From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com,
jani.nikula@linux.intel.com, joonas.lahtinen@linux.intel.com,
rodrigo.vivi@intel.com, chris@chris-wilson.co.uk,
ville.syrjala@linux.intel.com, matthew.auld@intel.com,
dan.carpenter@oracle.com, tvrtko.ursulin@intel.com,
matthew.d.roper@intel.com, lucas.demarchi@intel.com,
karthik.b.s@intel.com, jose.souza@intel.com,
manasi.d.navare@intel.com, airlied@redhat.com,
aditya.swarup@intel.com, andrescj@chromium.org,
linux-graphics-maintainer@vmware.com, zackr@vmware.com
Cc: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
intel-gfx@lists.freedesktop.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org, skhan@linuxfoundation.org,
gregkh@linuxfoundation.org,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: [PATCH v8 6/7] drm: avoid circular locks in drm_lease_held
Date: Thu, 26 Aug 2021 10:01:21 +0800 [thread overview]
Message-ID: <20210826020122.1488002-7-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210826020122.1488002-1-desmondcheongzx@gmail.com>
drm_lease_held calls drm_file_get_master. However, this function is
sometimes called while holding on to drm_device.master_rwsem or
modeset_mutex. Since master_rwsem will replace
drm_file.master_lookup_lock in drm_file_get_master in a future patch,
this results in both recursive locking, and an inversion of the
master_rwsem --> modeset_mutex lock hierarchy.
To fix this, we create a new drm_lease_held_master helper function
that enables us to avoid calling drm_file_get_master after locking
master_rwsem or modeset_mutex.
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_auth.c | 3 +++
drivers/gpu/drm/drm_crtc.c | 4 +++-
drivers/gpu/drm/drm_encoder.c | 7 ++++++-
drivers/gpu/drm/drm_lease.c | 30 +++++++++++++++---------------
drivers/gpu/drm/drm_plane.c | 18 ++++++++++++++----
include/drm/drm_lease.h | 2 ++
6 files changed, 43 insertions(+), 21 deletions(-)
diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c
index 65065f7e1499..f2b2f197052a 100644
--- a/drivers/gpu/drm/drm_auth.c
+++ b/drivers/gpu/drm/drm_auth.c
@@ -410,6 +410,9 @@ struct drm_master *drm_file_get_master(struct drm_file *file_priv)
{
struct drm_master *master = NULL;
+ if (!file_priv)
+ return NULL;
+
spin_lock(&file_priv->master_lookup_lock);
if (!file_priv->master)
goto unlock;
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index b1279bb3fa61..0b1e76d2f9ff 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -665,8 +665,10 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
plane = crtc->primary;
+ lockdep_assert_held_once(&dev->master_rwsem);
/* allow disabling with the primary plane leased */
- if (crtc_req->mode_valid && !drm_lease_held(file_priv, plane->base.id))
+ if (crtc_req->mode_valid &&
+ !drm_lease_held_master(file_priv->master, plane->base.id))
return -EACCES;
DRM_MODESET_LOCK_ALL_BEGIN(dev, ctx,
diff --git a/drivers/gpu/drm/drm_encoder.c b/drivers/gpu/drm/drm_encoder.c
index 72e982323a5e..bacb2f6a325c 100644
--- a/drivers/gpu/drm/drm_encoder.c
+++ b/drivers/gpu/drm/drm_encoder.c
@@ -22,6 +22,7 @@
#include <linux/export.h>
+#include <drm/drm_auth.h>
#include <drm/drm_bridge.h>
#include <drm/drm_device.h>
#include <drm/drm_drv.h>
