All of lore.kernel.org
 help / color / mirror / Atom feed
From: Daniel Vetter <daniel.vetter@ffwll.ch>
To: DRI Development <dri-devel@lists.freedesktop.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Subject: [PATCH 32/50] drm/irq: remove cargo-culted locking from irq_install/unistall
Date: Wed, 11 Dec 2013 11:34:53 +0100	[thread overview]
Message-ID: <1386758111-3446-33-git-send-email-daniel.vetter@ffwll.ch> (raw)
In-Reply-To: <1386758111-3446-1-git-send-email-daniel.vetter@ffwll.ch>

The dev->struct_mutex locking in drm_irq.c only protects
dev->irq_enabled. Which isn't really much at all and only prevents
especially nasty ums userspace from concurrently installing the
interrupt handling a few times. Or at least trying.

There are tons of unlocked readers of dev->irqs_enabled in the vblank
wait code (and by extension also in the pageflip code since that uses
the same vblank timestamp engine).

Real modesetting drivers should ensure that nothing can go haywire
with a sane setup teardown sequence. So we only really need this for
the drm_control ioctl, everywhere else this will just paper over
nastiness.

Note that drm/i915 is a bit specially due to the gem+ums combination.
So there we also need to properly protect the entervt and leavevt
ioctls. But it's definitely saner to do everything in one go than to
drop the lock in-between.

Finally there's the gpu reset code in drm/i915. That one's just race
(concurrent userspace calls to for vblank waits of pageflips could
spuriously fail). So wrap it up in with a nice comment since fixing
this is more involved.

Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
---
 drivers/gpu/drm/drm_irq.c       | 30 +++++++++++++-----------------
 drivers/gpu/drm/i915/i915_drv.c |  5 +++++
 drivers/gpu/drm/i915/i915_gem.c |  5 +++--
 3 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index 3faf1e94df02..d24ac519c6f3 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -254,20 +254,13 @@ int drm_irq_install(struct drm_device *dev)
 	if (drm_dev_to_irq(dev) == 0)
 		return -EINVAL;
 
-	mutex_lock(&dev->struct_mutex);
-
 	/* Driver must have been initialized */
-	if (!dev->dev_private) {
-		mutex_unlock(&dev->struct_mutex);
+	if (!dev->dev_private)
 		return -EINVAL;
-	}
 
-	if (dev->irq_enabled) {
-		mutex_unlock(&dev->struct_mutex);
+	if (dev->irq_enabled)
 		return -EBUSY;
-	}
 	dev->irq_enabled = true;
-	mutex_unlock(&dev->struct_mutex);
 
 	DRM_DEBUG("irq=%d\n", drm_dev_to_irq(dev));
 
@@ -288,9 +281,7 @@ int drm_irq_install(struct drm_device *dev)
 			  sh_flags, irqname, dev);
 
 	if (ret < 0) {
-		mutex_lock(&dev->struct_mutex);
 		dev->irq_enabled = false;
-		mutex_unlock(&dev->struct_mutex);
 		return ret;
 	}
 
@@ -302,9 +293,7 @@ int drm_irq_install(struct drm_device *dev)
 		ret = dev->driver->irq_postinstall(dev);
 
 	if (ret < 0) {
-		mutex_lock(&dev->struct_mutex);
 		dev->irq_enabled = false;
-		mutex_unlock(&dev->struct_mutex);
 		if (!drm_core_check_feature(dev, DRIVER_MODESET))
 			vga_client_register(dev->pdev, NULL, NULL, NULL);
 		free_irq(drm_dev_to_irq(dev), dev);
@@ -330,10 +319,8 @@ int drm_irq_uninstall(struct drm_device *dev)
 	if (!drm_core_check_feature(dev, DRIVER_HAVE_IRQ))
 		return -EINVAL;
 
-	mutex_lock(&dev->struct_mutex);
 	irq_enabled = dev->irq_enabled;
 	dev->irq_enabled = false;
-	mutex_unlock(&dev->struct_mutex);
 
 	/*
 	 * Wake up any waiters so they don't hang.
@@ -381,6 +368,7 @@ int drm_control(struct drm_device *dev, void *data,
 		struct drm_file *file_priv)
 {
 	struct drm_control *ctl = data;
+	int ret = 0;
 
 	/* if we haven't irq we fallback for compatibility reasons -
 	 * this used to be a separate function in drm_dma.h
@@ -400,9 +388,17 @@ int drm_control(struct drm_device *dev, void *data,
 		    ctl->irq != drm_dev_to_irq(dev))
 			return -EINVAL;
 
-		return drm_irq_install(dev);
+		mutex_lock(&dev->struct_mutex);
+		ret = drm_irq_install(dev);
+		mutex_unlock(&dev->struct_mutex);
+
+		return ret;
 	case DRM_UNINST_HANDLER:
-		return drm_irq_uninstall(dev);
+		mutex_lock(&dev->struct_mutex);
+		ret = drm_irq_uninstall(dev);
+		mutex_unlock(&dev->struct_mutex);
+
+		return ret;
 	default:
 		return -EINVAL;
 	}
diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
index 06600ac18716..95541d1e5b43 100644
--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -799,6 +799,11 @@ int i915_reset(struct drm_device *dev)
 			return ret;
 		}
 
