lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKMK7uGhx0O4yFESWxoN1nDnEFH24cC6pRRDEBYDWHrnci_j+Q@mail.gmail.com>
Date:   Tue, 22 Jun 2021 21:12:45 +0200
From:   Daniel Vetter <daniel@...ll.ch>
To:     Pekka Paalanen <ppaalanen@...il.com>
Cc:     Esaki Tomohito <etom@...l.co.jp>,
        devicetree <devicetree@...r.kernel.org>,
        Takanari Hayama <taki@...l.co.jp>,
        Linux Doc Mailing List <linux-doc@...r.kernel.org>,
        David Airlie <airlied@...ux.ie>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        "open list:DRM DRIVERS FOR RENESAS" 
        <linux-renesas-soc@...r.kernel.org>,
        Kieran Bingham <kieran.bingham+renesas@...asonboard.com>,
        "Enrico Weigelt, metux IT consult" <lkml@...ux.net>,
        Laurent Pinchart <laurent.pinchart@...asonboard.com>,
        Thomas Zimmermann <tzimmermann@...e.de>,
        Damian Hobson-Garcia <dhobsong@...l.co.jp>
Subject: Re: [PATH 0/4] [RFC] Support virtual DRM

On Tue, Jun 22, 2021 at 10:12 AM Pekka Paalanen <ppaalanen@...il.com> wrote:
>
> On Tue, 22 Jun 2021 13:03:39 +0900
> Esaki Tomohito <etom@...l.co.jp> wrote:
>
> > Hi, Enrico Weigelt
> > Thank you for reply.
> >
> > On 2021/06/22 1:05, Enrico Weigelt, metux IT consult wrote:
> > > On 21.06.21 08:27, Tomohito Esaki wrote:
> > >
> > > Hi,
> > >
> > >> Virtual DRM splits the overlay planes of a display controller into multiple
> > >> virtual devices to allow each plane to be accessed by each process.
> > >>
> > >> This makes it possible to overlay images output from multiple processes on a
> > >> display. For example, one process displays the camera image without compositor
> > >> while another process overlays the UI.
> > >
> > > Are you attempting to create an simple in-kernel compositor ?
> >
> > I think the basic idea is the same as DRMlease.
>
> Hi,
>
> indeed. Why not use DRM leases instead?
>
> > We want to separate the resources from the master in units of planes,
> > so we proposed virtual DRM.
> > I think the advantage of vDRM is that you can use general DRM APIs
> > in userland.
>
> You do that with DRM leases too.
>
> > > I don't think that's not the way to go, at least not by touching each
> > > single display driver, and not hardcoding the planes in DT.
> >
> > Thank you for comment. I will reconsider about DT.
> >
> > > What's the actual use case you're doing that for ? Why not using some
> > > userland compositor ?
> >
> > I think when latency is important (e.g., AR, VR, for displaying camera
> > images in IVI systems), there may be use cases where the compositor
> > cannot be used.
> > Normally, when the image is passed through the compositor, it is
> > displayed after 2 VSYNC at most, because the compositor combines the
> > image with VSYNC synchronization. On the other hand, if we use vDRM, the
> > image will be displayed at the next VSYNC, so it will be displayed after
> > 1 VSYNC at most.
>
> As I said in my other email, this is false in the general sense.
>
> > Also, since the compositor is a single point of failure, we may not want
> > to make it dependent on it.
>
> This... I'm not quite sure I buy it. If any of all the programs using
> virtual KMS crashes, you still lose some crucial components from your
> display. Maybe that program, while crashing, uploads such a bad state
> to its very own KMS plane, that it causes other KMS planes to
> malfunction. Then you need to detect this situation and still restart
> everything, not just the crashed program.

This, a hundred times. At least in general it's impossible to
guarantee resource isolation between different parts of a kms device -
everything is shared at least in some driver in funny ways.

The only thing we try to guarantee is that if you keep flipping the
same plane with same pixel format, stride, offset, absolutely
everything except the memory block unchanged, then that's guaranteed
to work. Everything else is off the table.

This is why the drm-lease design ended up with revoke support, because
if something goes wrong a superior instance (the compositor, the
kernel can't decide that for userspace) needs to decide whom to shoot
and revoke their access.

> I would think a userspace compositor approach is actually more
> reliable. You write the compositor to be extremely robust. Exactly
> because the compositor is in control of the complete display device and
> not just little pieces of it, it can see what is happening and it can
> mitigate problems. If you have more unreliable components needing
> access to display, make those clients to the compositor, so they can
> crash and malfunction on their own without potentially killing the
> whole display device. If you are as concerned about latency as XR
> people are, then use DRM leases.
>
> Also, what if your virtual KMS driver has a bug? Restarting the kernel
> is much harder that restarting a userspace compositor that hands out
> DRM leases.
>
> The userspace compositor could even be such that it does nothing more
> than handing out DRM leases. However, DRM leases have the problem that
> there is no single entity responsible for keeping the display device
> working, but that responsibility is split between several processes and
> none of them sees the whole picture.

Yeah I think a compositor for this use-case, written in Rust and
heavily audited/proofed is probably a lot more reliable than cobbling
ill-defined kernel driver code on top of barely-defined hw semantics
in resource-sharing cases.

> Btw. VKMS is an existing DRM driver, so your name choice is conflicting.

Yeah that too :-)
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