lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <51fb2ba0-ae49-4799-9450-98bb90c4b36d@ideasonboard.com>
Date: Thu, 26 Sep 2024 18:26:09 +0300
From: Tomi Valkeinen <tomi.valkeinen@...asonboard.com>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc: Mauro Carvalho Chehab <mchehab@...nel.org>,
 Niklas Söderlund <niklas.soderlund@...natech.se>,
 Hans Verkuil <hverkuil-cisco@...all.nl>,
 Sakari Ailus <sakari.ailus@...ux.intel.com>, linux-media@...r.kernel.org,
 linux-kernel@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
 Tomi Valkeinen <tomi.valkeinen+renesas@...asonboard.com>
Subject: Re: [PATCH 1/4] media: v4l2-subdev: Add cleanup macros for active
 state

On 25/09/2024 19:35, Laurent Pinchart wrote:
> Hi Tomi,
> 
> On Tue, Sep 24, 2024 at 08:53:38PM +0300, Tomi Valkeinen wrote:
>> On 24/09/2024 20:17, Laurent Pinchart wrote:
>>> On Tue, Sep 17, 2024 at 05:09:29PM +0300, Tomi Valkeinen wrote:
>>>> From: Tomi Valkeinen <tomi.valkeinen+renesas@...asonboard.com>
>>>>
>>>> Add cleanup macros for active state. These can be used to call
>>>> v4l2_subdev_lock_and_get_active_state() and manage the unlocking either
>>>> in unscoped or scoped fashion:
>>>>
>>>> This locks the state, gets it to the 'state' variable, and unlocks when
>>>> exiting the surrounding scope:
>>>>
>>>> CLASS(v4l2_subdev_lock_and_get_active_state, state)(subdev);
>>>>
>>>> This does the same, but inside the given scope:
>>>>
>>>> scoped_v4l2_subdev_lock_and_get_active_state(subdev) {
>>>> }
>>>>
>>>> Signed-off-by: Tomi Valkeinen <tomi.valkeinen+renesas@...asonboard.com>
>>>> ---
>>>>    include/media/v4l2-subdev.h | 10 ++++++++++
>>>>    1 file changed, 10 insertions(+)
>>>>
>>>> diff --git a/include/media/v4l2-subdev.h b/include/media/v4l2-subdev.h
>>>> index bd235d325ff9..699007cfffd7 100644
>>>> --- a/include/media/v4l2-subdev.h
>>>> +++ b/include/media/v4l2-subdev.h
>>>> @@ -8,6 +8,7 @@
>>>>    #ifndef _V4L2_SUBDEV_H
>>>>    #define _V4L2_SUBDEV_H
>>>>    
>>>> +#include <linux/cleanup.h>
>>>>    #include <linux/types.h>
>>>>    #include <linux/v4l2-subdev.h>
>>>>    #include <media/media-entity.h>
>>>> @@ -1854,6 +1855,15 @@ v4l2_subdev_lock_and_get_active_state(struct v4l2_subdev *sd)
>>>>    	return sd->active_state;
>>>>    }
>>>>    
>>>> +DEFINE_CLASS(v4l2_subdev_lock_and_get_active_state, struct v4l2_subdev_state *,
>>>> +	     v4l2_subdev_unlock_state(_T),
>>>> +	     v4l2_subdev_lock_and_get_active_state(sd), struct v4l2_subdev *sd);
>>>> +
>>>> +#define scoped_v4l2_subdev_lock_and_get_active_state(sd)              \
>>>> +	for (CLASS(v4l2_subdev_lock_and_get_active_state, state)(sd), \
>>>> +	     *done = NULL;                                            \
>>>> +	     !done; done = (void *)1)
>>>
>>> That a very long name :-S Could this be done using the scoped_guard()
>>> macro instead ? For instance, with spinlocks you can do
>>>
>>> 	scoped_guard(spinlock_irqsave, &dev->lock) {
>>> 		...
>>> 	}
>>>
>>> It would be nice to be able to write
>>>
>>> 	scoped_guard(v4l2_subdev_state, sd) {
>>
>> This can be done but then you need to pass the state to it, not sd. Or
>> perhaps it would be possible to implicitly turn the sd into active
>> state, but I don't like that at all...
>>
>> Or maybe:
>>
>> scoped_guard(v4l2_subdev_state, v4l2_subdev_get_unlocked_active_state(sd))
>>
>> Not very short either...
> 
> That's not very nice. Are there other examples in the kernel of
> scoped_*() macros magically creating variables that are then used within
> the scope ? I have a feeling we shouldn't do it here.

