Message ID | 20200302222631.3861340-4-daniel.vetter@ffwll.ch (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | drm_device managed resources, v4 | expand |
Hi Daniel, I love your patch! Perhaps something to improve: url: https://github.com/0day-ci/linux/commits/Daniel-Vetter/drm_device-managed-resources-v4/20200303-071023 base: git://anongit.freedesktop.org/drm/drm-tip drm-tip If you fix the issue, kindly add following tag Reported-by: kbuild test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> smatch warnings: drivers/gpu/drm/drm_drv.c:843 drm_dev_release() error: dereferencing freed memory 'dev' # https://github.com/0day-ci/linux/commit/5aba700d4c32ae5722a9931c959b13a6217a86e2 git remote add linux-review https://github.com/0day-ci/linux git remote update linux-review git checkout 5aba700d4c32ae5722a9931c959b13a6217a86e2 vim +/dev +843 drivers/gpu/drm/drm_drv.c 099d1c290e2ebc drivers/gpu/drm/drm_stub.c David Herrmann 2014-01-29 826 static void drm_dev_release(struct kref *ref) 0dc8fe5985e01f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-02 827 { 099d1c290e2ebc drivers/gpu/drm/drm_stub.c David Herrmann 2014-01-29 828 struct drm_device *dev = container_of(ref, struct drm_device, ref); 8f6599da8e772f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-20 829 f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 830 if (dev->driver->release) { f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 831 dev->driver->release(dev); f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 832 } else { f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 833 drm_dev_fini(dev); 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 834 } 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 835 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 836 drm_managed_release(dev); 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 837 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 838 if (!dev->driver->release && !dev->managed.final_kfree) { 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 839 WARN_ON(!list_empty(&dev->managed.resources)); 0dc8fe5985e01f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-02 840 kfree(dev); ^^^^^^^^^^ Free 0dc8fe5985e01f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-02 841 } 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 842 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 @843 if (dev->managed.final_kfree) ^^^^^ Dereference 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 844 kfree(dev->managed.final_kfree); f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 845 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
On Tue, Mar 03, 2020 at 11:04:06AM +0300, Dan Carpenter wrote: > Hi Daniel, > > I love your patch! Perhaps something to improve: > > url: https://github.com/0day-ci/linux/commits/Daniel-Vetter/drm_device-managed-resources-v4/20200303-071023 > base: git://anongit.freedesktop.org/drm/drm-tip drm-tip > > If you fix the issue, kindly add following tag > Reported-by: kbuild test robot <lkp@intel.com> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > > smatch warnings: > drivers/gpu/drm/drm_drv.c:843 drm_dev_release() error: dereferencing freed memory 'dev' > > # https://github.com/0day-ci/linux/commit/5aba700d4c32ae5722a9931c959b13a6217a86e2 > git remote add linux-review https://github.com/0day-ci/linux > git remote update linux-review > git checkout 5aba700d4c32ae5722a9931c959b13a6217a86e2 > vim +/dev +843 drivers/gpu/drm/drm_drv.c > > 099d1c290e2ebc drivers/gpu/drm/drm_stub.c David Herrmann 2014-01-29 826 static void drm_dev_release(struct kref *ref) > 0dc8fe5985e01f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-02 827 { > 099d1c290e2ebc drivers/gpu/drm/drm_stub.c David Herrmann 2014-01-29 828 struct drm_device *dev = container_of(ref, struct drm_device, ref); > 8f6599da8e772f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-20 829 > f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 830 if (dev->driver->release) { > f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 831 dev->driver->release(dev); > f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 832 } else { > f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 833 drm_dev_fini(dev); > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 834 } > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 835 > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 836 drm_managed_release(dev); > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 837 > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 838 if (!dev->driver->release && !dev->managed.final_kfree) { > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 839 WARN_ON(!list_empty(&dev->managed.resources)); > 0dc8fe5985e01f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-02 840 kfree(dev); > ^^^^^^^^^^ > Free > > 0dc8fe5985e01f drivers/gpu/drm/drm_stub.c David Herrmann 2013-10-02 841 } > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 842 > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 @843 if (dev->managed.final_kfree) > ^^^^^ > Dereference Drat, so much for me trying to get this to bisect properly (it's interim code and will disappear, end is correct I think). I guess I'll try again. -Daniel > > 5aba700d4c32ae drivers/gpu/drm/drm_drv.c Daniel Vetter 2020-03-02 844 kfree(dev->managed.final_kfree); > f30c92576af4bb drivers/gpu/drm/drm_drv.c Chris Wilson 2017-02-02 845 } > > --- > 0-DAY CI Kernel Test Service, Intel Corporation > https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Hi Daniel Am 02.03.20 um 23:25 schrieb Daniel Vetter: > We have lots of these. And the cleanup code tends to be of dubious > quality. The biggest wrong pattern is that developers use devm_, which > ties the release action to the underlying struct device, whereas > all the userspace visible stuff attached to a drm_device can long > outlive that one (e.g. after a hotunplug while userspace has open > files and mmap'ed buffers). Give people what they want, but with more > correctness. > > Mostly copied from devres.c, with types adjusted to fit drm_device and > a few simplifications - I didn't (yet) copy over everything. Since > the types don't match code sharing looked like a hopeless endeavour. > > For now it's only super simplified, no groups, you can't remove > actions (but kfree exists, we'll need that soon). Plus all specific to > drm_device ofc, including the logging. Which I didn't bother to make > compile-time optional, since none of the other drm logging is compile > time optional either. > > One tricky bit here is the chicken&egg between allocating your > drm_device structure and initiliazing it with drm_dev_init. For > perfect onion unwinding we'd need to have the action to kfree the > allocation registered before drm_dev_init registers any of its own > release handlers. But drm_dev_init doesn't know where exactly the > drm_device is emebedded into the overall structure, and by the time it > returns it'll all be too late. And forcing drivers to be able clean up > everything except the one kzalloc is silly. > > Work around this by having a very special final_kfree pointer. This > also avoids troubles with the list head possibly disappearing from > underneath us when we release all resources attached to the > drm_device. > > v2: Do all the kerneldoc at the end, to avoid lots of fairly pointless > shuffling while getting everything into shape. > > v3: Add static to add/del_dr (Neil) > Move typo fix to the right patch (Neil) > > v4: Enforce contract for drmm_add_final_kfree: > > Use ksize() to check that the drm_device is indeed contained somewhere > in the final kfree(). Because we need that or the entire managed > release logic blows up in a pile of use-after-frees. Motivated by a > discussion with Laurent. > > v5: Review from Laurent: > - %zu instead of casting size_t > - header guards > - sorting of includes > - guarding of data assignment if we didn't allocate it for a NULL > pointer > - delete spurious newline > - cast void* data parameter correctly in ->release call, no idea how > this even worked before > > v3: Review from Sam > - Add the kerneldoc for the managed sub-struct back in, even if it > doesn't show up in the generated html somehow. > - Explain why __always_inline. > - Fix bisectability around the final kfree() in drm_dev_relase(). This > is just interim code which will disappear again. > - Some whitespace polish. > - Add debug output when drmm_add_action or drmm_kmalloc fail. > > Cc: Sam Ravnborg <sam@ravnborg.org> > Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > Cc: Neil Armstrong <narmstrong@baylibre.com > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Cc: "Rafael J. Wysocki" <rafael@kernel.org> > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > --- > Documentation/gpu/drm-internals.rst | 6 + > drivers/gpu/drm/Makefile | 3 +- > drivers/gpu/drm/drm_drv.c | 12 ++ > drivers/gpu/drm/drm_internal.h | 3 + > drivers/gpu/drm/drm_managed.c | 186 ++++++++++++++++++++++++++++ > include/drm/drm_device.h | 15 +++ > include/drm/drm_managed.h | 30 +++++ > include/drm/drm_print.h | 6 + > 8 files changed, 260 insertions(+), 1 deletion(-) > create mode 100644 drivers/gpu/drm/drm_managed.c > create mode 100644 include/drm/drm_managed.h > > diff --git a/Documentation/gpu/drm-internals.rst b/Documentation/gpu/drm-internals.rst > index a73320576ca9..a6b6145fda78 100644 > --- a/Documentation/gpu/drm-internals.rst > +++ b/Documentation/gpu/drm-internals.rst > @@ -132,6 +132,12 @@ be unmapped; on many devices, the ROM address decoder is shared with > other BARs, so leaving it mapped could cause undesired behaviour like > hangs or memory corruption. > > +Managed Resources > +----------------- > + > +.. kernel-doc:: drivers/gpu/drm/drm_managed.c > + :doc: managed resources > + > Bus-specific Device