 88ebd681d7eb..2b3ec5926fe2 100644
>> > --- a/drivers/gpu/drm/vc4/vc4_bo.c
>> > +++ b/drivers/gpu/drm/vc4/vc4_bo.c
>> > @@ -799,13 +799,38 @@ vc4_prime_import_sg_table(struct drm_device *dev,
>> >  	return obj;
>> >  }
>> >  
>> > +static int vc4_grab_bin_bo(struct vc4_dev *vc4, struct vc4_file *vc4file)
>> > +{
>> > +	int ret;
>> > +
>> > +	if (!vc4->v3d)
>> > +		return -ENODEV;
>> > +
>> > +	if (vc4file->bin_bo_used)
>> > +		return 0;
>> > +
>> > +	ret = vc4_v3d_bin_bo_get(vc4);
>> > +	if (ret)
>> > +		return ret;
>> > +
>> > +	vc4file->bin_bo_used = true;
>> 
>> I think I found one last race.  Multiple threads could be in an ioctl
>> trying to grab the bin BO at the same time (while this is only during
>> app startup, since the fd only needs to get the ref once, it's
>> particularly plausible given that allocating the bin BO is slow).  I
>> think if you replace this line with:
>> 
>> 	mutex_lock(&vc4->bin_bo_lock);
>>         if (vc4file->bin_bo_used) {
>>         	mutex_unlock(&vc4->bin_bo_lock);
>>                 vc4_v3d_bin_bo_put(vc4);
>>         } else {
>>         	vc4file->bin_bo_used = true;
>>         	mutex_unlock(&vc4->bin_bo_lock);
>>         }
>
> Huh, very good catch once again, thanks! It took me some time to grasp
> this one, but as far as I understand, the risk is that we could ref our
> bin bo twice (although it would only be allocated once) since
> bin_bo_used is not protected.
>
> I'd like to suggest another solution, which would avoid re-locking and
> doing an extra put if we got an extra ref: adding a "bool *used"
> argument to vc4_v3d_bin_bo_get and, which only gets dereferenced with
> the bin_bo lock held. Then we can skip obtaining a new reference if
> (used && *used) in vc4_v3d_bin_bo_get.
>
> So we could pass a pointer to vc4file->bin_bo_used for vc4_grab_bin_bo
> and exec->bin_bo_used for the exec case (where there is no such issue
> since we'll only ever try to _get the bin bo once there anyway).
>
> What do you think?

I like it!

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