I'm not aware of any other scoped macros than scoped_guard. Or if there 
are similar macros creating a variable.

I think creating the variable inside the macro is one of the main points 
with scoped_v4l2_subdev_lock_and_get_active_state(), so that not only 
the locking of the state of scoped, also the variable is scoped. It 
hasn't been just once or twice when I have accidentally used a variable 
that was supposed to be only used inside a scope.

>>> 		...
>>> 	}
>>>
>>> This being said, we would then end up with the state variable being
>>> named scope, which wouldn't be great.
>>
>> No, it wouldn't.
>>
>>> This is actually one of my issues with the above macros, and especially
>>> scoped_v4l2_subdev_lock_and_get_active_state(). It creates a local state
>>> variable in the scope, which makes the code less readable in my opinion.
>>
>> It's trivial to add a variable name there, as mentioned in the intro letter.
>>
>> You mentioned the const/non-const state issue in the other email. I
>> wonder if some macro-magic could be done for that... Or we can always
>> just add "scoped_v4l2_subdev_lock_and_get_active_state_const()"! =)
> 
> And that's supposed to be an improvement ? :D
> 
>> Also, it's not like we have to use these _everywhere_. So maybe if you
>> want a const state, don't use the scoped or the class.
> 
> Looking at the rest of your series there are very few instances of
> scoped_v4l2_subdev_lock_and_get_active_state(), so I'm tempted to simply

The changes in this series were just a few examples for a couple of 
drivers I've been working on lately. I didn't do any kind of thorough 
study how many users we have for these.

> leave it out. When one writes
> 
> 	scoped_guard(spinlock_irqsave, &dev->lock) {
> 	}
> 
> It's clear that you're locking the lock for the scope using
> spinlock_irqsave. The scoped guard performs a scoped action on an
> existing object. The V4L2 subdev active state is different, I don't
> think scoped_guard() gives the right semantics.

Hmm so are you here referring specifically to using scoped_guard() for 
the active state locking, or do you refer to the 
scoped_v4l2_subdev_lock_and_get_active_state()?

>>> We could keep the class and drop
>>> scoped_v4l2_subdev_lock_and_get_active_state(). I think I would like to
>>> shorten the class name then.
>>>
>>> Another option is to use DEFINE_FREE() and __free() instead.
>>
>> That can be added too. I had them, but I didn't consider them as useful
>> when I already added the class and scoped.
>>
>> I have to say I don't particularly like the look of either the scoped or
>> the class, or even the free. But they're so useful wrt. error handling
>> that I don't care if the syntax annoys me =).
> 
> CLASS() is a bit better once we'll get used to it, as the name of the
> variable is explicit. It however doesn't solve the const issue.

Again, we can add the variable name to 
scoped_v4l2_subdev_lock_and_get_active_state(), it's a trivial change.

I don't really see the const issue as a major thing. Missing the const 
here never breaks anything. You can pass the non-const state to 
functions that take const state. And you never have to use these 
helpers, you can do it all manually.

Adding const versions is possible. In some way the code has to tell the 
macros that "I want const state", so adding a __const() version of the 
macro sounds fine to me. Except the length of the name quickly becomes a 
problem =).

> Furthermore, its semantics is meant to represent creation of an object
> with automatic destruction when it leaves the scope, while with the
> subdev active state you're not creating an object. That's why I think

The lock guards use CLASS(), and they're not creating any new objects. 
They do hide the use of CLASS, though. But we can do the same by just 
creating our own macro that directly uses CLASS.

> that an explicit variable with a __free() annotation may be the best
> option for this.

But __free() does a different thing. It can, of course, be used in a 
scoped fashion by adding a scope with { }, like:

	{
		struct v4l2_subdev_state *state __free(v4l2_subdev_state_lock) = 
v4l2_subdev_lock_and_get_active_state(sd);

		// use state
	}

but I don't very often see that style used. "__free()" there also makes 
me think the state will be freed... And the line above is definitely not 
short...

If we come up with a suitable short name, this is quite a bit cleaner 
looking:

	hopefully_somewhat_short_name(sd, state) {
		// use state
	}

But all that said, I have to say I don't know if we have enough users 
for these to make these worthwhile. Looking at the single 
scoped_v4l2_subdev_lock_and_get_active_state() use I added to 
rzg2l-csi2.c... That's not really needed, as the original code is not 
right: the rzg2l_csi2_calc_mbps() shouldn't lock the active state, it 
should be passed the (locked) active state.

  Tomi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