Registration and PCI Support > ------------------------------------------------ > > diff --git a/drivers/gpu/drm/Makefile b/drivers/gpu/drm/Makefile > index 7f72ef5e7811..183c60048307 100644 > --- a/drivers/gpu/drm/Makefile > +++ b/drivers/gpu/drm/Makefile > @@ -17,7 +17,8 @@ drm-y := drm_auth.o drm_cache.o \ > drm_plane.o drm_color_mgmt.o drm_print.o \ > drm_dumb_buffers.o drm_mode_config.o drm_vblank.o \ > drm_syncobj.o drm_lease.o drm_writeback.o drm_client.o \ > - drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o > + drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o \ > + drm_managed.o > > drm-$(CONFIG_DRM_LEGACY) += drm_legacy_misc.o drm_bufs.o drm_context.o drm_dma.o drm_scatter.o drm_lock.o > drm-$(CONFIG_DRM_LIB_RANDOM) += lib/drm_random.o > diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c > index 9fcd6ab3c154..153050fc926c 100644 > --- a/drivers/gpu/drm/drm_drv.c > +++ b/drivers/gpu/drm/drm_drv.c > @@ -629,6 +629,9 @@ int drm_dev_init(struct drm_device *dev, > dev->dev = get_device(parent); > dev->driver = driver; > > + INIT_LIST_HEAD(&dev->managed.resources); > + spin_lock_init(&dev->managed.lock); > + > /* no per-device feature limits by default */ > dev->driver_features = ~0u; > > @@ -828,8 +831,17 @@ static void drm_dev_release(struct kref *ref) > dev->driver->release(dev); > } else { > drm_dev_fini(dev); > + } > + > + drm_managed_release(dev); > + > + if (!dev->driver->release && !dev->managed.final_kfree) { > + WARN_ON(!list_empty(&dev->managed.resources)); > kfree(dev); > } > + > + if (dev->managed.final_kfree) > + kfree(dev->managed.final_kfree); > } > > /** > diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h > index aeec2e68d772..8c2628dfc6c7 100644 > --- a/drivers/gpu/drm/drm_internal.h > +++ b/drivers/gpu/drm/drm_internal.h > @@ -89,6 +89,9 @@ void drm_prime_remove_buf_handle_locked(struct drm_prime_file_private *prime_fpr > struct drm_minor *drm_minor_acquire(unsigned int minor_id); > void drm_minor_release(struct drm_minor *minor); > > +/* drm_managed.c */ > +void drm_managed_release(struct drm_device *dev); > + > /* drm_vblank.c */ > void drm_vblank_disable_and_save(struct drm_device *dev, unsigned int pipe); > void drm_vblank_cleanup(struct drm_device *dev); > diff --git a/drivers/gpu/drm/drm_managed.c b/drivers/gpu/drm/drm_managed.c > new file mode 100644 > index 000000000000..57dc79fa90af > --- /dev/null > +++ b/drivers/gpu/drm/drm_managed.c > @@ -0,0 +1,186 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (C) 2020 Intel > + * > + * Based on drivers/base/devres.c > + */ > + > +#include <drm/drm_managed.h> > + > +#include <linux/list.h> > +#include <linux/slab.h> > +#include <linux/spinlock.h> > + > +#include <drm/drm_device.h> > +#include <drm/drm_print.h> > + > +/** > + * DOC: managed resources > + * > + * Inspired by struct &device managed resources, but tied to the lifetime of > + * struct &drm_device, which can outlive the underlying physical device, usually > + * when userspace has some open files and other handles to resources still open. > + */ > +struct drmres_node { > + struct list_head entry; > + drmres_release_t release; > + const char *name; > + size_t size; > +}; At a later point, we could have debugfs for instances of this data structure. There's already a name field. > + > +struct drmres { > + struct drmres_node node; > + /* > + * Some archs want to perform DMA into kmalloc caches > + * and need a guaranteed alignment larger than > + * the alignment of a 64-bit integer. > + * Thus we use ARCH_KMALLOC_MINALIGN here and get exactly the same > + * buffer alignment as if it was allocated by plain kmalloc(). > + */ > + u8 __aligned(ARCH_KMALLOC_MINALIGN) data[]; > +}; > + > +void drm_managed_release(struct drm_device *dev) > +{ > + struct drmres *dr, *tmp; > + > + drm_dbg_drmres(dev, "drmres release begin\n"); > + list_for_each_entry_safe(dr, tmp, &dev->managed.resources, node.entry) { > + drm_dbg_drmres(dev, "REL %p %s (%zu bytes)\n", > + dr, dr->node.name, dr->node.size); > + > + if (dr->node.release) > + dr->node.release(dev, dr->node.size ? *(void **)&dr->data : NULL); > + > + list_del(&dr->node.entry); > + kfree(dr); > + } > + drm_dbg_drmres(dev, "drmres release end\n"); > +} > + > +/* > + * Always inline so that kmallc_track_caller tracks the actual interesting 'kmalloc_node_track_caller' > + * caller outside of drm_managed.c. > + */ > +static __always_inline struct drmres * alloc_dr(drmres_release_t release, > + size_t size, gfp_t gfp, int nid) > +{ > + size_t tot_size; > + struct drmres *dr; > + > + /* We must catch any near-SIZE_MAX cases that could overflow. */ > + if (unlikely(check_add_overflow(sizeof(*dr), size, &tot_size))) > + return NULL; > + > + dr = kmalloc_node_track_caller(tot_size, gfp, nid); > + if (unlikely(!dr)) > + return NULL; > + > + memset(dr, 0, offsetof(struct drmres, data)); > + > + INIT_LIST_HEAD(&dr->node.entry); > + dr->node.release = release; > + dr->node.size = size; > + > + return dr; > +} > + > +static void del_dr(struct drm_device *dev, struct drmres *dr) > +{ > + list_del_init(&dr->node.entry); > + > + drm_dbg_drmres(dev, "DEL %p %s (%lu bytes)\n", > + dr, dr->node.name, (unsigned long) dr->node.size); > +} > + > +static void add_dr(struct drm_device *dev, struct drmres *dr) > +{ > + unsigned long flags; > + > + spin_lock_irqsave(&dev->managed.lock, flags); > + list_add(&dr->node.entry, &dev->managed.resources); > + spin_unlock_irqrestore(&dev->managed.lock, flags); > + > + drm_dbg_drmres(dev, "ADD %p %s (%lu bytes)\n", > + dr, dr->node.name, (unsigned long) dr->node.size); If the insert code blows up, it might be helpful to have this message in the log already. So should this message be located before the code for inserting the entry? > +} > + > +void drmm_add_final_kfree(struct drm_device *dev, void *parent) Can you come up with better names? 'final_kfree' sounds like a function pointer to an implementation of kfree() and 'parent' sounds like the parent device in a device hierarchy. I suggest to rename 'parent' to 'container' and 'final_kfree' 'drmm_container'. The function's name could be drmm_dev_set_container(). > +{ > + WARN_ON(dev->managed.final_kfree); > + WARN_ON(dev < (struct drm_device *) parent); > + WARN_ON(dev + 1 >= (struct drm_device *) (parent + ksize(parent))); > + dev->managed.final_kfree = parent; > +} > +EXPORT_SYMBOL(drmm_add_final_kfree); > + > +int __drmm_add_action(struct drm_device *dev, > + drmres_release_t action, > + void *data, const char *name) Is there a reason to pass in 'void* data' instead of 'void** datap'? The latter would communicate what this parameter is for and not need void_ptr. In any case, there seems to be no interface to remove an added action (e.g., __drmm_remove_action()). Please see my comment on drmm_kfree() below. And more generally, do we really need __drmm_add_action() in it's current form? I'd change it to __drmm_kmalloc(), which is drmm_kmalloc() plus optional release-action and name parameters. And drm_kmalloc() would be a simple wrapper in the header file, just like drmm_kcalloc(). > +{ > + struct drmres *dr; > + void **void_ptr; > + > + dr = alloc_dr(action, data ? sizeof(void*) : 0, > + GFP_KERNEL | __GFP_ZERO, > + dev_to_node(dev->dev)); > + if (!dr) { > + drm_dbg_drmres(dev, "failed to add action %s for %p\n", > + name, data); > + return -ENOMEM; > + } > + > + dr->node.name = name; > + if (data) { > + void_ptr = (void **)&dr->data; > + *void_ptr = data; > + } > + > + add_dr(dev, dr); > + > + return 0; > +} > +EXPORT_SYMBOL(__drmm_add_action); > + > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) > +{ > + struct drmres *dr; > + > + dr = alloc_dr(NULL, size, gfp, dev_to_node(dev->dev)); > + if (!dr) { > + drm_dbg_drmres(dev, "failed to allocate %zu bytes, %u flags\n", > + size, gfp); > + return NULL; > + } > + dr->node.name = "kmalloc"; > + > + add_dr(dev, dr); > + > + return dr->data; > +} > +EXPORT_SYMBOL(drmm_kmalloc); > + > +void drmm_kfree(struct drm_device *dev, void *data) I suggest to wrap this function around an implementatian that calls the optional release action. drmm_kfree() would become a trivial wrapper in the header file. Best regards Thomas > +{ > + struct drmres *dr_match = NULL, *dr; > + unsigned long flags; > + > + if (!data) > + return; > + > + spin_lock_irqsave(&dev->managed.lock, flags); > + list_for_each_entry(dr, &dev->managed.resources, node.entry) { > + if (dr->data == data) { > + dr_match = dr; > + del_dr(dev, dr_match); > + break; > + } > + } > + spin_unlock_irqrestore(&dev->managed.lock, flags); > + > + if (WARN_ON(!dr_match)) > + return; > + > + kfree(dr_match); > +} > +EXPORT_SYMBOL(drmm_kfree); > diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h > index bb60a949f416..d39132b477dd 100644 > --- a/include/drm/drm_device.h > +++ b/include/drm/drm_device.h > @@ -67,6 +67,21 @@ struct drm_device { > /** @dev: Device structure of bus-device */ > struct device *dev; > > + /** > + * @managed: > + * > + * Managed resources linked to the lifetime of this &drm_device as > + * tracked by @ref. > + */ > + struct { > + /** @managed.resources: managed resources list */ > + struct list_head resources; > + /** @managed.final_kfree: pointer for final kfree() call */ > + void *final_kfree; > + /** @managed.lock: protects @managed.resources */ > + spinlock_t lock; > + } managed; > + > /** @driver: DRM driver managing the device */ > struct drm_driver *driver; > > diff --git a/include/drm/drm_managed.h b/include/drm/drm_managed.h > new file mode 100644 > index 000000000000..7b5df7d09b19 > --- /dev/null > +++ b/include/drm/drm_managed.h > @@ -0,0 +1,30 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +#ifndef _DRM_MANAGED_H_ > +#define _DRM_MANAGED_H_ > + > +#include <linux/gfp.h> > +#include <linux/types.h> > + > +struct drm_device; > + > +typedef