@@ -281,6 +282,7 @@ int drm_mode_getencoder(struct drm_device *dev, void *data,
struct drm_mode_get_encoder *enc_resp = data;
struct drm_encoder *encoder;
struct drm_crtc *crtc;
+ struct drm_master *master;
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
@@ -289,13 +291,16 @@ int drm_mode_getencoder(struct drm_device *dev, void *data,
if (!encoder)
return -ENOENT;
+ master = drm_file_get_master(file_priv);
drm_modeset_lock(&dev->mode_config.connection_mutex, NULL);
crtc = drm_encoder_get_crtc(encoder);
- if (crtc && drm_lease_held(file_priv, crtc->base.id))
+ if (crtc && drm_lease_held_master(master, crtc->base.id))
enc_resp->crtc_id = crtc->base.id;
else
enc_resp->crtc_id = 0;
drm_modeset_unlock(&dev->mode_config.connection_mutex);
+ if (master)
+ drm_master_put(&master);
enc_resp->encoder_type = encoder->encoder_type;
enc_resp->encoder_id = encoder->base.id;
diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c
index 1b156c85d1c8..15bf3a3c76d1 100644
--- a/drivers/gpu/drm/drm_lease.c
+++ b/drivers/gpu/drm/drm_lease.c
@@ -114,27 +114,30 @@ bool _drm_lease_held(struct drm_file *file_priv, int id)
return _drm_lease_held_master(file_priv->master, id);
}
-bool drm_lease_held(struct drm_file *file_priv, int id)
+bool drm_lease_held_master(struct drm_master *master, int id)
{
- struct drm_master *master;
bool ret;
- if (!file_priv)
+ if (!master || !master->lessor)
return true;
- master = drm_file_get_master(file_priv);
- if (!master)
- return true;
- if (!master->lessor) {
- ret = true;
- goto out;
- }
mutex_lock(&master->dev->mode_config.idr_mutex);
ret = _drm_lease_held_master(master, id);
mutex_unlock(&master->dev->mode_config.idr_mutex);
-out:
- drm_master_put(&master);
+ return ret;
+}
+
+bool drm_lease_held(struct drm_file *file_priv, int id)
+{
+ struct drm_master *master;
+ bool ret;
+
+ master = drm_file_get_master(file_priv);
+ ret = drm_lease_held_master(master, id);
+ if (master)
+ drm_master_put(&master);
+
return ret;
}
@@ -150,9 +153,6 @@ uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs_in)
int count_in, count_out;
uint32_t crtcs_out = 0;
- if (!file_priv)
- return crtcs_in;
-
master = drm_file_get_master(file_priv);
if (!master)
return crtcs_in;
diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
index b5566167a798..907b026fd916 100644
--- a/drivers/gpu/drm/drm_plane.c
+++ b/drivers/gpu/drm/drm_plane.c
@@ -23,6 +23,7 @@
#include <linux/slab.h>
#include <linux/uaccess.h>
+#include <drm/drm_auth.h>
#include <drm/drm_plane.h>
#include <drm/drm_drv.h>
#include <drm/drm_print.h>
@@ -687,6 +688,7 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
struct drm_mode_get_plane *plane_resp = data;
struct drm_plane *plane;
uint32_t __user *format_ptr;
+ struct drm_master *master;
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
@@ -695,10 +697,13 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
if (!plane)
return -ENOENT;
+ master = drm_file_get_master(file_priv);
drm_modeset_lock(&plane->mutex, NULL);
- if (plane->state && plane->state->crtc && drm_lease_held(file_priv, plane->state->crtc->base.id))
+ if (plane->state && plane->state->crtc &&
+ drm_lease_held_master(master, plane->state->crtc->base.id))
plane_resp->crtc_id = plane->state->crtc->base.id;