+		/*
+		 * FIXME: This is horribly race against concurrent pageflip and
+		 * vblank wait ioctls since they can observe dev->irqs_disabled
+		 * being false when they shouldn't be able to.
+		 */
 		drm_irq_uninstall(dev);
 		drm_irq_install(dev);
 		intel_hpd_init(dev);
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index 12bbd5eac70d..b8c500bf56b7 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -4543,16 +4543,15 @@ i915_gem_entervt_ioctl(struct drm_device *dev, void *data,
 	}
 
 	BUG_ON(!list_empty(&dev_priv->gtt.base.active_list));
-	mutex_unlock(&dev->struct_mutex);
 
 	ret = drm_irq_install(dev);
 	if (ret)
 		goto cleanup_ringbuffer;
+	mutex_unlock(&dev->struct_mutex);
 
 	return 0;
 
 cleanup_ringbuffer:
-	mutex_lock(&dev->struct_mutex);
 	i915_gem_cleanup_ringbuffer(dev);
 	dev_priv->ums.mm_suspended = 1;
 	mutex_unlock(&dev->struct_mutex);
@@ -4567,7 +4566,9 @@ i915_gem_leavevt_ioctl(struct drm_device *dev, void *data,
 	if (drm_core_check_feature(dev, DRIVER_MODESET))
 		return 0;
 
+	mutex_lock(&dev->struct_mutex);
 	drm_irq_uninstall(dev);
+	mutex_unlock(&dev->struct_mutex);
 
 	return i915_gem_suspend(dev);
 }
-- 
1.8.4.3

  parent reply	other threads:[~2013-12-11 10:35 UTC|newest]