void (*drmres_release_t)(struct drm_device *dev, void *res); > + > +#define drmm_add_action(dev, action, data) \ > + __drmm_add_action(dev, action, data, #action) > + > +int __must_check __drmm_add_action(struct drm_device *dev, > + drmres_release_t action, > + void *data, const char *name); > + > +void drmm_add_final_kfree(struct drm_device *dev, void *parent); > + > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) __malloc; > +static inline void *drmm_kzalloc(struct drm_device *dev, size_t size, gfp_t gfp) > +{ > + return drmm_kmalloc(dev, size, gfp | __GFP_ZERO); > +} > + > +void drmm_kfree(struct drm_device *dev, void *data); > + > +#endif > diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h > index ca7cee8e728a..1c9417430d08 100644 > --- a/include/drm/drm_print.h > +++ b/include/drm/drm_print.h > @@ -313,6 +313,10 @@ enum drm_debug_category { > * @DRM_UT_DP: Used in the DP code. > */ > DRM_UT_DP = 0x100, > + /** > + * @DRM_UT_DRMRES: Used in the drm managed resources code. > + */ > + DRM_UT_DRMRES = 0x200, > }; > > static inline bool drm_debug_enabled(enum drm_debug_category category) > @@ -442,6 +446,8 @@ void drm_dev_dbg(const struct device *dev, enum drm_debug_category category, > drm_dev_dbg((drm)->dev, DRM_UT_LEASE, fmt, ##__VA_ARGS__) > #define drm_dbg_dp(drm, fmt, ...) \ > drm_dev_dbg((drm)->dev, DRM_UT_DP, fmt, ##__VA_ARGS__) > +#define drm_dbg_drmres(drm, fmt, ...) \ > + drm_dev_dbg((drm)->dev, DRM_UT_DRMRES, fmt, ##__VA_ARGS__) > > > /* >
Am 02.03.20 um 23:25 schrieb Daniel Vetter: <...> > + > +int __drmm_add_action(struct drm_device *dev, > + drmres_release_t action, > + void *data, const char *name) > +{ > + struct drmres *dr; > + void **void_ptr; > + > + dr = alloc_dr(action, data ? sizeof(void*) : 0, > + GFP_KERNEL | __GFP_ZERO, > + dev_to_node(dev->dev)); > + if (!dr) { > + drm_dbg_drmres(dev, "failed to add action %s for %p\n", > + name, data); > + return -ENOMEM; > + } > + > + dr->node.name = name; Maybe do a kstrdup_const() on name and later a kfree_const() during release. Just in case someone decides to allocate 'name' dynamically. > + if (data) { > + void_ptr = (void **)&dr->data; > + *void_ptr = data; > + } > + > + add_dr(dev, dr); > + > + return 0; > +} > +EXPORT_SYMBOL(__drmm_add_action); > + > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) > +{ > + struct drmres *dr; > + > + dr = alloc_dr(NULL, size, gfp, dev_to_node(dev->dev)); > + if (!dr) { > + drm_dbg_drmres(dev, "failed to allocate %zu bytes, %u flags\n", > + size, gfp); > + return NULL; > + } > + dr->node.name = "kmalloc"; > + > + add_dr(dev, dr); > + > + return dr->data; > +} > +EXPORT_SYMBOL(drmm_kmalloc); > + > +void drmm_kfree(struct drm_device *dev, void *data) > +{ > + struct drmres *dr_match = NULL, *dr; > + unsigned long flags; > + > + if (!data) > + return; > + > + spin_lock_irqsave(&dev->managed.lock, flags); > + list_for_each_entry(dr, &dev->managed.resources, node.entry) { > + if (dr->data == data) { > + dr_match = dr; > + del_dr(dev, dr_match); > + break; > + } > + } > + spin_unlock_irqrestore(&dev->managed.lock, flags); > + > + if (WARN_ON(!dr_match)) > + return; > + > + kfree(dr_match); > +} > +EXPORT_SYMBOL(drmm_kfree); > diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h > index bb60a949f416..d39132b477dd 100644 > --- a/include/drm/drm_device.h > +++ b/include/drm/drm_device.h > @@ -67,6 +67,21 @@ struct drm_device { > /** @dev: Device structure of bus-device */ > struct device *dev; > > + /** > + * @managed: > + * > + * Managed resources linked to the lifetime of this &drm_device as > + * tracked by @ref. > + */ > + struct { > + /** @managed.resources: managed resources list */ > + struct list_head resources; > + /** @managed.final_kfree: pointer for final kfree() call */ > + void *final_kfree; > + /** @managed.lock: protects @managed.resources */ > + spinlock_t lock; > + } managed; > + > /** @driver: DRM driver managing the device */ > struct drm_driver *driver; > > diff --git a/include/drm/drm_managed.h b/include/drm/drm_managed.h > new file mode 100644 > index 000000000000..7b5df7d09b19 > --- /dev/null > +++ b/include/drm/drm_managed.h > @@ -0,0 +1,30 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +#ifndef _DRM_MANAGED_H_ > +#define _DRM_MANAGED_H_ > + > +#include <linux/gfp.h> > +#include <linux/types.h> > + > +struct drm_device; > + > +typedef void (*drmres_release_t)(struct drm_device *dev, void *res); > + > +#define drmm_add_action(dev, action, data) \ > + __drmm_add_action(dev, action, data, #action) > + > +int __must_check __drmm_add_action(struct drm_device *dev, > + drmres_release_t action, > + void *data, const char *name); > + > +void drmm_add_final_kfree(struct drm_device *dev, void *parent); > + > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) __malloc; > +static inline void *drmm_kzalloc(struct drm_device *dev, size_t size, gfp_t gfp) > +{ > + return drmm_kmalloc(dev, size, gfp | __GFP_ZERO); > +} > + > +void drmm_kfree(struct drm_device *dev, void *data); > + > +#endif > diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h > index ca7cee8e728a..1c9417430d08 100644 > --- a/include/drm/drm_print.h > +++ b/include/drm/drm_print.h > @@ -313,6 +313,10 @@ enum drm_debug_category { > * @DRM_UT_DP: Used in the DP code. > */ > DRM_UT_DP = 0x100, > + /** > + * @DRM_UT_DRMRES: Used in the drm managed resources code. > + */ > + DRM_UT_DRMRES = 0x200, > }; > > static inline bool drm_debug_enabled(enum drm_debug_category category) > @@ -442,6 +446,8 @@ void drm_dev_dbg(const struct device *dev, enum drm_debug_category category, > drm_dev_dbg((drm)->dev, DRM_UT_LEASE, fmt, ##__VA_ARGS__) > #define drm_dbg_dp(drm, fmt, ...) \ > drm_dev_dbg((drm)->dev, DRM_UT_DP, fmt, ##__VA_ARGS__) > +#define drm_dbg_drmres(drm, fmt, ...) \ > + drm_dev_dbg((drm)->dev, DRM_UT_DRMRES, fmt, ##__VA_ARGS__) > > > /* >
Am 11.03.20 um 10:07 schrieb Thomas Zimmermann: > Hi Daniel > > Am 02.03.20 um 23:25 schrieb Daniel Vetter: >> We have lots of these. And the cleanup code tends to be of dubious >> quality. The biggest wrong pattern is that developers use devm_, which >> ties the release action to the underlying struct device, whereas >> all the userspace visible stuff attached to a drm_device can long >> outlive that one (e.g. after a hotunplug while userspace has open >> files and mmap'ed buffers). Give people what they want, but with more >> correctness. >> >> Mostly copied from devres.c, with types adjusted to fit drm_device and >> a few simplifications - I didn't (yet) copy over everything. Since >> the types don't match code sharing looked like a hopeless endeavour. >> >> For now it's only super simplified, no groups, you can't remove >> actions (but kfree exists, we'll need that soon). Plus all specific to >> drm_device ofc, including the logging. Which I didn't bother to make >> compile-time optional, since none of the other drm logging is compile >> time optional either. >> >> One tricky bit here is the chicken&egg between allocating your >> drm_device structure and initiliazing it with drm_dev_init. For >> perfect onion unwinding we'd need to have the action to kfree the >> allocation registered before drm_dev_init registers any of its own >> release handlers. But drm_dev_init doesn't know where exactly the >> drm_device is emebedded into the overall structure, and by the time it >> returns it'll all be too late. And forcing drivers to be able clean up >> everything except the one kzalloc is silly. >> >> Work around this by having a very special final_kfree pointer. This >> also avoids troubles with the list head possibly disappearing from >> underneath us when we release all resources attached to the >> drm_device. >> >> v2: Do all the kerneldoc at the end, to avoid lots of fairly pointless >> shuffling while getting everything into shape. >> >> v3: Add static to add/del_dr (Neil) >> Move typo fix to the right patch (Neil) >> >> v4: Enforce contract for drmm_add_final_kfree: >> >> Use ksize() to check that the drm_device is indeed contained somewhere >> in the final kfree(). Because we need that or the entire managed >> release logic blows up in a pile of use-after-frees. Motivated by a >> discussion with Laurent. >> >> v5: Review from Laurent: >> - %zu instead of casting size_t >> - header guards >> - sorting of includes >> - guarding of data assignment if we didn't allocate it for a NULL >> pointer >> - delete spurious newline >> - cast void* data parameter correctly in ->release call, no idea how >> this even worked before >> >> v3: Review from Sam >> - Add the kerneldoc for the managed sub-struct back in, even if it >> doesn't show up in the generated html somehow. >> - Explain why __always_inline. >> - Fix bisectability around the final kfree() in drm_dev_relase(). This >> is just interim code which will disappear again. >> - Some whitespace polish. >> - Add debug output when drmm_add_action or drmm_kmalloc fail. >> >> Cc: Sam Ravnborg <sam@ravnborg.org> >> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> >> Cc: Neil Armstrong <narmstrong@baylibre.com >> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> >> Cc: "Rafael J. Wysocki" <rafael@kernel.org> >> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> >> --- >> Documentation/gpu/drm-internals.rst | 6 + >> drivers/gpu/drm/Makefile | 3 +- >> drivers/gpu/drm/drm_drv.c | 12 ++ >> drivers/gpu/drm/drm_internal.h | 3 + >> drivers/gpu/drm/drm_managed.c | 186 ++++++++++++++++++++++++++++ >> include/drm/drm_device.h | 15 +++ >> include/drm/drm_managed.h | 30 +++++ >> include/drm/drm_print.h | 6 + >> 8 files changed, 260 insertions(+), 1 deletion(-) >> create mode 100644 drivers/gpu/drm/drm_managed.c >> create mode 100644 include/drm/drm_managed.h >> >> diff --git a/Documentation/gpu/drm-internals.rst b/Documentation/gpu/drm-internals.rst >> index