- else if (!plane->state && plane->crtc && drm_lease_held(file_priv, plane->crtc->base.id))
+ else if (!plane->state && plane->crtc &&
+ drm_lease_held_master(master, plane->crtc->base.id))
plane_resp->crtc_id = plane->crtc->base.id;
else
plane_resp->crtc_id = 0;
@@ -710,6 +715,8 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
else
plane_resp->fb_id = 0;
drm_modeset_unlock(&plane->mutex);
+ if (master)
+ drm_master_put(&master);
plane_resp->plane_id = plane->base.id;
plane_resp->possible_crtcs = drm_lease_filter_crtcs(file_priv,
@@ -1114,6 +1121,7 @@ static int drm_mode_cursor_common(struct drm_device *dev,
return -ENOENT;
}
+ lockdep_assert_held_once(&dev->master_rwsem);
drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE);
retry:
ret = drm_modeset_lock(&crtc->mutex, &ctx);
@@ -1128,7 +1136,8 @@ static int drm_mode_cursor_common(struct drm_device *dev,
if (ret)
goto out;
- if (!drm_lease_held(file_priv, crtc->cursor->base.id)) {
+ if (!drm_lease_held_master(file_priv->master,
+ crtc->cursor->base.id)) {
ret = -EACCES;
goto out;
}
@@ -1235,7 +1244,8 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev,
plane = crtc->primary;
- if (!drm_lease_held(file_priv, plane->base.id))
+ lockdep_assert_held_once(&dev->master_rwsem);
+ if (!drm_lease_held_master(file_priv->master, plane->base.id))
return -EACCES;
if (crtc->funcs->page_flip_target) {
diff --git a/include/drm/drm_lease.h b/include/drm/drm_lease.h
index 5c9ef6a2aeae..426ea86d3c6a 100644
--- a/include/drm/drm_lease.h
+++ b/include/drm/drm_lease.h
@@ -18,6 +18,8 @@ bool drm_lease_held(struct drm_file *file_priv, int id);
bool _drm_lease_held(struct drm_file *file_priv, int id);
+bool drm_lease_held_master(struct drm_master *master, int id);
+
void drm_lease_revoke(struct drm_master *master);
uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs);
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com,
jani.nikula@linux.intel.com, joonas.lahtinen@linux.intel.com,
rodrigo.vivi@intel.com, chris@chris-wilson.co.uk,
ville.syrjala@linux.intel.com, matthew.auld@intel.com,
dan.carpenter@oracle.com, tvrtko.ursulin@intel.com,
matthew.d.roper@intel.com, lucas.demarchi@intel.com,
karthik.b.s@intel.com, jose.souza@intel.com,
manasi.d.navare@intel.com, airlied@redhat.com,
aditya.swarup@intel.com, andrescj@chromium.org,
linux-graphics-maintainer@vmware.com, zackr@vmware.com
Cc: intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
linux-media@vger.kernel.org
Subject: [PATCH v8 6/7] drm: avoid circular locks in drm_lease_held
Date: Thu, 26 Aug 2021 10:01:21 +0800 [thread overview]
Message-ID: <20210826020122.1488002-7-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210826020122.1488002-1-desmondcheongzx@gmail.com>
drm_lease_held calls drm_file_get_master. However, this function is
sometimes called while holding on to drm_device.master_rwsem or
modeset_mutex. Since master_rwsem will replace
drm_file.master_lookup_lock in drm_file_get_master in a future patch,
this results in both recursive locking, and an inversion of the
master_rwsem --> modeset_mutex lock hierarchy.
To fix this, we create a new drm_lease_held_master helper function
that enables us to avoid calling drm_file_get_master after locking
master_rwsem or modeset_mutex.
