[32/33] fbcon: Document what I learned about fbcon locking
diff mbox series

Message ID 20190520082216.26273-33-daniel.vetter@ffwll.ch
State New
Headers show
Series
  • fbcon notifier begone!
Related show

Commit Message

Daniel Vetter May 20, 2019, 8:22 a.m. UTC
It's not pretty.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Yisheng Xie <ysxie@foxmail.com>
---
 drivers/video/fbdev/core/fbcon.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

Comments

Maarten Lankhorst May 21, 2019, 11:13 a.m. UTC | #1
Op 20-05-2019 om 10:22 schreef Daniel Vetter:
> It's not pretty.
>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
> Cc: Hans de Goede <hdegoede@redhat.com>
> Cc: Yisheng Xie <ysxie@foxmail.com>
> ---
>  drivers/video/fbdev/core/fbcon.c | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
>
> diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
> index b40b56702c61..cbbcf7a795f2 100644
> --- a/drivers/video/fbdev/core/fbcon.c
> +++ b/drivers/video/fbdev/core/fbcon.c
> @@ -87,6 +87,25 @@
>  #  define DPRINTK(fmt, args...)
>  #endif
>  
> +/*
> + * FIXME: Locking
> + *
> + * - fbcon state itself is protected by the console_lock, and the code does a
> + *   pretty good job at making sure that lock is held everywhere it's needed.
> + *
> + * - access to the registered_fb array is entirely unprotected. This should use
> + *   proper object lifetime handling, i.e. get/put_fb_info. This also means
> + *   switching from indices to proper pointers for fb_info everywhere.
> + *
> + * - fbcon doesn't bother with fb_lock/unlock at all. This is buggy, since it
> + *   means concurrent access to the same fbdev from both fbcon and userspace
> + *   will blow up. To fix this all fbcon calls from fbmem.c need to be moved out
> + *   of fb_lock/unlock protected sections, since otherwise we'll recurse and
> + *   deadlock eventually. Aside: Due to these deadlock issues the fbdev code in
> + *   fbmem.c cannot use locking asserts, and there's lots of callers which get
> + *   the rules wrong, e.g. fbsysfs.c entirely missed fb_lock/unlock calls too.
> + */
> +
>  enum {
>  	FBCON_LOGO_CANSHOW	= -1,	/* the logo can be shown */
>  	FBCON_LOGO_DRAW		= -2,	/* draw the logo to a console */

I did a casual review, so for whole series with the small nitpicks I had, and any feedback by others, kbuild and the arm mess being fixed up:

Reviewed-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>

However, according to reviewer's statement of oversight:

While I have reviewed the patch and believe it to be sound, I do not (unless explicitly stated elsewhere)
make any warranties or guarantees that it will achieve its stated purpose or function properly in any given situation.

:)

~Maarten

Patch
diff mbox series

diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index b40b56702c61..cbbcf7a795f2 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -87,6 +87,25 @@ 
 #  define DPRINTK(fmt, args...)
 #endif
 
+/*
+ * FIXME: Locking
+ *
+ * - fbcon state itself is protected by the console_lock, and the code does a
+ *   pretty good job at making sure that lock is held everywhere it's needed.
+ *
+ * - access to the registered_fb array is entirely unprotected. This should use
+ *   proper object lifetime handling, i.e. get/put_fb_info. This also means
+ *   switching from indices to proper pointers for fb_info everywhere.
+ *
+ * - fbcon doesn't bother with fb_lock/unlock at all. This is buggy, since it
+ *   means concurrent access to the same fbdev from both fbcon and userspace
+ *   will blow up. To fix this all fbcon calls from fbmem.c need to be moved out
+ *   of fb_lock/unlock protected sections, since otherwise we'll recurse and
+ *   deadlock eventually. Aside: Due to these deadlock issues the fbdev code in
+ *   fbmem.c cannot use locking asserts, and there's lots of callers which get
+ *   the rules wrong, e.g. fbsysfs.c entirely missed fb_lock/unlock calls too.
+ */
+
 enum {
 	FBCON_LOGO_CANSHOW	= -1,	/* the logo can be shown */
 	FBCON_LOGO_DRAW		= -2,	/* draw the logo to a console */