a73320576ca9..a6b6145fda78 100644 >> --- a/Documentation/gpu/drm-internals.rst >> +++ b/Documentation/gpu/drm-internals.rst >> @@ -132,6 +132,12 @@ be unmapped; on many devices, the ROM address decoder is shared with >> other BARs, so leaving it mapped could cause undesired behaviour like >> hangs or memory corruption. >> >> +Managed Resources >> +----------------- >> + >> +.. kernel-doc:: drivers/gpu/drm/drm_managed.c >> + :doc: managed resources >> + >> Bus-specific Device Registration and PCI Support >> ------------------------------------------------ >> >> diff --git a/drivers/gpu/drm/Makefile b/drivers/gpu/drm/Makefile >> index 7f72ef5e7811..183c60048307 100644 >> --- a/drivers/gpu/drm/Makefile >> +++ b/drivers/gpu/drm/Makefile >> @@ -17,7 +17,8 @@ drm-y := drm_auth.o drm_cache.o \ >> drm_plane.o drm_color_mgmt.o drm_print.o \ >> drm_dumb_buffers.o drm_mode_config.o drm_vblank.o \ >> drm_syncobj.o drm_lease.o drm_writeback.o drm_client.o \ >> - drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o >> + drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o \ >> + drm_managed.o >> >> drm-$(CONFIG_DRM_LEGACY) += drm_legacy_misc.o drm_bufs.o drm_context.o drm_dma.o drm_scatter.o drm_lock.o >> drm-$(CONFIG_DRM_LIB_RANDOM) += lib/drm_random.o >> diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c >> index 9fcd6ab3c154..153050fc926c 100644 >> --- a/drivers/gpu/drm/drm_drv.c >> +++ b/drivers/gpu/drm/drm_drv.c >> @@ -629,6 +629,9 @@ int drm_dev_init(struct drm_device *dev, >> dev->dev = get_device(parent); >> dev->driver = driver; >> >> + INIT_LIST_HEAD(&dev->managed.resources); >> + spin_lock_init(&dev->managed.lock); >> + >> /* no per-device feature limits by default */ >> dev->driver_features = ~0u; >> >> @@ -828,8 +831,17 @@ static void drm_dev_release(struct kref *ref) >> dev->driver->release(dev); >> } else { >> drm_dev_fini(dev); >> + } >> + >> + drm_managed_release(dev); >> + >> + if (!dev->driver->release && !dev->managed.final_kfree) { >> + WARN_ON(!list_empty(&dev->managed.resources)); >> kfree(dev); >> } >> + >> + if (dev->managed.final_kfree) >> + kfree(dev->managed.final_kfree); >> } >> >> /** >> diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h >> index aeec2e68d772..8c2628dfc6c7 100644 >> --- a/drivers/gpu/drm/drm_internal.h >> +++ b/drivers/gpu/drm/drm_internal.h >> @@ -89,6 +89,9 @@ void drm_prime_remove_buf_handle_locked(struct drm_prime_file_private *prime_fpr >> struct drm_minor *drm_minor_acquire(unsigned int minor_id); >> void drm_minor_release(struct drm_minor *minor); >> >> +/* drm_managed.c */ >> +void drm_managed_release(struct drm_device *dev); >> + >> /* drm_vblank.c */ >> void drm_vblank_disable_and_save(struct drm_device *dev, unsigned int pipe); >> void drm_vblank_cleanup(struct drm_device *dev); >> diff --git a/drivers/gpu/drm/drm_managed.c b/drivers/gpu/drm/drm_managed.c >> new file mode 100644 >> index 000000000000..57dc79fa90af >> --- /dev/null >> +++ b/drivers/gpu/drm/drm_managed.c >> @@ -0,0 +1,186 @@ >> +// SPDX-License-Identifier: GPL-2.0 >> +/* >> + * Copyright (C) 2020 Intel >> + * >> + * Based on drivers/base/devres.c >> + */ >> + >> +#include <drm/drm_managed.h> >> + >> +#include <linux/list.h> >> +#include <linux/slab.h> >> +#include <linux/spinlock.h> >> + >> +#include <drm/drm_device.h> >> +#include <drm/drm_print.h> >> + >> +/** >> + * DOC: managed resources >> + * >> + * Inspired by struct &device managed resources, but tied to the lifetime of >> + * struct &drm_device, which can outlive the underlying physical device, usually >> + * when userspace has some open files and other handles to resources still open. >> + */ >> +struct drmres_node { >> + struct list_head entry; >> + drmres_release_t release; >> + const char *name; >> + size_t size; >> +}; > > At a later point, we could have debugfs for instances of this data > structure. There's already a name field. > >> + >> +struct drmres { >> + struct drmres_node node; >> + /* >> + * Some archs want to perform DMA into kmalloc caches >> + * and need a guaranteed alignment larger than >> + * the alignment of a 64-bit integer. >> + * Thus we use ARCH_KMALLOC_MINALIGN here and get exactly the same >> + * buffer alignment as if it was allocated by plain kmalloc(). >> + */ >> + u8 __aligned(ARCH_KMALLOC_MINALIGN) data[]; >> +}; >> + >> +void drm_managed_release(struct drm_device *dev) >> +{ >> + struct drmres *dr, *tmp; >> + >> + drm_dbg_drmres(dev, "drmres release begin\n"); >> + list_for_each_entry_safe(dr, tmp, &dev->managed.resources, node.entry) { >> + drm_dbg_drmres(dev, "REL %p %s (%zu bytes)\n", >> + dr, dr->node.name, dr->node.size); >> + >> + if (dr->node.release) >> + dr->node.release(dev, dr->node.size ? *(void **)&dr->data : NULL); >> + >> + list_del(&dr->node.entry); >> + kfree(dr); >> + } >> + drm_dbg_drmres(dev, "drmres release end\n"); >> +} >> + >> +/* >> + * Always inline so that kmallc_track_caller tracks the actual interesting > > 'kmalloc_node_track_caller' > >> + * caller outside of drm_managed.c. >> + */ >> +static __always_inline struct drmres * alloc_dr(drmres_release_t release, >> + size_t size, gfp_t gfp, int nid) >> +{ >> + size_t tot_size; >> + struct drmres *dr; >> + >> + /* We must catch any near-SIZE_MAX cases that could overflow. */ >> + if (unlikely(check_add_overflow(sizeof(*dr), size, &tot_size))) >> + return NULL; >> + >> + dr = kmalloc_node_track_caller(tot_size, gfp, nid); >> + if (unlikely(!dr)) >> + return NULL; >> + >> + memset(dr, 0, offsetof(struct drmres, data)); >> + >> + INIT_LIST_HEAD(&dr->node.entry); >> + dr->node.release = release; >> + dr->node.size = size; >> + >> + return dr; >> +} >> + >> +static void del_dr(struct drm_device *dev, struct drmres *dr) >> +{ >> + list_del_init(&dr->node.entry); >> + >> + drm_dbg_drmres(dev, "DEL %p %s (%lu bytes)\n", >> + dr, dr->node.name, (unsigned long) dr->node.size); >> +} >> + >> +static void add_dr(struct drm_device *dev, struct drmres *dr) >> +{ >> + unsigned long flags; >> + >> + spin_lock_irqsave(&dev->managed.lock, flags); >> + list_add(&dr->node.entry, &dev->managed.resources); >> + spin_unlock_irqrestore(&dev->managed.lock, flags); >> + >> + drm_dbg_drmres(dev, "ADD %p %s (%lu bytes)\n", >> + dr, dr->node.name, (unsigned long) dr->node.size); > > If the insert code blows up, it might be helpful to have this message in > the log already. So should this message be located before the code for > inserting the entry? > >> +} >> + >> +void drmm_add_final_kfree(struct drm_device *dev, void *parent) > > Can you come up with better names? 'final_kfree' sounds like a function > pointer to an implementation of kfree() and 'parent' sounds like the > parent device in a device hierarchy. > > I suggest to rename 'parent' to 'container' and 'final_kfree' > 'drmm_container'. The function's name could be drmm_dev_set_container(). > >> +{ >> + WARN_ON(dev->managed.final_kfree); >> + WARN_ON(dev < (struct drm_device *) parent); >> + WARN_ON(dev + 1 >= (struct drm_device *) (parent + ksize(parent))); >> + dev->managed.final_kfree = parent; >> +} >> +EXPORT_SYMBOL(drmm_add_final_kfree); >> + >> +int __drmm_add_action(struct drm_device *dev, >> + drmres_release_t action, >> + void *data, const char *name) > > Is there a reason to pass in 'void* data' instead of 'void** datap'? The > latter would communicate what this parameter is for and not need void_ptr. > > In any case, there seems to be no interface to remove an added action > (e.g., __drmm_remove_action()). Please see my comment on drmm_kfree() below. Ah, I just saw this was added in patch 22. And patch 22 made me think that the interface name must clearly communicate whether the function invokes the release callback or not. Best regards Thomas > > And more generally, do we really need __drmm_add_action() in it's > current form? I'd change it to __drmm_kmalloc(), which is drmm_kmalloc() > plus optional release-action and name parameters. And drm_kmalloc() > would be a simple wrapper in the header file, just like drmm_kcalloc(). > >> +{ >> + struct drmres *dr; >> + void **void_ptr; >> + >> + dr = alloc_dr(action, data ? sizeof(void*) : 0, >> + GFP_KERNEL | __GFP_ZERO, >> + dev_to_node(dev->dev)); >> + if (!dr) { >> + drm_dbg_drmres(dev, "failed to add action %s for %p\n", >> + name, data); >> + return -ENOMEM; >> + } >> + >> + dr->node.name = name; >> + if (data) { >> + void_ptr = (void **)&dr->data; >> + *void_ptr = data; >> + } >> + >> + add_dr(dev, dr); >> + >> + return 0; >> +} >> +EXPORT_SYMBOL(__drmm_add_action); >> + >> +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) >> +{ >> + struct drmres *dr; >> + >> + dr = alloc_dr(NULL, size, gfp, dev_to_node(dev->dev)); >> + if (!dr) { >> + drm_dbg_drmres(dev, "failed to allocate %zu bytes, %u flags\n", >> + size, gfp); >> + return NULL; >> + } >> + dr->node.name = "kmalloc"; >> + >> + add_dr(dev, dr); >> + >> + return dr->data; >> +} >> +EXPORT_SYMBOL(drmm_kmalloc); >> + >> +void drmm_kfree(struct drm_device *dev, void *data) > > I suggest to wrap this function around an implementatian that calls the > optional release action. drmm_kfree() would become a trivial wrapper in > the header file. > > Best regards > Thomas > >> +{ >> + struct drmres *dr_match = NULL, *dr; >> + unsigned long flags; >> + >> + if (!data) >> + return; >> + >> + spin_lock_irqsave(&dev->managed.lock, flags); >> + list_for_each_entry(dr, &dev->managed.resources, node.entry) { >> + if (dr->data == data) { >> + dr_match = dr; >> + del_dr(dev, dr_match); >> + break; >> + } >> + } >> + spin_unlock_irqrestore(&dev->managed.lock, flags); >> + >> + if (WARN_ON(!dr_match)) >> + return; >> + >> + kfree(dr_match); >> +} >> +EXPORT_SYMBOL(drmm_kfree); >> diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h >> index bb60a949f416..d39132b477dd 100644 >> --- a/include/drm/drm_device.h >> +++ b/include/drm/drm_device.h >> @@ -67,6 +67,21 @@ struct drm_device { >> /** @dev: Device structure of bus-device */ >> struct device *dev; >> >> + /** >> + * @managed: >> + * >> + * Managed resources linked to the lifetime of this &drm_device as >> + * tracked by @ref. >> + */ >> + struct { >> + /** @managed.resources: managed resources list */ >> + struct list_head resources; >> + /** @managed.final_kfree: pointer for final kfree() call */ >> + void *final_kfree; >> + /** @managed.lock: protects @managed.resources */ >> + spinlock_t lock; >> + } managed; >> + >> /** @driver: DRM driver managing the device */ >> struct drm_driver *driver; >> >> diff --git a/include/drm/drm_managed.h b/include/drm/drm_managed.h >> new file mode 100644 >> index 000000000000..7b5df7d09b19 >> --- /dev/null >> +++ b/include/drm/drm_managed.h >> @@ -0,0 +1,30 @@ >> +// SPDX-License-Identifier: GPL-2.0 >> + >> +#ifndef _DRM_MANAGED_H_ >> +#define _DRM_MANAGED_H_ >> + >> +#include <linux/gfp.h> >> +#include <linux/types.h> >> + >> +struct drm_device; >> + >> +typedef void (*drmres_release_t)(struct drm_device *dev, void *res); >> + >> +#define drmm_add_action(dev, action, data) \ >> + __drmm_add_action(dev, action, data, #action) >> + >> +int __must_check __drmm_add_action(struct drm_device *dev, >> + drmres_release_t action, >> + void *data, const char *name); >> + >> +void drmm_add_final_kfree(struct drm_device *dev, void *parent); >> + >> +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) __malloc; >> +static inline void *drmm_kzalloc(struct drm_device *dev, size_t size, gfp_t gfp) >> +{ >> + return drmm_kmalloc(dev, size, gfp | __GFP_ZERO); >> +} >> + >> +void drmm_kfree(struct drm_device *dev, void *data); >> + >> +#endif >> diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h >> index ca7cee8e728a..1c9417430d08 100644 >> --- a/include/drm/drm_print.h >> +++ b/include/drm/drm_print.h >> @@ -313,6 +313,10 @@ enum drm_debug_category { >> * @DRM_UT_DP: Used in the DP code. >> */ >> DRM_UT_DP = 0x100, >> + /** >> + * @DRM_UT_DRMRES: Used in the drm managed resources code. >> + */ >> + DRM_UT_DRMRES = 0x200, >> }; >> >> static inline bool drm_debug_enabled(enum drm_debug_category category) >> @@ -442,6 +446,8 @@ void drm_dev_dbg(const struct device *dev, enum drm_debug_category category, >> drm_dev_dbg((drm)->dev, DRM_UT_LEASE, fmt, ##__VA_ARGS__) >> #define drm_dbg_dp(drm, fmt, ...) \ >> drm_dev_dbg((drm)->dev, DRM_UT_DP, fmt, ##__VA_ARGS__) >> +#define drm_dbg_drmres(drm, fmt, ...) \ >> + drm_dev_dbg((drm)->dev, DRM_UT_DRMRES, fmt, ##__VA_ARGS__) >> >> >> /* >> > > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel >
On Wed, Mar 11, 2020 at 10:07:13AM +0100, Thomas Zimmermann wrote: > Hi Daniel > > Am 02.03.20 um 23:25 schrieb Daniel Vetter: > > We have lots of these. And the cleanup code tends to be of dubious > > quality. The biggest wrong pattern is that developers use devm_, which > > ties the release action to the underlying struct device, whereas > > all the userspace visible stuff attached to a drm_device can long > > outlive that one (e.g. after a hotunplug while userspace has open > > files and mmap'ed buffers). Give people what they want, but with more > > correctness. > > > > Mostly copied from devres.c, with types adjusted to fit drm_device and > > a few simplifications - I didn't (yet) copy over everything. Since > > the types don't match code sharing looked like a hopeless endeavour. > > > > For now it's only super simplified, no groups, you can't remove > > actions (but kfree exists, we'll need that soon). Plus all specific to > > drm_device ofc, including the logging. Which I didn't bother to make > > compile-time optional, since none of the other drm logging is compile > > time optional either. > > > > One tricky bit here is the chicken&egg between allocating your > > drm_device structure and initiliazing it with drm_dev_init. For > > perfect onion unwinding we'd need to have the action to kfree the > > allocation registered before drm_dev_init registers any of its own > > release handlers. But drm_dev_init doesn't know where exactly the > > drm_device is emebedded into the overall structure, and by the time it > > returns it'll all be too late. And forcing drivers to be able clean up > > everything except the one kzalloc is silly. > > > > Work around this by having a very special final_kfree pointer. This > > also avoids troubles with the list head possibly disappearing from > > underneath us when we release all resources attached to the > > drm_device. > > > > v2: Do all the kerneldoc at the end, to avoid lots of fairly pointless > > shuffling while getting everything into shape. > > > > v3: Add static to add/del_dr (Neil) > > Move typo fix to the right patch (Neil) > > > > v4: Enforce contract for drmm_add_final_kfree: > > > > Use ksize() to check that the drm_device is indeed contained somewhere > > in the final kfree(). Because we need that or the entire managed > > release logic blows up in a pile of use-after-frees. Motivated by a > > discussion with Laurent. > > > > v5: Review from Laurent: > > - %zu instead of casting size_t > > - header guards > > - sorting of includes > > - guarding of data assignment if we didn't allocate it for a NULL > > pointer > > - delete spurious newline > > - cast void* data parameter correctly in ->release call, no idea how > > this even worked before > > > > v3: Review from Sam > > - Add the kerneldoc for the managed sub-struct back in, even if it > > doesn't show up in the generated html somehow. > > - Explain why __always_inline. > > - Fix bisectability around the final kfree() in drm_dev_relase(). This > > is just interim code which will disappear again. > > - Some whitespace polish. > > - Add debug output when drmm_add_action or drmm_kmalloc fail. > > > > Cc: Sam Ravnborg <sam@ravnborg.org> > > Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> > > Cc: Neil Armstrong <narmstrong@baylibre.com > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > Cc: "Rafael J. Wysocki" <rafael@kernel.org> > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > > --- > > Documentation/gpu/drm-internals.rst | 6 + > > drivers/gpu/drm/Makefile | 3 +- > > drivers/gpu/drm/drm_drv.c | 12 ++ > > drivers/gpu/drm/drm_internal.h | 3 + > > drivers/gpu/drm/drm_managed.c | 186 ++++++++++++++++++++++++++++ > > include/drm/drm_device.h | 15 +++ > > include/drm/drm_managed.h | 30 +++++ > > include/drm/drm_print.h | 6 + > > 8 files changed, 260 insertions(+), 1 deletion(-) > > create mode 100644 drivers/gpu/drm/drm_managed.c > > create mode 100644 include/drm/drm_managed.h > > > > diff --git a/Documentation/gpu/drm-internals.rst b/Documentation/gpu/drm-internals.rst > > index a73320576ca9..a6b6145fda78 100644 > > --- a/Documentation/gpu/drm-internals.rst > > +++ b/Documentation/gpu/drm-internals.rst > > @@ -132,6 +132,12 @@ be unmapped; on many devices, the ROM address decoder is shared with > > other BARs, so leaving it mapped could cause undesired behaviour like > > hangs or memory corruption. > > > > +Managed Resources > > +----------------- > > + > > +.. kernel-doc:: drivers/gpu/drm/drm_managed.c > > + :doc: managed resources > > + > > Bus-specific Device Registration and PCI Support > > ------------------------------------------------ > > > > diff --git a/drivers/gpu/drm/Makefile b/drivers/gpu/drm/Makefile > > index 7f72ef5e7811..183c60048307 100644 > > --- a/drivers/gpu/drm/Makefile > > +++ b/drivers/gpu/drm/Makefile > > @@ -17,7 +17,8 @@ drm-y := drm_auth.o drm_cache.o \ > > drm_plane.o drm_color_mgmt.o drm_print.o \ > > drm_dumb_buffers.o drm_mode_config.o drm_vblank.o \ > > drm_syncobj.o drm_lease.o drm_writeback.o drm_client.o \ > > - drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o > > + drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o \ > > + drm_managed.o > > > > drm-$(CONFIG_DRM_LEGACY) += drm_legacy_misc.o drm_bufs.o drm_context.o drm_dma.o drm_scatter.o drm_lock.o > > drm-$(CONFIG_DRM_LIB_RANDOM) += lib/drm_random.o > > diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c > > index 9fcd6ab3c154..153050fc926c 100644 > > --- a/drivers/gpu/drm/drm_drv.c > > +++ b/drivers/gpu/drm/drm_drv.c > > @@ -629,6 +629,9 @@ int drm_dev_init(struct drm_device *dev, > > dev->dev = get_device(parent); > > dev->driver = driver; > > > > + INIT_LIST_HEAD(&dev->managed.resources); > > + spin_lock_init(&dev->managed.lock); > > + > > /* no per-device feature limits by default */ > > dev->driver_features = ~0u; > > > > @@ -828,8 +831,17 @@ static void drm_dev_release(struct kref *ref) > > dev->driver->release(dev); > > } else { > > drm_dev_fini(dev); > > + } > > + > > + drm_managed_release(dev); > > + > > + if (!dev->driver->release && !dev->managed.final_kfree) { > > + WARN_ON(!list_empty(&dev->managed.resources)); > > kfree(dev); > > } > > + > > + if (dev->managed.final_kfree) > > + kfree(dev->managed.final_kfree); > > } > > > > /** > > diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h > > index aeec2e68d772..8c2628dfc6c7 100644 > > --- a/drivers/gpu/drm/drm_internal.h > > +++ b/drivers/gpu/drm/drm_internal.h > > @@ -89,6 +89,9 @@ void drm_prime_remove_buf_handle_locked(struct drm_prime_file_private *prime_fpr > > struct drm_minor *drm_minor_acquire(unsigned int minor_id); > > void drm_minor_release(struct drm_minor *minor); > > > > +/* drm_managed.c */ > > +void drm_managed_release(struct drm_device *dev); > > + > > /* drm_vblank.c */ > > void drm_vblank_disable_and_save(struct drm_device *dev, unsigned int pipe); > > void drm_vblank_cleanup(struct drm_device *dev); > > diff --git a/drivers/gpu/drm/drm_managed.c b/drivers/gpu/drm/drm_managed.c > > new file mode 100644 > > index 000000000000..57dc79fa90af > > --- /dev/null > > +++ b/drivers/gpu/drm/drm_managed.c > > @@ -0,0 +1,186 