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_auth.c | 3 +++
drivers/gpu/drm/drm_crtc.c | 4 +++-
drivers/gpu/drm/drm_encoder.c | 7 ++++++-
drivers/gpu/drm/drm_lease.c | 30 +++++++++++++++---------------
drivers/gpu/drm/drm_plane.c | 18 ++++++++++++++----
include/drm/drm_lease.h | 2 ++
6 files changed, 43 insertions(+), 21 deletions(-)
diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c
index 65065f7e1499..f2b2f197052a 100644
--- a/drivers/gpu/drm/drm_auth.c
+++ b/drivers/gpu/drm/drm_auth.c
@@ -410,6 +410,9 @@ struct drm_master *drm_file_get_master(struct drm_file *file_priv)
{
struct drm_master *master = NULL;
+ if (!file_priv)
+ return NULL;
+
spin_lock(&file_priv->master_lookup_lock);
if (!file_priv->master)
goto unlock;
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index b1279bb3fa61..0b1e76d2f9ff 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -665,8 +665,10 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
plane = crtc->primary;
+ lockdep_assert_held_once(&dev->master_rwsem);
/* allow disabling with the primary plane leased */
- if (crtc_req->mode_valid && !drm_lease_held(file_priv, plane->base.id))
+ if (crtc_req->mode_valid &&
+ !drm_lease_held_master(file_priv->master, plane->base.id))
return -EACCES;
DRM_MODESET_LOCK_ALL_BEGIN(dev, ctx,
diff --git a/drivers/gpu/drm/drm_encoder.c b/drivers/gpu/drm/drm_encoder.c
index 72e982323a5e..bacb2f6a325c 100644
--- a/drivers/gpu/drm/drm_encoder.c
+++ b/drivers/gpu/drm/drm_encoder.c
@@ -22,6 +22,7 @@
#include <linux/export.h>
+#include <drm/drm_auth.h>
#include <drm/drm_bridge.h>
#include <drm/drm_device.h>
#include <drm/drm_drv.h>
@@ -281,6 +282,7 @@ int drm_mode_getencoder(struct drm_device *dev, void *data,
struct drm_mode_get_encoder *enc_resp = data;
struct drm_encoder *encoder;
struct drm_crtc *crtc;
+ struct drm_master *master;
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
@@ -289,13 +291,16 @@ int drm_mode_getencoder(struct drm_device *dev, void *data,
if (!encoder)
return -ENOENT;
+ master = drm_file_get_master(file_priv);
drm_modeset_lock(&dev->mode_config.connection_mutex, NULL);
crtc = drm_encoder_get_crtc(encoder);
- if (crtc && drm_lease_held(file_priv, crtc->base.id))
+ if (crtc && drm_lease_held_master(master, crtc->base.id))
enc_resp->crtc_id = crtc->base.id;
else
enc_resp->crtc_id = 0;
drm_modeset_unlock(&dev->mode_config.connection_mutex);
+ if (master)
+ drm_master_put(&master);
enc_resp->encoder_type = encoder->encoder_type;
enc_resp->encoder_id = encoder->base.id;
diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c
index 1b156c85d1c8..15bf3a3c76d1 100644
--- a/drivers/gpu/drm/drm_lease.c
+++ b/drivers/gpu/drm/drm_lease.c
@@ -114,27 +114,30 @@ bool _drm_lease_held(struct drm_file *file_priv, int id)
return _drm_lease_held_master(file_priv->master, id);
}
-bool drm_lease_held(struct drm_file *file_priv, int id)
+bool drm_lease_held_master(struct drm_master *master, int id)
{
- struct drm_master *master;
bool ret;
- if (!file_priv)
+ if (!master || !master->lessor)
return true;
- master = drm_file_get_master(file_priv);
- if (!master)
- return true;
- if (!master->lessor) {
- ret = true;
- goto out;
- }
mutex_lock(&master->dev->mode_config.idr_mutex);
ret = _drm_lease_held_master(master, id);
mutex_unlock(&master->dev->mode_config.idr_mutex);
-out:
- drm_master_put(&master);
+ return ret;
+}
+
+bool drm_lease_held(struct drm_file *file_priv, int id)
+{
+ struct drm_master *master;
+ bool ret;
+
+ master = drm_file_get_master(file_priv);
+ ret = drm_lease_held_master(master, id);
+ if (master)
+ drm_master_put(&master);
+
return ret;
}
@@ -150,9 +153,6 @@ uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs_in)
int count_in, count_out;
uint32_t crtcs_out = 0;
- if (!file_priv)
- return crtcs_in;
-
master = drm_file_get_master(file_priv);
if (!master)
return crtcs_in;
diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
index b5566167a798..907b026fd916 100644
--- a/drivers/gpu/drm/drm_plane.c
+++ b/drivers/gpu/drm/drm_plane.c
@@ -23,6 +23,7 @@
#include <linux/slab.h>
#include <linux/uaccess.h>
+#include <drm/drm_auth.h>
#include <drm/drm_plane.h>
