lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Apr 2022 15:33:22 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     Christoph Hellwig <hch@....de>
Cc:     Jani Nikula <jani.nikula@...ux.intel.com>,
        Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
        Rodrigo Vivi <rodrigo.vivi@...el.com>,
        Zhenyu Wang <zhenyuw@...ux.intel.com>,
        Zhi Wang <zhi.a.wang@...el.com>,
        intel-gfx@...ts.freedesktop.org,
        intel-gvt-dev@...ts.freedesktop.org,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 24/34] drm/i915/gvt: remove the extra vfio_device
 refcounting for dmabufs

On Mon, Apr 11, 2022 at 04:13:53PM +0200, Christoph Hellwig wrote:
> All the dmabufs are torn down when th VGPU is released, so there is
> no need for extra refcounting here.

'th' -> 'the'

I think the specific argument is that intel_vgpu_query_plane() is only
called from intel_vgpu_ioctl() which has to happen while the device is
open so intel_vgpu_query_plane() has no issue.

dmabuf_gem_object_free() is OK because:
 intel_vgpu_close_device
  __intel_vgpu_release
   intel_gvt_release_vgpu
    intel_vgpu_dmabuf_cleanup

Menaing dmabuf->vgpu was already NULL once close_device is passed, and
the vfio_device reference is held automatically from open_device->close_device

And similarly intel_vgpu_dmabuf_cleanup() is OK because it is called
by the above.

The other places that call intel_vgpu_dmabuf_cleanup() are redundant
with the close_device path.

Though the 'release_work' callpath is buggy, for many reasons, but not
for this series.

Reviewed-by: Jason Gunthorpe <jgg@...dia.com>

> diff --git a/drivers/gpu/drm/i915/gvt/dmabuf.c b/drivers/gpu/drm/i915/gvt/dmabuf.c
> index 90443306a9ad4..01e54b45c5c1b 100644
> +++ b/drivers/gpu/drm/i915/gvt/dmabuf.c
> @@ -139,7 +139,6 @@ static void dmabuf_gem_object_free(struct kref *kref)
>  			dmabuf_obj = list_entry(pos, struct intel_vgpu_dmabuf_obj, list);
>  			if (dmabuf_obj == obj) {

Not for this series but it seems like there is something off about
the locking here:

	if (vgpu && vgpu->active && !list_empty(&vgpu->dmabuf_obj_list_head)) {

This is called under the dmabuf lock but active is protected by the
vgpu_lock.. It seems strange that vgpu->active could be false but the
device is still open, so maybe it is not possible.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