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +/* > > + * Copyright (C) 2020 Intel > > + * > > + * Based on drivers/base/devres.c > > + */ > > + > > +#include <drm/drm_managed.h> > > + > > +#include <linux/list.h> > > +#include <linux/slab.h> > > +#include <linux/spinlock.h> > > + > > +#include <drm/drm_device.h> > > +#include <drm/drm_print.h> > > + > > +/** > > + * DOC: managed resources > > + * > > + * Inspired by struct &device managed resources, but tied to the lifetime of > > + * struct &drm_device, which can outlive the underlying physical device, usually > > + * when userspace has some open files and other handles to resources still open. > > + */ > > +struct drmres_node { > > + struct list_head entry; > > + drmres_release_t release; > > + const char *name; > > + size_t size; > > +}; > > At a later point, we could have debugfs for instances of this data > structure. There's already a name field. > > > + > > +struct drmres { > > + struct drmres_node node; > > + /* > > + * Some archs want to perform DMA into kmalloc caches > > + * and need a guaranteed alignment larger than > > + * the alignment of a 64-bit integer. > > + * Thus we use ARCH_KMALLOC_MINALIGN here and get exactly the same > > + * buffer alignment as if it was allocated by plain kmalloc(). > > + */ > > + u8 __aligned(ARCH_KMALLOC_MINALIGN) data[]; > > +}; > > + > > +void drm_managed_release(struct drm_device *dev) > > +{ > > + struct drmres *dr, *tmp; > > + > > + drm_dbg_drmres(dev, "drmres release begin\n"); > > + list_for_each_entry_safe(dr, tmp, &dev->managed.resources, node.entry) { > > + drm_dbg_drmres(dev, "REL %p %s (%zu bytes)\n", > > + dr, dr->node.name, dr->node.size); > > + > > + if (dr->node.release) > > + dr->node.release(dev, dr->node.size ? *(void **)&dr->data : NULL); > > + > > + list_del(&dr->node.entry); > > + kfree(dr); > > + } > > + drm_dbg_drmres(dev, "drmres release end\n"); > > +} > > + > > +/* > > + * Always inline so that kmallc_track_caller tracks the actual interesting > > 'kmalloc_node_track_caller' Yeah I dropped the _node for shortern naming, most people don't use kmalloc_node, but just plain kmalloc. But I just spotted that I have a spelling issue in that too :-) > > + * caller outside of drm_managed.c. > > + */ > > +static __always_inline struct drmres * alloc_dr(drmres_release_t release, > > + size_t size, gfp_t gfp, int nid) > > +{ > > + size_t tot_size; > > + struct drmres *dr; > > + > > + /* We must catch any near-SIZE_MAX cases that could overflow. */ > > + if (unlikely(check_add_overflow(sizeof(*dr), size, &tot_size))) > > + return NULL; > > + > > + dr = kmalloc_node_track_caller(tot_size, gfp, nid); > > + if (unlikely(!dr)) > > + return NULL; > > + > > + memset(dr, 0, offsetof(struct drmres, data)); > > + > > + INIT_LIST_HEAD(&dr->node.entry); > > + dr->node.release = release; > > + dr->node.size = size; > > + > > + return dr; > > +} > > + > > +static void del_dr(struct drm_device *dev, struct drmres *dr) > > +{ > > + list_del_init(&dr->node.entry); > > + > > + drm_dbg_drmres(dev, "DEL %p %s (%lu bytes)\n", > > + dr, dr->node.name, (unsigned long) dr->node.size); > > +} > > + > > +static void add_dr(struct drm_device *dev, struct drmres *dr) > > +{ > > + unsigned long flags; > > + > > + spin_lock_irqsave(&dev->managed.lock, flags); > > + list_add(&dr->node.entry, &dev->managed.resources); > > + spin_unlock_irqrestore(&dev->managed.lock, flags); > > + > > + drm_dbg_drmres(dev, "ADD %p %s (%lu bytes)\n", > > + dr, dr->node.name, (unsigned long) dr->node.size); > > If the insert code blows up, it might be helpful to have this message in > the log already. So should this message be located before the code for > inserting the entry? If list_add blows up we have bigger problems imo :-) I think I'll just leave this wherever it is. > > > +} > > + > > +void drmm_add_final_kfree(struct drm_device *dev, void *parent) > > Can you come up with better names? 'final_kfree' sounds like a function > pointer to an implementation of kfree() and 'parent' sounds like the > parent device in a device hierarchy. > > I suggest to rename 'parent' to 'container' and 'final_kfree' > 'drmm_container'. The function's name could be drmm_dev_set_container(). s/parent/container is really good. For the other I want more votes since it's going to be a pile of churn, and I'm not massively sold on your naming ... > > +{ > > + WARN_ON(dev->managed.final_kfree); > > + WARN_ON(dev < (struct drm_device *) parent); > > + WARN_ON(dev + 1 >= (struct drm_device *) (parent + ksize(parent))); > > + dev->managed.final_kfree = parent; > > +} > > +EXPORT_SYMBOL(drmm_add_final_kfree); > > + > > +int __drmm_add_action(struct drm_device *dev, > > + drmres_release_t action, > > + void *data, const char *name) > > Is there a reason to pass in 'void* data' instead of 'void** datap'? The > latter would communicate what this parameter is for and not need void_ptr. I don't get why you'd want to convert this into void**. The argument for the release function is a void*, not a void**. That's also what external callers pass in here. void** would be utterly confusing and actually hide the void_ptr trickery we need I think (since it then happens automatically as part of argument conversion hidden in the function call). > In any case, there seems to be no interface to remove an added action > (e.g., __drmm_remove_action()). Please see my comment on drmm_kfree() below. Not yet needed, I'm building this up as we go. A later patch actually adds it, plus the even neater add_action_or_reset. > And more generally, do we really need __drmm_add_action() in it's > current form? I'd change it to __drmm_kmalloc(), which is drmm_kmalloc() > plus optional release-action and name parameters. And drm_kmalloc() > would be a simple wrapper in the header file, just like drmm_kcalloc(). Uh we kinda have that, with the lower-level alloc_dr/add_dr functions. __drmm_add_action _is_ the wrapper (and definitely too big for header file static include stuff). We could go overboard with forced code sharing, but I think the current code is actually a bit easier to read. > > +{ > > + struct drmres *dr; > > + void **void_ptr; > > + > > + dr = alloc_dr(action, data ? sizeof(void*) : 0, > > + GFP_KERNEL | __GFP_ZERO, > > + dev_to_node(dev->dev)); > > + if (!dr) { > > + drm_dbg_drmres(dev, "failed to add action %s for %p\n", > > + name, data); > > + return -ENOMEM; > > + } > > + > > + dr->node.name = name; > > + if (data) { > > + void_ptr = (void **)&dr->data; > > + *void_ptr = data; > > + } > > + > > + add_dr(dev, dr); > > + > > + return 0; > > +} > > +EXPORT_SYMBOL(__drmm_add_action); > > + > > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) > > +{ > > + struct drmres *dr; > > + > > + dr = alloc_dr(NULL, size, gfp, dev_to_node(dev->dev)); > > + if (!dr) { > > + drm_dbg_drmres(dev, "failed to allocate %zu bytes, %u flags\n", > > + size, gfp); > > + return NULL; > > + } > > + dr->node.name = "kmalloc"; > > + > > + add_dr(dev, dr); > > + > > + return dr->data; > > +} > > +EXPORT_SYMBOL(drmm_kmalloc); > > + > > +void drmm_kfree(struct drm_device *dev, void *data) > > I suggest to wrap this function around an implementatian that calls the > optional release action. drmm_kfree() would become a trivial wrapper in > the header file. C isn't that good at meta-programing. You'd need to pass in a special match function, with opaque match parameters, and then you can do generic removal. It's real ugly, imo 2 copies of a simple loop to find what you need and delete it is much better. -Daniel > Best regards > Thomas > > > +{ > > + struct drmres *dr_match = NULL, *dr; > > + unsigned long flags; > > + > > + if (!data) > > + return; > > + > > + spin_lock_irqsave(&dev->managed.lock, flags); > > + list_for_each_entry(dr, &dev->managed.resources, node.entry) { > > + if (dr->data == data) { > > + dr_match = dr; > > + del_dr(dev, dr_match); > > + break; > > + } > > + } > > + spin_unlock_irqrestore(&dev->managed.lock, flags); > > + > > + if (WARN_ON(!dr_match)) > > + return; > > + > > + kfree(dr_match); > > +} > > +EXPORT_SYMBOL(drmm_kfree); > > diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h > > index bb60a949f416..d39132b477dd 100644 > > --- a/include/drm/drm_device.h > > +++ b/include/drm/drm_device.h > > @@ -67,6 +67,21 @@ struct drm_device { > > /** @dev: Device structure of bus-device */ > > struct device *dev; > > > > + /** > > + * @managed: > > + * > > + * Managed resources linked to the lifetime of this &drm_device as > > + * tracked by @ref. > > + */ > > + struct { > > + /** @managed.resources: managed resources list */ > > + struct list_head resources; > > + /** @managed.final_kfree: pointer for final kfree() call */ > > + void *final_kfree; > > + /** @managed.lock: protects @managed.resources */ > > + spinlock_t lock; > > + } managed; > > + > > /** @driver: DRM driver managing the device */ > > struct drm_driver *driver; > > > > diff --git a/include/drm/drm_managed.h b/include/drm/drm_managed.h > > new file mode 100644 > > index 000000000000..7b5df7d09b19 > > --- /dev/null > > +++ b/include/drm/drm_managed.h > > @@ -0,0 +1,30 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > + > > +#ifndef _DRM_MANAGED_H_ > > +#define _DRM_MANAGED_H_ > > + > > +#include <linux/gfp.h> > > +#include <linux/types.h> > > + > > +struct drm_device; > > + > > +typedef void (*drmres_release_t)(struct drm_device *dev, void *res); > > + > > +#define drmm_add_action(dev, action, data) \ > > + __drmm_add_action(dev, action, data, #action) > > + > > +int __must_check __drmm_add_action(struct drm_device *dev, > > + drmres_release_t action, > > + void *data, const char *name); > > + > > +void drmm_add_final_kfree(struct drm_device *dev, void *parent); > > + > > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) __malloc; > > +static inline void *drmm_kzalloc(struct drm_device *dev, size_t size, gfp_t gfp) > > +{ > > + return drmm_kmalloc(dev, size, gfp | __GFP_ZERO); > > +} > > + > > +void drmm_kfree(struct drm_device *dev, void *data); > > + > > +#endif > > diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h > > index ca7cee8e728a..1c9417430d08 100644 > > --- a/include/drm/drm_print.h > > +++ b/include/drm/drm_print.h > > @@ -313,6 +313,10 @@ enum drm_debug_category { > > * @DRM_UT_DP: Used in the DP code. > > */ > > DRM_UT_DP = 0x100, > > + /** > > + * @DRM_UT_DRMRES: Used in the drm managed resources code. > > + */ > > + DRM_UT_DRMRES = 0x200, > > }; > > > > static inline bool drm_debug_enabled(enum drm_debug_category category) > > @@ -442,6 +446,8 @@ void drm_dev_dbg(const struct device *dev, enum drm_debug_category category, > > drm_dev_dbg((drm)->dev, DRM_UT_LEASE, fmt, ##__VA_ARGS__) > > #define drm_dbg_dp(drm, fmt, ...) \ > > drm_dev_dbg((drm)->dev, DRM_UT_DP, fmt, ##__VA_ARGS__) > > +#define drm_dbg_drmres(drm, fmt, ...) \ > > + drm_dev_dbg((drm)->dev, DRM_UT_DRMRES, fmt, ##__VA_ARGS__) > > > > > > /* > > > > -- > Thomas Zimmermann > Graphics Driver Developer > SUSE Software Solutions Germany GmbH > Maxfeldstr. 5, 90409 Nürnberg, Germany > (HRB 36809, AG Nürnberg) > Geschäftsführer: Felix Imendörffer >