#include <drm/drm_drv.h>
#include <drm/drm_print.h>
@@ -687,6 +688,7 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
struct drm_mode_get_plane *plane_resp = data;
struct drm_plane *plane;
uint32_t __user *format_ptr;
+ struct drm_master *master;
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
@@ -695,10 +697,13 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
if (!plane)
return -ENOENT;
+ master = drm_file_get_master(file_priv);
drm_modeset_lock(&plane->mutex, NULL);
- if (plane->state && plane->state->crtc && drm_lease_held(file_priv, plane->state->crtc->base.id))
+ if (plane->state && plane->state->crtc &&
+ drm_lease_held_master(master, plane->state->crtc->base.id))
plane_resp->crtc_id = plane->state->crtc->base.id;
- else if (!plane->state && plane->crtc && drm_lease_held(file_priv, plane->crtc->base.id))
+ else if (!plane->state && plane->crtc &&
+ drm_lease_held_master(master, plane->crtc->base.id))
plane_resp->crtc_id = plane->crtc->base.id;
else
plane_resp->crtc_id = 0;
@@ -710,6 +715,8 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
else
plane_resp->fb_id = 0;
drm_modeset_unlock(&plane->mutex);
+ if (master)
+ drm_master_put(&master);
plane_resp->plane_id = plane->base.id;
plane_resp->possible_crtcs = drm_lease_filter_crtcs(file_priv,
@@ -1114,6 +1121,7 @@ static int drm_mode_cursor_common(struct drm_device *dev,
return -ENOENT;
}
+ lockdep_assert_held_once(&dev->master_rwsem);
drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE);
retry:
ret = drm_modeset_lock(&crtc->mutex, &ctx);
@@ -1128,7 +1136,8 @@ static int drm_mode_cursor_common(struct drm_device *dev,
if (ret)
goto out;
- if (!drm_lease_held(file_priv, crtc->cursor->base.id)) {
+ if (!drm_lease_held_master(file_priv->master,
+ crtc->cursor->base.id)) {
ret = -EACCES;
goto out;
}
@@ -1235,7 +1244,8 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev,
plane = crtc->primary;
- if (!drm_lease_held(file_priv, plane->base.id))
+ lockdep_assert_held_once(&dev->master_rwsem);
+ if (!drm_lease_held_master(file_priv->master, plane->base.id))
return -EACCES;
if (crtc->funcs->page_flip_target) {
diff --git a/include/drm/drm_lease.h b/include/drm/drm_lease.h
index 5c9ef6a2aeae..426ea86d3c6a 100644
--- a/include/drm/drm_lease.h
+++ b/include/drm/drm_lease.h
@@ -18,6 +18,8 @@ bool drm_lease_held(struct drm_file *file_priv, int id);
bool _drm_lease_held(struct drm_file *file_priv, int id);
+bool drm_lease_held_master(struct drm_master *master, int id);
+
void drm_lease_revoke(struct drm_master *master);
uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs);
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
WARNING: multiple messages have this Message-ID (diff)
From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com,
jani.nikula@linux.intel.com, joonas.lahtinen@linux.intel.com,
rodrigo.vivi@intel.com, chris@chris-wilson.co.uk,
ville.syrjala@linux.intel.com, matthew.auld@intel.com,
dan.carpenter@oracle.com, tvrtko.ursulin@intel.com,
matthew.d.roper@intel.com, lucas.demarchi@intel.com,
karthik.b.s@intel.com, jose.souza@intel.com,
manasi.d.navare@intel.com, airlied@redhat.com,
aditya.swarup@intel.com, andrescj@chromium.org,
linux-graphics-maintainer@vmware.com, zackr@vmware.com
Cc: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
intel-gfx@lists.freedesktop.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org, skhan@linuxfoundation.org,
gregkh@linuxfoundation.org,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: [Intel-gfx] [PATCH v8 6/7] drm: avoid circular locks in drm_lease_held
Date: Thu, 26 Aug 2021 10:01:21 +0800 [thread overview]
Message-ID: <20210826020122.1488002-7-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210826020122.1488002-1-desmondcheongzx@gmail.com>
drm_lease_held calls drm_file_get_master. However, this function is
sometimes called while holding on to drm_device.master_rwsem or
modeset_mutex. Since master_rwsem will replace
drm_file.master_lookup_lock in drm_file_get_master in a future patch,
this results in both recursive locking, and an inversion of the
master_rwsem --> modeset_mutex lock hierarchy.