Thread overview: 79+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-11 10:34 [PATCH 00/50] more drm de-midlayering Daniel Vetter
2013-12-11 10:34 ` [PATCH 01/50] drm/rcar: call drm_put_dev directly in the ->remove hook Daniel Vetter
2013-12-11 10:34 ` [PATCH 02/50] drm/exynos: call drm_put_dev directly from ->remove Daniel Vetter
2013-12-11 10:34 ` [PATCH 03/50] drm/imx: directly call drm_put_dev in ->remove Daniel Vetter
2013-12-11 10:34 ` [PATCH 04/50] drm/tilcdc: call drm_put_dev directly from ->remove Daniel Vetter
2013-12-11 19:39   ` Rob Clark
2013-12-11 10:34 ` [PATCH 05/50] drm/omap: call drm_put_dev directly in ->remove Daniel Vetter
2013-12-11 12:02   ` Rob Clark
2013-12-11 13:20     ` [PATCH] " Daniel Vetter
2013-12-11 19:35       ` Rob Clark
2013-12-11 10:34 ` [PATCH 06/50] drm/shmob: call drm_put_dev directly from ->remove hook Daniel Vetter
2013-12-11 12:21   ` Laurent Pinchart
2013-12-11 10:34 ` [PATCH 07/50] drm/armada: directly call drm_put_dev in ->remove Daniel Vetter
2013-12-11 10:34 ` [PATCH 08/50] drm/msm: call drm_put_dev directly " Daniel Vetter
2013-12-11 19:38   ` Rob Clark
2013-12-11 10:34 ` [PATCH 09/50] drm: rip out drm_platform_exit Daniel Vetter
2013-12-11 10:34 ` [PATCH 10/50] drm: restrict the device list for shadow attached drivers Daniel Vetter
2013-12-11 10:34 ` [PATCH 11/50] drm/bufs: remove handling of _DRM_GEM mappings Daniel Vetter
2013-12-11 10:34 ` [PATCH 12/50] drm: kill DRIVER_REQUIRE_AGP Daniel Vetter
2013-12-11 10:34 ` [PATCH 13/50] drm: ->agp_init can't fail Daniel Vetter
2013-12-11 10:34 ` [PATCH 14/50] drm: rip out drm_core_has_AGP Daniel Vetter
2013-12-11 10:34 ` [PATCH 15/50] drm: remove agp_init() bus callback Daniel Vetter
2013-12-11 10:34 ` [PATCH 16/50] drm: inline drm_agp_destroy Daniel Vetter
2013-12-11 10:34 ` [PATCH 17/50] drm: kill the ->agp_destroy callback Daniel Vetter
2013-12-11 10:34 ` [PATCH 18/50] drm: remove global_mutex locking around agp_init Daniel Vetter
2013-12-11 10:34 ` [PATCH 19/50] drm: rip out DRM_AGP_MEM and DRM_AGP_KERN Daniel Vetter
2013-12-11 10:34 ` [PATCH 20/50] drm: Kill DRM_HZ Daniel Vetter
2013-12-11 10:34 ` [PATCH 21/50] drm: Kill DRM_IRQ_ARGS Daniel Vetter
2013-12-11 10:34 ` [PATCH 22/50] drm: Kill DRM_WAKUP and DRM_INIT_WAITQUEUE Daniel Vetter
2013-12-11 10:34 ` [PATCH 23/50] drm: Kill DRM_COPY_(TO|FROM)_USER Daniel Vetter
2013-12-11 10:34 ` [PATCH 24/50] drm: Kill DRM_*MEMORYBARRIER Daniel Vetter
2013-12-11 10:34 ` [PATCH 25/50] drm: Kill DRM_SUSER Daniel Vetter
2013-12-11 10:34 ` [PATCH 26/50] drm/gma500: Remove dead code Daniel Vetter
2013-12-11 10:46   ` Patrik Jakobsson
2013-12-11 10:34 ` [PATCH 27/50] drm/irq: Replace DRM_WAIT_ON with wait_event Daniel Vetter
2013-12-11 10:34 ` [PATCH 28/50] drm: Remove DRM_WAIT_ON from all drivers Daniel Vetter
2013-12-18  1:39   ` Dave Airlie
2013-12-18  8:25     ` Daniel Vetter
2013-12-18  9:37       ` Thomas Hellstrom
2013-12-11 10:34 ` [PATCH 29/50] drm/irq: simplify irq checks in drm_wait_vblank Daniel Vetter
2013-12-12 11:29   ` Thierry Reding
2013-12-12 12:51     ` Daniel Vetter
2013-12-16 10:30   ` [PATCH] " Daniel Vetter
2013-12-16 11:18     ` Thierry Reding
2013-12-11 10:34 ` [PATCH 30/50] drm/pci: fold in irq_by_busid support Daniel Vetter
2013-12-11 10:34 ` [PATCH 31/50] drm/irq: drm_control is a legacy ioctl, so pci devices only Daniel Vetter
2013-12-11 10:34 ` Daniel Vetter [this message]
2013-12-11 10:34 ` [PATCH 33/50] drm: remove drm_dev_to_irq from drivers Daniel Vetter
2013-12-11 10:34 ` [PATCH 34/50] drm: kill drm_bus->bus_type Daniel Vetter
2013-12-11 10:34 ` [PATCH 35/50] drm: Rip out totally bogus vga_switcheroo->can_switch locking Daniel Vetter
2013-12-11 10:34 ` [PATCH 36/50] drm: rename dev->count_lock to dev->buf_lock Daniel Vetter
2013-12-12 11:33   ` Thierry Reding
2013-12-12 12:52     ` Daniel Vetter
2013-12-16 10:29   ` [PATCH] " Daniel Vetter
2013-12-16 11:17     ` Thierry Reding
2013-12-11 10:34 ` [PATCH 37/50] drm/irq: track the irq installed in drm_irq_install in dev->irq Daniel Vetter
2013-12-16 10:29   ` [PATCH] " Daniel Vetter
2013-12-16 11:17     ` Thierry Reding
2013-12-11 10:34 ` [PATCH 38/50] drm/irq: Look up the pci irq directly in the drm_control ioctl Daniel Vetter
2013-12-11 10:35 ` [PATCH 39/50] drm: pass the irq explicitly to drm_irq_install Daniel Vetter
2013-12-11 10:35 ` [PATCH 40/50] drm: remove bus->get_irq implementations Daniel Vetter
2013-12-11 10:35 ` [PATCH 41/50] drm: inline drm_pci_set_unique Daniel Vetter
2013-12-11 10:35 ` [PATCH 42/50] drm: rip out dev->devname Daniel Vetter
2013-12-11 10:35 ` [PATCH 43/50] drm: remove drm_bus->get_name Daniel Vetter
2013-12-11 10:35 ` [PATCH 44/50] drm: Remove dev->kdriver Daniel Vetter
2013-12-11 10:35 ` [PATCH 45/50] drm/<drivers>: don't set driver->dev_priv_size to 0 Daniel Vetter
2014-01-10 15:25   ` Damien Lespiau
2013-12-11 10:35 ` [PATCH 46/50] drm: store the gem vma offset manager in a typed pointer Daniel Vetter
2013-12-11 10:53   ` David Herrmann
2013-12-11 13:24     ` [PATCH 1/2] " Daniel Vetter
2013-12-11 13:24       ` [PATCH 2/2] drm/gma500: Remove unused function declaration Daniel Vetter
2013-12-11 16:04         ` Patrik Jakobsson
2013-12-18  1:04       ` [PATCH 1/2] drm: store the gem vma offset manager in a typed pointer Dave Airlie
2013-12-18  1:22         ` Rob Clark
2013-12-11 10:35 ` [PATCH 47/50] drm: rip out dev->ioctl_count tracking Daniel Vetter
2013-12-11 10:35 ` [PATCH 48/50] drm: Kill file_priv->ioctl_count tracking Daniel Vetter
2013-12-11 10:35 ` [PATCH 49/50] drm: remove dev->vma_count Daniel Vetter
2013-12-11 10:35 ` [PATCH 50/50] drm: use memdup_user() as a cleanup Daniel Vetter
2013-12-12 18:08 ` [PATCH 00/50] more drm de-midlayering Jakob Bornecrantz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1386758111-3446-33-git-send-email-daniel.vetter@ffwll.ch \
    --to=daniel.vetter@ffwll.ch \
    --cc=dri-devel@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.