[v2] drm/virtio: fix resource id creation race
diff mbox series

Message ID 20200220225319.45621-1-jbates@chromium.org
State New
Headers show
Series
  • [v2] drm/virtio: fix resource id creation race
Related show

Commit Message

John Bates Feb. 20, 2020, 10:53 p.m. UTC
The previous code was not thread safe and caused
undefined behavior from spurious duplicate resource IDs.
In this patch, an atomic_t is used instead. We no longer
see any duplicate IDs in tests with this change.

Fixes: 16065fcdd19d ("drm/virtio: do NOT reuse resource ids")
Signed-off-by: John Bates <jbates@chromium.org>
---
 drivers/gpu/drm/virtio/virtgpu_object.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Chia-I Wu Feb. 21, 2020, 6:37 p.m. UTC | #1
On Fri, Feb 21, 2020 at 3:14 AM John Bates <jbates@chromium.org> wrote:
>
> The previous code was not thread safe and caused
> undefined behavior from spurious duplicate resource IDs.
> In this patch, an atomic_t is used instead. We no longer
> see any duplicate IDs in tests with this change.
>
> Fixes: 16065fcdd19d ("drm/virtio: do NOT reuse resource ids")
> Signed-off-by: John Bates <jbates@chromium.org>
Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
> ---
>  drivers/gpu/drm/virtio/virtgpu_object.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
> index 017a9e0fc3bb..890121a45625 100644
> --- a/drivers/gpu/drm/virtio/virtgpu_object.c
> +++ b/drivers/gpu/drm/virtio/virtgpu_object.c
> @@ -42,8 +42,8 @@ static int virtio_gpu_resource_id_get(struct virtio_gpu_device *vgdev,
>                  * "f91a9dd35715 Fix unlinking resources from hash
>                  * table." (Feb 2019) fixes the bug.
>                  */
> -               static int handle;
> -               handle++;
> +               static atomic_t seqno = ATOMIC_INIT(0);
> +               int handle = atomic_inc_return(&seqno);
>                 *resid = handle + 1;
resid 1 is (was) discriminated :D

>         } else {
>                 int handle = ida_alloc(&vgdev->resource_ida, GFP_KERNEL);
> --
> 2.25.0.265.gbab2e86ba0-goog
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
John Bates Feb. 21, 2020, 6:48 p.m. UTC | #2
On Fri, Feb 21, 2020 at 10:37 AM Chia-I Wu <olvaffe@gmail.com> wrote:

> On Fri, Feb 21, 2020 at 3:14 AM John Bates <jbates@chromium.org> wrote:
> >
> > The previous code was not thread safe and caused
> > undefined behavior from spurious duplicate resource IDs.
> > In this patch, an atomic_t is used instead. We no longer
> > see any duplicate IDs in tests with this change.
> >
> > Fixes: 16065fcdd19d ("drm/virtio: do NOT reuse resource ids")
> > Signed-off-by: John Bates <jbates@chromium.org>
> Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
> > ---
> >  drivers/gpu/drm/virtio/virtgpu_object.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c
> b/drivers/gpu/drm/virtio/virtgpu_object.c
> > index 017a9e0fc3bb..890121a45625 100644
> > --- a/drivers/gpu/drm/virtio/virtgpu_object.c
> > +++ b/drivers/gpu/drm/virtio/virtgpu_object.c
> > @@ -42,8 +42,8 @@ static int virtio_gpu_resource_id_get(struct
> virtio_gpu_device *vgdev,
> >                  * "f91a9dd35715 Fix unlinking resources from hash
> >                  * table." (Feb 2019) fixes the bug.
> >                  */
> > -               static int handle;
> > -               handle++;
> > +               static atomic_t seqno = ATOMIC_INIT(0);
> > +               int handle = atomic_inc_return(&seqno);
> >                 *resid = handle + 1;
> resid 1 is (was) discriminated :D
>

Yup, noticed that too :)


>
> >         } else {
> >                 int handle = ida_alloc(&vgdev->resource_ida, GFP_KERNEL);
> > --
> > 2.25.0.265.gbab2e86ba0-goog
> >
> > _______________________________________________
> > dri-devel mailing list
> > dri-devel@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/dri-devel
>
Gerd Hoffmann Feb. 24, 2020, 3:07 p.m. UTC | #3
On Thu, Feb 20, 2020 at 02:53:19PM -0800, John Bates wrote:
> The previous code was not thread safe and caused
> undefined behavior from spurious duplicate resource IDs.
> In this patch, an atomic_t is used instead. We no longer
> see any duplicate IDs in tests with this change.
> 
> Fixes: 16065fcdd19d ("drm/virtio: do NOT reuse resource ids")
> Signed-off-by: John Bates <jbates@chromium.org>

Pushed to drm-misc-fixes.

thanks,
  Gerd

Patch
diff mbox series

diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c
index 017a9e0fc3bb..890121a45625 100644
--- a/drivers/gpu/drm/virtio/virtgpu_object.c
+++ b/drivers/gpu/drm/virtio/virtgpu_object.c
@@ -42,8 +42,8 @@  static int virtio_gpu_resource_id_get(struct virtio_gpu_device *vgdev,
 		 * "f91a9dd35715 Fix unlinking resources from hash
 		 * table." (Feb 2019) fixes the bug.
 		 */
-		static int handle;
-		handle++;
+		static atomic_t seqno = ATOMIC_INIT(0);
+		int handle = atomic_inc_return(&seqno);
 		*resid = handle + 1;
 	} else {
 		int handle = ida_alloc(&vgdev->resource_ida, GFP_KERNEL);