To fix this, we create a new drm_lease_held_master helper function
that enables us to avoid calling drm_file_get_master after locking
master_rwsem or modeset_mutex.
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_auth.c | 3 +++
drivers/gpu/drm/drm_crtc.c | 4 +++-
drivers/gpu/drm/drm_encoder.c | 7 ++++++-
drivers/gpu/drm/drm_lease.c | 30 +++++++++++++++---------------
drivers/gpu/drm/drm_plane.c | 18 ++++++++++++++----
include/drm/drm_lease.h | 2 ++
6 files changed, 43 insertions(+), 21 deletions(-)
diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c
index 65065f7e1499..f2b2f197052a 100644
--- a/drivers/gpu/drm/drm_auth.c
+++ b/drivers/gpu/drm/drm_auth.c
@@ -410,6 +410,9 @@ struct drm_master *drm_file_get_master(struct drm_file *file_priv)
{
struct drm_master *master = NULL;
+ if (!file_priv)
+ return NULL;
+
spin_lock(&file_priv->master_lookup_lock);
if (!file_priv->master)
goto unlock;
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index b1279bb3fa61..0b1e76d2f9ff 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -665,8 +665,10 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
plane = crtc->primary;
+ lockdep_assert_held_once(&dev->master_rwsem);
/* allow disabling with the primary plane leased */
- if (crtc_req->mode_valid && !drm_lease_held(file_priv, plane->base.id))
+ if (crtc_req->mode_valid &&
+ !drm_lease_held_master(file_priv->master, plane->base.id))
return -EACCES;
DRM_MODESET_LOCK_ALL_BEGIN(dev, ctx,
diff --git a/drivers/gpu/drm/drm_encoder.c b/drivers/gpu/drm/drm_encoder.c
index 72e982323a5e..bacb2f6a325c 100644
--- a/drivers/gpu/drm/drm_encoder.c
+++ b/drivers/gpu/drm/drm_encoder.c
@@ -22,6 +22,7 @@
#include <linux/export.h>
+#include <drm/drm_auth.h>
#include <drm/drm_bridge.h>
#include <drm/drm_device.h>
#include <drm/drm_drv.h>
@@ -281,6 +282,7 @@ int drm_mode_getencoder(struct drm_device *dev, void *data,
struct drm_mode_get_encoder *enc_resp = data;
struct drm_encoder *encoder;
struct drm_crtc *crtc;
+ struct drm_master *master;
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
@@ -289,13 +291,16 @@ int drm_mode_getencoder(struct drm_device *dev, void *data,
if (!encoder)
return -ENOENT;
+ master = drm_file_get_master(file_priv);
drm_modeset_lock(&dev->mode_config.connection_mutex, NULL);
crtc = drm_encoder_get_crtc(encoder);
- if (crtc && drm_lease_held(file_priv, crtc->base.id))
+ if (crtc && drm_lease_held_master(master, crtc->base.id))
enc_resp->crtc_id = crtc->base.id;
else
enc_resp->crtc_id = 0;
drm_modeset_unlock(&dev->mode_config.connection_mutex);
+ if (master)
+ drm_master_put(&master);
enc_resp->encoder_type = encoder->encoder_type;
enc_resp->encoder_id = encoder->base.id;
diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c
index 1b156c85d1c8..15bf3a3c76d1 100644
--- a/drivers/gpu/drm/drm_lease.c
+++ b/drivers/gpu/drm/drm_lease.c
@@ -114,27 +114,30 @@ bool _drm_lease_held(struct drm_file *file_priv, int id)
return _drm_lease_held_master(file_priv->master, id);
}
-bool drm_lease_held(struct drm_file *file_priv, int id)
+bool drm_lease_held_master(struct drm_master *master, int id)
{
- struct drm_master *master;
bool ret;
- if (!file_priv)
+ if (!master || !master->lessor)
return true;
- master = drm_file_get_master(file_priv);
- if (!master)
- return true;
- if (!master->lessor) {
- ret = true;
- goto out;
- }
mutex_lock(&master->dev->mode_config.idr_mutex);
