On Wed, Aug 18, 2021 at 03:38:20PM +0800, Desmond Cheong Zhi Xi wrote:
Currently, drm_device.master_mutex is used to serialize writes to the drm_master.magic_map idr and to protect drm_master.unique{_len}.
In preparation for converting drm_device.master_mutex into an outer rwsem that might be read locked before entering some of these functions, we can instead serialize access to drm_master.magic_map and drm_master.unique{_len} using drm_device.master_lookup_lock which is an inner lock.
Signed-off-by: Desmond Cheong Zhi Xi desmondcheongzx@gmail.com
drivers/gpu/drm/drm_auth.c | 12 +++++++----- drivers/gpu/drm/drm_ioctl.c | 10 ++++++---- include/drm/drm_auth.h | 6 +++--- include/drm/drm_device.h | 7 ++++++- 4 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c index b7230604496b..0acb444fbbac 100644 --- a/drivers/gpu/drm/drm_auth.c +++ b/drivers/gpu/drm/drm_auth.c @@ -98,10 +98,10 @@ int drm_getmagic(struct drm_device *dev, void *data, struct drm_file *file_priv) struct drm_master *master; int ret = 0;
- mutex_lock(&dev->master_mutex);
- spin_lock(&dev->master_lookup_lock); master = file_priv->master; if (!master) {
mutex_unlock(&dev->master_mutex);
spin_unlock(&dev->master_lookup_lock);@@ -112,7 +112,7 @@ int drm_getmagic(struct drm_device *dev, void *data, struct drm_file *file_priv) file_priv->magic = ret; } auth->magic = file_priv->magic;
- mutex_unlock(&dev->master_mutex);
- spin_unlock(&dev->master_lookup_lock);
DRM_DEBUG("%u\n", auth->magic); @@ -127,13 +127,13 @@ int drm_authmagic(struct drm_device *dev, void *data, DRM_DEBUG("%u\n", auth->magic);
- mutex_lock(&dev->master_mutex);
- spin_lock(&dev->master_lookup_lock); file = idr_find(&file_priv->master->magic_map, auth->magic); if (file) { file->authenticated = 1; idr_replace(&file_priv->master->magic_map, NULL, auth->magic); }
- mutex_unlock(&dev->master_mutex);
- spin_unlock(&dev->master_lookup_lock);
return file ? 0 : -EINVAL; } @@ -366,8 +366,10 @@ void drm_master_release(struct drm_file *file_priv) if (!master) goto unlock;
- spin_lock(&dev->master_lookup_lock); if (file_priv->magic) idr_remove(&master->magic_map, file_priv->magic);
- spin_unlock(&dev->master_lookup_lock);
if (!drm_is_current_master_locked(file_priv)) goto out; diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 4d029d3061d9..e5c3845b6e62 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -119,21 +119,21 @@ int drm_getunique(struct drm_device *dev, void *data, struct drm_unique *u = data; struct drm_master *master;
- mutex_lock(&dev->master_mutex);
- spin_lock(&dev->master_lookup_lock); master = file_priv->master; if (!master) {
mutex_unlock(&dev->master_mutex);
spin_unlock(&dev->master_lookup_lock);if (u->unique_len >= master->unique_len) { if (copy_to_user(u->unique, master->unique, master->unique_len)) {
mutex_unlock(&dev->master_mutex);
spin_unlock(&dev->master_lookup_lock);
copy_to_user while holding a spinlock isn't going to work well, at least when we take a fault. The might_fault() annotations (if enabled) should catch that.
Which is really annoying, because it kinda puts a wrench into this neat plan here :-/
return -EFAULT; }} u->unique_len = master->unique_len;
- mutex_unlock(&dev->master_mutex);
- spin_unlock(&dev->master_lookup_lock);
return 0; } @@ -405,7 +405,9 @@ static int drm_setversion(struct drm_device *dev, void *data, struct drm_file *f * Version 1.1 includes tying of DRM to specific device * Version 1.4 has proper PCI domain support */
spin_lock(&dev->master_lookup_lock); retcode = drm_set_busid(dev, file_priv);spin_unlock(&dev->master_lookup_lock);
Similar issue with drm_set_busid, calling kmalloc under a spinlock isn't a good idea. This one here is at least much easier to fix by pushing the locking down a lot.
I'm wondering a bit whether a better fix for these ioctls wouldn't be to - drop the DRM_MASTER flag from the ioctl table - take the rwsem in write mode (which would replace our current dev->master_lock) and check for master status while holding that lock
I think that would result in simpler locking or am I missing something? Maybe this could even work as a replacment for the lookup spinlock, since we're untangling the nesting quite a bit?
Really just tossing ideas around since I feel like we don't have the best one yet ... -Daniel
if (retcode) goto done; }diff --git a/include/drm/drm_auth.h b/include/drm/drm_auth.h index ba248ca8866f..f5be73153798 100644 --- a/include/drm/drm_auth.h +++ b/include/drm/drm_auth.h @@ -67,17 +67,17 @@ struct drm_master { struct drm_device *dev; /** * @unique: Unique identifier: e.g. busid. Protected by
* &drm_device.master_mutex.
* &drm_device.master_lookup_lock.
- @unique_len: Length of unique field. Protected by
* &drm_device.master_mutex.
* &drm_device.master_lookup_lock.
- @magic_map: Map of used authentication tokens. Protected by
* &drm_device.master_mutex.
* &drm_device.master_lookup_lock.diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h index 506eb2784819..cf5d15aeb25f 100644 --- a/include/drm/drm_device.h +++ b/include/drm/drm_device.h @@ -152,7 +152,12 @@ struct drm_device { */ struct mutex master_mutex;
- /** @master_lookup_lock: Serializes &drm_file.master. */
- /**
* @master_lookup_lock:** Serializes &drm_file.master, &drm_master.magic_map,* &drm_master.unique, and &drm_master.unique_len.*//** -- 2.25.1