drm: Release filp before global lock
diff mbox series

Message ID 20200122155637.496291-1-chris@chris-wilson.co.uk
State New
Headers show
Series
  • drm: Release filp before global lock
Related show

Commit Message

Chris Wilson Jan. 22, 2020, 3:56 p.m. UTC
The file is not part of the global drm resource and can be released
prior to take the global mutex to drop the open_count (and potentially
close) the drm device.

However, inside drm_close_helper() there are a number of dev->driver
callbacks that take the drm_device as the first parameter... Worryingly
some of those callbacks may be (implicitly) depending on the global
mutex.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 drivers/gpu/drm/drm_file.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Thomas Hellström (VMware) Jan. 22, 2020, 9:52 p.m. UTC | #1
Hi, Chris,

On 1/22/20 4:56 PM, Chris Wilson wrote:
> The file is not part of the global drm resource and can be released
> prior to take the global mutex to drop the open_count (and potentially
> close) the drm device.
>
> However, inside drm_close_helper() there are a number of dev->driver
> callbacks that take the drm_device as the first parameter... Worryingly
> some of those callbacks may be (implicitly) depending on the global
> mutex.

I read this as you suspect that there are driver callbacks inside 
drm_close_helper() that might need the global mutex held? But then it 
wouldn't be safe to move the lock? Is there a strong motivation for 
moving the locking in the first place? Also a minor nit below:

>
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> ---
>   drivers/gpu/drm/drm_file.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
> index 92d16724f949..84ed313ee2e9 100644
> --- a/drivers/gpu/drm/drm_file.c
> +++ b/drivers/gpu/drm/drm_file.c
> @@ -438,12 +438,12 @@ int drm_release(struct inode *inode, struct file *filp)
>   	struct drm_minor *minor = file_priv->minor;
>   	struct drm_device *dev = minor->dev;
>   
> -	mutex_lock(&drm_global_mutex);
> -
>   	DRM_DEBUG("open_count = %d\n", dev->open_count);

The read of dev->open_count should still be inside the lock to be 
consistent with the value that is decremented below. Perhaps move the 
DRM_DEBUG()?

>   
>   	drm_close_helper(filp);
>   
> +	mutex_lock(&drm_global_mutex);
> +
>   	if (!--dev->open_count)
>   		drm_lastclose(dev);
>   

Thanks,

Thomas
Chris Wilson Jan. 22, 2020, 10 p.m. UTC | #2
Quoting Thomas Hellström (VMware) (2020-01-22 21:52:23)
> Hi, Chris,
> 
> On 1/22/20 4:56 PM, Chris Wilson wrote:
> > The file is not part of the global drm resource and can be released
> > prior to take the global mutex to drop the open_count (and potentially
> > close) the drm device.
> >
> > However, inside drm_close_helper() there are a number of dev->driver
> > callbacks that take the drm_device as the first parameter... Worryingly
> > some of those callbacks may be (implicitly) depending on the global
> > mutex.
> 
> I read this as you suspect that there are driver callbacks inside 
> drm_close_helper() that might need the global mutex held? But then it 
> wouldn't be safe to move the lock? Is there a strong motivation for 
> moving the locking in the first place? Also a minor nit below:

The number of processes stuck on 'D' due to mutex_lock(&global) caught my
attention while they were cleaning up files. I think everyone else will
be less impressed if their driver was stuck because i915 was freeing a
user's filp.

> > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> > ---
> >   drivers/gpu/drm/drm_file.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
> > index 92d16724f949..84ed313ee2e9 100644
> > --- a/drivers/gpu/drm/drm_file.c
> > +++ b/drivers/gpu/drm/drm_file.c
> > @@ -438,12 +438,12 @@ int drm_release(struct inode *inode, struct file *filp)
> >       struct drm_minor *minor = file_priv->minor;
> >       struct drm_device *dev = minor->dev;
> >   
> > -     mutex_lock(&drm_global_mutex);
> > -
> >       DRM_DEBUG("open_count = %d\n", dev->open_count);
> 
> The read of dev->open_count should still be inside the lock to be 
> consistent with the value that is decremented below. Perhaps move the 
> DRM_DEBUG()?

Sure. Is it even worth a debug?
-Chris
Thomas Hellström (VMware) Jan. 22, 2020, 10:23 p.m. UTC | #3
On 1/22/20 11:00 PM, Chris Wilson wrote:
> Quoting Thomas Hellström (VMware) (2020-01-22 21:52:23)
>> Hi, Chris,
>>
>> On 1/22/20 4:56 PM, Chris Wilson wrote:
>>> The file is not part of the global drm resource and can be released
>>> prior to take the global mutex to drop the open_count (and potentially
>>> close) the drm device.
>>>
>>> However, inside drm_close_helper() there are a number of dev->driver
>>> callbacks that take the drm_device as the first parameter... Worryingly
>>> some of those callbacks may be (implicitly) depending on the global
>>> mutex.
>> I read this as you suspect that there are driver callbacks inside
>> drm_close_helper() that might need the global mutex held? But then it
>> wouldn't be safe to move the lock? Is there a strong motivation for
>> moving the locking in the first place? Also a minor nit below:
> The number of processes stuck on 'D' due to mutex_lock(&global) caught my
> attention while they were cleaning up files. I think everyone else will
> be less impressed if their driver was stuck because i915 was freeing a
> user's filp.

Understood. Perhaps a short motivation in the log message?

>>> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
>>> ---
>>>    drivers/gpu/drm/drm_file.c | 4 ++--
>>>    1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
>>> index 92d16724f949..84ed313ee2e9 100644
>>> --- a/drivers/gpu/drm/drm_file.c
>>> +++ b/drivers/gpu/drm/drm_file.c
>>> @@ -438,12 +438,12 @@ int drm_release(struct inode *inode, struct file *filp)
>>>        struct drm_minor *minor = file_priv->minor;
>>>        struct drm_device *dev = minor->dev;
>>>    
>>> -     mutex_lock(&drm_global_mutex);
>>> -
>>>        DRM_DEBUG("open_count = %d\n", dev->open_count);
>> The read of dev->open_count should still be inside the lock to be
>> consistent with the value that is decremented below. Perhaps move the
>> DRM_DEBUG()?
> Sure. Is it even worth a debug?

Probably an old relic. I'm fine with letting it go.

Thanks,

Thomas



> -Chris

Patch
diff mbox series

diff --git a/drivers/gpu/drm/drm_file.c b/drivers/gpu/drm/drm_file.c
index 92d16724f949..84ed313ee2e9 100644
--- a/drivers/gpu/drm/drm_file.c
+++ b/drivers/gpu/drm/drm_file.c
@@ -438,12 +438,12 @@  int drm_release(struct inode *inode, struct file *filp)
 	struct drm_minor *minor = file_priv->minor;
 	struct drm_device *dev = minor->dev;
 
-	mutex_lock(&drm_global_mutex);
-
 	DRM_DEBUG("open_count = %d\n", dev->open_count);
 
 	drm_close_helper(filp);
 
+	mutex_lock(&drm_global_mutex);
+
 	if (!--dev->open_count)
 		drm_lastclose(dev);