On Wed, Mar 11, 2020 at 10:14:03AM +0100, Thomas Zimmermann wrote: > > > Am 02.03.20 um 23:25 schrieb Daniel Vetter: > <...> > > + > > +int __drmm_add_action(struct drm_device *dev, > > + drmres_release_t action, > > + void *data, const char *name) > > +{ > > + struct drmres *dr; > > + void **void_ptr; > > + > > + dr = alloc_dr(action, data ? sizeof(void*) : 0, > > + GFP_KERNEL | __GFP_ZERO, > > + dev_to_node(dev->dev)); > > + if (!dr) { > > + drm_dbg_drmres(dev, "failed to add action %s for %p\n", > > + name, data); > > + return -ENOMEM; > > + } > > + > > + dr->node.name = name; > > Maybe do a kstrdup_const() on name and later a kfree_const() during > release. Just in case someone decides to allocate 'name' dynamically. Makes sense, but a bit of churn since I need a free_dr() helper now :-) -Daniel > > > + if (data) { > > + void_ptr = (void **)&dr->data; > > + *void_ptr = data; > > + } > > + > > + add_dr(dev, dr); > > + > > + return 0; > > +} > > +EXPORT_SYMBOL(__drmm_add_action); > > + > > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) > > +{ > > + struct drmres *dr; > > + > > + dr = alloc_dr(NULL, size, gfp, dev_to_node(dev->dev)); > > + if (!dr) { > > + drm_dbg_drmres(dev, "failed to allocate %zu bytes, %u flags\n", > > + size, gfp); > > + return NULL; > > + } > > + dr->node.name = "kmalloc"; > > + > > + add_dr(dev, dr); > > + > > + return dr->data; > > +} > > +EXPORT_SYMBOL(drmm_kmalloc); > > + > > +void drmm_kfree(struct drm_device *dev, void *data) > > +{ > > + struct drmres *dr_match = NULL, *dr; > > + unsigned long flags; > > + > > + if (!data) > > + return; > > + > > + spin_lock_irqsave(&dev->managed.lock, flags); > > + list_for_each_entry(dr, &dev->managed.resources, node.entry) { > > + if (dr->data == data) { > > + dr_match = dr; > > + del_dr(dev, dr_match); > > + break; > > + } > > + } > > + spin_unlock_irqrestore(&dev->managed.lock, flags); > > + > > + if (WARN_ON(!dr_match)) > > + return; > > + > > + kfree(dr_match); > > +} > > +EXPORT_SYMBOL(drmm_kfree); > > diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h > > index bb60a949f416..d39132b477dd 100644 > > --- a/include/drm/drm_device.h > > +++ b/include/drm/drm_device.h > > @@ -67,6 +67,21 @@ struct drm_device { > > /** @dev: Device structure of bus-device */ > > struct device *dev; > > > > + /** > > + * @managed: > > + * > > + * Managed resources linked to the lifetime of this &drm_device as > > + * tracked by @ref. > > + */ > > + struct { > > + /** @managed.resources: managed resources list */ > > + struct list_head resources; > > + /** @managed.final_kfree: pointer for final kfree() call */ > > + void *final_kfree; > > + /** @managed.lock: protects @managed.resources */ > > + spinlock_t lock; > > + } managed; > > + > > /** @driver: DRM driver managing the device */ > > struct drm_driver *driver; > > > > diff --git a/include/drm/drm_managed.h b/include/drm/drm_managed.h > > new file mode 100644 > > index 000000000000..7b5df7d09b19 > > --- /dev/null > > +++ b/include/drm/drm_managed.h > > @@ -0,0 +1,30 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > + > > +#ifndef _DRM_MANAGED_H_ > > +#define _DRM_MANAGED_H_ > > + > > +#include <linux/gfp.h> > > +#include <linux/types.h> > > + > > +struct drm_device; > > + > > +typedef void (*drmres_release_t)(struct drm_device *dev, void *res); > > + > > +#define drmm_add_action(dev, action, data) \ > > + __drmm_add_action(dev, action, data, #action) > > + > > +int __must_check __drmm_add_action(struct drm_device *dev, > > + drmres_release_t action, > > + void *data, const char *name); > > + > > +void drmm_add_final_kfree(struct drm_device *dev, void *parent); > > + > > +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) __malloc; > > +static inline void *drmm_kzalloc(struct drm_device *dev, size_t size, gfp_t gfp) > > +{ > > + return drmm_kmalloc(dev, size, gfp | __GFP_ZERO); > > +} > > + > > +void drmm_kfree(struct drm_device *dev, void *data); > > + > > +#endif > > diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h > > index ca7cee8e728a..1c9417430d08 100644 > > --- a/include/drm/drm_print.h > > +++ b/include/drm/drm_print.h > > @@ -313,6 +313,10 @@ enum drm_debug_category { > > * @DRM_UT_DP: Used in the DP code. > > */ > > DRM_UT_DP = 0x100, > > + /** > > + * @DRM_UT_DRMRES: Used in the drm managed resources code. > > + */ > > + DRM_UT_DRMRES = 0x200, > > }; > > > > static inline bool drm_debug_enabled(enum drm_debug_category category) > > @@ -442,6 +446,8 @@ void drm_dev_dbg(const struct device *dev, enum drm_debug_category category, > > drm_dev_dbg((drm)->dev, DRM_UT_LEASE, fmt, ##__VA_ARGS__) > > #define drm_dbg_dp(drm, fmt, ...) \ > > drm_dev_dbg((drm)->dev, DRM_UT_DP, fmt, ##__VA_ARGS__) > > +#define drm_dbg_drmres(drm, fmt, ...) \ > > + drm_dev_dbg((drm)->dev, DRM_UT_DRMRES, fmt, ##__VA_ARGS__) > > > > > > /* > > > > -- > Thomas Zimmermann > Graphics Driver Developer > SUSE Software Solutions Germany GmbH > Maxfeldstr. 5, 90409 Nürnberg, Germany > (HRB 36809, AG Nürnberg) > Geschäftsführer: Felix Imendörffer >
diff --git a/Documentation/gpu/drm-internals.rst b/Documentation/gpu/drm-internals.rst index a73320576ca9..a6b6145fda78 100644 --- a/Documentation/gpu/drm-internals.rst +++ b/Documentation/gpu/drm-internals.rst @@ -132,6 +132,12 @@ be unmapped; on many devices, the ROM address decoder is shared with other BARs, so leaving it mapped could cause undesired behaviour like hangs or memory corruption. +Managed Resources +----------------- + +.. kernel-doc:: drivers/gpu/drm/drm_managed.c + :doc: managed resources + Bus-specific Device Registration and PCI Support ------------------------------------------------ diff --git a/drivers/gpu/drm/Makefile b/drivers/gpu/drm/Makefile index 7f72ef5e7811..183c60048307 100644 --- a/drivers/gpu/drm/Makefile +++ b/drivers/gpu/drm/Makefile @@ -17,7 +17,8 @@ drm-y := drm_auth.o drm_cache.o \ drm_plane.o drm_color_mgmt.o drm_print.o \ drm_dumb_buffers.o drm_mode_config.o drm_vblank.o \ drm_syncobj.o drm_lease.o drm_writeback.o drm_client.o \ - drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o + drm_client_modeset.o drm_atomic_uapi.o drm_hdcp.o \ + drm_managed.o drm-$(CONFIG_DRM_LEGACY) += drm_legacy_misc.o drm_bufs.o drm_context.o drm_dma.o drm_scatter.o drm_lock.o drm-$(CONFIG_DRM_LIB_RANDOM) += lib/drm_random.o diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c index 9fcd6ab3c154..153050fc926c 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -629,6 +629,9 @@ int drm_dev_init(struct drm_device *dev, dev->dev = get_device(parent); dev->driver = driver; + INIT_LIST_HEAD(&dev->managed.resources); + spin_lock_init(&dev->managed.lock); + /* no per-device feature limits by default */ dev->driver_features = ~0u; @@ -828,8 +831,17 @@ static void drm_dev_release(struct kref *ref) dev->driver->release(dev); } else { drm_dev_fini(dev); + } + + drm_managed_release(dev); + + if (!dev->driver->release && !dev->managed.final_kfree) { + WARN_ON(!list_empty(&dev->managed.resources)); kfree(dev); } + + if (dev->managed.final_kfree) + kfree(dev->managed.final_kfree); } /** diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h index aeec2e68d772..8c2628dfc6c7 100644 --- a/drivers/gpu/drm/drm_internal.h +++ b/drivers/gpu/drm/drm_internal.h @@ -89,6 +89,9 @@ void drm_prime_remove_buf_handle_locked(struct drm_prime_file_private *prime_fpr struct drm_minor *drm_minor_acquire(unsigned int minor_id); void drm_minor_release(struct drm_minor *minor); +/* drm_managed.c */ +void drm_managed_release(struct drm_device *dev); + /* drm_vblank.c */ void drm_vblank_disable_and_save(struct drm_device *dev, unsigned int pipe); void drm_vblank_cleanup(struct drm_device *dev); diff --git a/drivers/gpu/drm/drm_managed.c b/drivers/gpu/drm/drm_managed.c new file mode 100644 index 000000000000..57dc79fa90af --- /dev/null +++ b/drivers/gpu/drm/drm_managed.c @@ -0,0 +1,186 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2020 Intel + * + * Based on drivers/base/devres.c + */ + +#include <drm/drm_managed.h> + +#include <linux/list.h> +#include <linux/slab.h> +#include <linux/spinlock.h> + +#include <drm/drm_device.h> +#include <drm/drm_print.h> + +/** + * DOC: managed resources + * + * Inspired by struct &device managed resources, but tied to the lifetime of + * struct &drm_device, which can outlive the underlying physical device, usually + * when userspace has some open files and other handles to resources still open. + */ +struct drmres_node { + struct list_head entry; + drmres_release_t release; + const char *name; + size_t size; +}; + +struct drmres { + struct drmres_node node; + /* + * Some archs want to perform DMA into kmalloc caches + * and need a guaranteed alignment larger than + * the alignment of a 64-bit integer. + * Thus we use ARCH_KMALLOC_MINALIGN here and get exactly the same + * buffer alignment as if it was allocated by plain kmalloc(). + */ + u8 __aligned(ARCH_KMALLOC_MINALIGN) data[]; +}; + +void drm_managed_release(struct drm_device *dev) +{ + struct drmres *dr, *tmp; + + drm_dbg_drmres(dev, "drmres release begin\n"); + list_for_each_entry_safe(dr, tmp, &dev->managed.resources, node.entry) { + drm_dbg_drmres(dev, "REL %p %s (%zu bytes)\n", + dr, dr->node.name, dr->node.size); + + if (dr->node.release) + dr->node.release(dev, dr->node.size ? *(void **)&dr->data : NULL); + + list_del(&dr->node.entry); + kfree(dr); + } + drm_dbg_drmres(dev, "drmres release end\n"); +} + +/* + * Always inline so that kmallc_track_caller tracks the actual interesting + * caller outside of drm_managed.c. + */ +static __always_inline struct drmres * alloc_dr(drmres_release_t release, + size_t size, gfp_t gfp, int nid) +{ + size_t tot_size; + struct drmres *dr; + + /* We must catch any near-SIZE_MAX cases that could overflow. */ + if (unlikely(check_add_overflow(sizeof(*dr), size, &tot_size))) + return NULL; + + dr = kmalloc_node_track_caller(tot_size, gfp, nid); + if (unlikely(!dr)) + return NULL; + + memset(dr, 0, offsetof(struct drmres, data)); + + INIT_LIST_HEAD(&dr->node.entry); + dr->node.release = release; + dr->node.size = size; + + return dr; +} + +static void del_dr(struct drm_device *dev, struct drmres *dr) +{ + list_del_init(&dr->node.entry); + + drm_dbg_drmres(dev, "DEL %p %s (%lu bytes)\n", + dr, dr->node.name, (unsigned long) dr->node.size); +} + +static void add_dr(struct drm_device *dev, struct drmres *dr) +{ + unsigned long flags; + + spin_lock_irqsave(&dev->managed.lock, flags); + list_add(&dr->node.entry, &dev->managed.resources); + spin_unlock_irqrestore(&dev->managed.lock, flags); + + drm_dbg_drmres(dev, "ADD %p %s (%lu bytes)\n", + dr, dr->node.name, (unsigned long) dr->node.size); +} + +void drmm_add_final_kfree(struct drm_device *dev, void *parent) +{ + WARN_ON(dev->managed.final_kfree); + WARN_ON(dev < (struct drm_device *) parent); + WARN_ON(dev + 1 >= (struct drm_device *) (parent + ksize(parent))); + dev->managed.final_kfree = parent; +} +EXPORT_SYMBOL(drmm_add_final_kfree); + +int __drmm_add_action(struct drm_device *dev, + drmres_release_t action, + void *data, const char *name) +{ + struct drmres *dr; + void **void_ptr; + + dr = alloc_dr(action, data ? sizeof(void*) : 0, + GFP_KERNEL | __GFP_ZERO, + dev_to_node(dev->dev)); + if (!dr) { + drm_dbg_drmres(dev, "failed to add action %s for %p\n", + name, data); + return -ENOMEM; + } + + dr->node.name = name; + if (data) { + void_ptr = (void **)&dr->data; + *void_ptr = data; + } + + add_dr(dev, dr); + + return 0; +} +EXPORT_SYMBOL(__drmm_add_action); + +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) +{ + struct drmres *dr; + + dr = alloc_dr(NULL, size, gfp, dev_to_node(dev->dev)); + if (!dr) { + drm_dbg_drmres(dev, "failed to allocate %zu bytes, %u flags\n", + size, gfp); + return NULL; + } + dr->node.name = "kmalloc"; + + add_dr(dev, dr); + + return dr->data; +} +EXPORT_SYMBOL(drmm_kmalloc); + +void drmm_kfree(struct drm_device *dev, void *data) +{ + struct drmres *dr_match = NULL, *dr; + unsigned long flags; + + if (!data) + return; + + spin_lock_irqsave(&dev->managed.lock, flags); + list_for_each_entry(dr, &dev->managed.resources, node.entry) { + if (dr->data == data) { + dr_match = dr; + del_dr(dev, dr_match); + break; + } + } + spin_unlock_irqrestore(&dev->managed.lock, flags); + + if (WARN_ON(!dr_match)) + return; + + kfree(dr_match); +} +EXPORT_SYMBOL(drmm_kfree); diff --git a/include/drm/drm_device.h b/include/drm/drm_device.h index bb60a949f416..d39132b477dd 100644 --- a/include/drm/drm_device.h +++ b/include/drm/drm_device.h @@ -67,6 +67,21 @@ struct drm_device { /** @dev: Device structure of bus-device */ struct device *dev; + /** + * @managed: + * + * Managed resources linked to the lifetime of this &drm_device as + * tracked by @ref. + */ + struct { + /** @managed.resources: managed resources list */ + struct list_head resources; + /** @managed.final_kfree: pointer for final kfree() call */ + void *final_kfree; + /** @managed.lock: protects @managed.resources */ + spinlock_t lock; + } managed; + /** @driver: DRM driver managing the device */ struct drm_driver *driver; diff --git a/include/drm/drm_managed.h b/include/drm/drm_managed.h new file mode 100644 index 000000000000..7b5df7d09b19 --- /dev/null +++ b/include/drm/drm_managed.h @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0 + +#ifndef _DRM_MANAGED_H_ +#define _DRM_MANAGED_H_ + +#include <linux/gfp.h> +#include <linux/types.h> + +struct drm_device; + +typedef void (*drmres_release_t)(struct drm_device *dev, void *res); + +#define drmm_add_action(dev, action, data) \ + __drmm_add_action(dev, action, data, #action) + +int __must_check __drmm_add_action(struct drm_device *dev, + drmres_release_t action, + void *data, const char *name); + +void drmm_add_final_kfree(struct drm_device *dev, void *parent); + +void *drmm_kmalloc(struct drm_device *dev, size_t size, gfp_t gfp) __malloc; +static inline void *drmm_kzalloc(struct drm_device *dev, size_t size, gfp_t gfp) +{ + return drmm_kmalloc(dev, size, gfp | __GFP_ZERO); +} + +void drmm_kfree(struct drm_device *dev, void *data); + +#endif diff --git a/include/drm/drm_print.h b/include/drm/drm_print.h index ca7cee8e728a..1c9417430d08 100644 --- a/include/drm/drm_print.h +++ b/include/drm/drm_print.h @@ -313,6 +313,10 @@ enum drm_debug_category { * @DRM_UT_DP: Used in the DP code. */ DRM_UT_DP = 0x100, + /** + * @DRM_UT_DRMRES: Used in the drm managed resources code. + */ + DRM_UT_DRMRES = 0x200, }; static inline bool drm_debug_enabled(enum drm_debug_category category) @@ -442,6 +446,8 @@ void drm_dev_dbg(const struct device *dev, enum drm_debug_category category, drm_dev_dbg((drm)->dev, DRM_UT_LEASE, fmt, ##__VA_ARGS__) #define drm_dbg_dp(drm, fmt, ...) \ drm_dev_dbg((drm)->dev, DRM_UT_DP, fmt, ##__VA_ARGS__) +#define drm_dbg_drmres(drm, fmt, ...) \ + drm_dev_dbg((drm)->dev, DRM_UT_DRMRES, fmt, ##__VA_ARGS__) /*
We have lots of these. And the cleanup code tends to be of dubious quality. The biggest wrong pattern is that developers use devm_, which ties the release action to the underlying struct device, whereas all the userspace visible stuff attached to a drm_device can long outlive that one (e.g. after a hotunplug while userspace has open files and mmap'ed buffers). Give people what they want, but with more correctness. Mostly copied from devres.c, with types adjusted to fit drm_device and a few simplifications - I didn't (yet) copy over everything. Since the types don't match code sharing looked like a hopeless endeavour. For now it's only super simplified, no groups, you can't remove actions (but kfree exists, we'll need that soon). Plus all specific to drm_device ofc, including the logging. Which I didn't bother to make compile-time optional, since none of the other drm logging is compile time optional either. One tricky bit here is the chicken&egg between allocating your drm_device structure and initiliazing it with drm_dev_init. For perfect onion unwinding we'd need to have the action to kfree the allocation registered before drm_dev_init registers any of its own release handlers. But drm_dev_init doesn't know where exactly the drm_device is emebedded into the overall structure, and by the time it returns it'll all be too late. And forcing drivers to be able clean up everything except the one kzalloc is silly. Work around this by having a very special final_kfree pointer. This also avoids troubles with the list head possibly disappearing from underneath us when we release all resources attached to the drm_device. v2: Do all the kerneldoc at the end, to avoid lots of fairly pointless shuffling while getting everything into shape. v3: Add static to add/del_dr (Neil) Move typo fix to the right patch (Neil) v4: Enforce contract for drmm_add_final_kfree: Use ksize() to check that the drm_device is indeed contained somewhere in the final kfree(). Because we need that or the entire managed release logic blows up in a pile of use-after-frees. Motivated by a discussion with Laurent. v5: Review from Laurent: - %zu instead of casting size_t - header guards - sorting of includes - guarding of data assignment if we didn't allocate it for a NULL pointer - delete spurious newline - cast void* data parameter correctly in ->release call, no idea how this even worked before v3: Review from Sam - Add the kerneldoc for the managed sub-struct back in, even if it doesn't show up in the generated html somehow. - Explain why __always_inline. - Fix bisectability around the final kfree() in drm_dev_relase(). This is just interim code which will disappear again. - Some whitespace polish. - Add debug output when drmm_add_action or drmm_kmalloc fail. Cc: Sam Ravnborg <sam@ravnborg.org> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: Neil Armstrong <narmstrong@baylibre.com Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Rafael J. Wysocki" <rafael@kernel.org> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> --- Documentation/gpu/drm-internals.rst | 6 + drivers/gpu/drm/Makefile | 3 +- drivers/gpu/drm/drm_drv.c | 12 ++ drivers/gpu/drm/drm_internal.h | 3 + drivers/gpu/drm/drm_managed.c | 186 ++++++++++++++++++++++++++++ include/drm/drm_device.h | 15 +++ include/drm/drm_managed.h | 30 +++++ include/drm/drm_print.h | 6 + 8 files changed, 260 insertions(+), 1 deletion(-) create mode 100644 drivers/gpu/drm/drm_managed.c create mode 100644 include/drm/drm_managed.h