ret = _drm_lease_held_master(master, id);
mutex_unlock(&master->dev->mode_config.idr_mutex);
-out:
- drm_master_put(&master);
+ return ret;
+}
+
+bool drm_lease_held(struct drm_file *file_priv, int id)
+{
+ struct drm_master *master;
+ bool ret;
+
+ master = drm_file_get_master(file_priv);
+ ret = drm_lease_held_master(master, id);
+ if (master)
+ drm_master_put(&master);
+
return ret;
}
@@ -150,9 +153,6 @@ uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs_in)
int count_in, count_out;
uint32_t crtcs_out = 0;
- if (!file_priv)
- return crtcs_in;
-
master = drm_file_get_master(file_priv);
if (!master)
return crtcs_in;
diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c
index b5566167a798..907b026fd916 100644
--- a/drivers/gpu/drm/drm_plane.c
+++ b/drivers/gpu/drm/drm_plane.c
@@ -23,6 +23,7 @@
#include <linux/slab.h>
#include <linux/uaccess.h>
+#include <drm/drm_auth.h>
#include <drm/drm_plane.h>
#include <drm/drm_drv.h>
#include <drm/drm_print.h>
@@ -687,6 +688,7 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
struct drm_mode_get_plane *plane_resp = data;
struct drm_plane *plane;
uint32_t __user *format_ptr;
+ struct drm_master *master;
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
@@ -695,10 +697,13 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
if (!plane)
return -ENOENT;
+ master = drm_file_get_master(file_priv);
drm_modeset_lock(&plane->mutex, NULL);
- if (plane->state && plane->state->crtc && drm_lease_held(file_priv, plane->state->crtc->base.id))
+ if (plane->state && plane->state->crtc &&
+ drm_lease_held_master(master, plane->state->crtc->base.id))
plane_resp->crtc_id = plane->state->crtc->base.id;
- else if (!plane->state && plane->crtc && drm_lease_held(file_priv, plane->crtc->base.id))
+ else if (!plane->state && plane->crtc &&
+ drm_lease_held_master(master, plane->crtc->base.id))
plane_resp->crtc_id = plane->crtc->base.id;
else
plane_resp->crtc_id = 0;
@@ -710,6 +715,8 @@ int drm_mode_getplane(struct drm_device *dev, void *data,
else
plane_resp->fb_id = 0;
drm_modeset_unlock(&plane->mutex);
+ if (master)
+ drm_master_put(&master);
plane_resp->plane_id = plane->base.id;
plane_resp->possible_crtcs = drm_lease_filter_crtcs(file_priv,
@@ -1114,6 +1121,7 @@ static int drm_mode_cursor_common(struct drm_device *dev,
return -ENOENT;
}
+ lockdep_assert_held_once(&dev->master_rwsem);
drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE);
retry:
ret = drm_modeset_lock(&crtc->mutex, &ctx);
@@ -1128,7 +1136,8 @@ static int drm_mode_cursor_common(struct drm_device *dev,
if (ret)
goto out;
- if (!drm_lease_held(file_priv, crtc->cursor->base.id)) {
+ if (!drm_lease_held_master(file_priv->master,
+ crtc->cursor->base.id)) {
ret = -EACCES;
goto out;
}
@@ -1235,7 +1244,8 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev,
plane = crtc->primary;
- if (!drm_lease_held(file_priv, plane->base.id))
+ lockdep_assert_held_once(&dev->master_rwsem);
+ if (!drm_lease_held_master(file_priv->master, plane->base.id))
return -EACCES;
if (crtc->funcs->page_flip_target) {
diff --git a/include/drm/drm_lease.h b/include/drm/drm_lease.h
index 5c9ef6a2aeae..426ea86d3c6a 100644
--- a/include/drm/drm_lease.h
+++ b/include/drm/drm_lease.h
@@ -18,6 +18,8 @@ bool drm_lease_held(struct drm_file *file_priv, int id);
bool _drm_lease_held(struct drm_file *file_priv, int id);
+bool drm_lease_held_master(struct drm_master *master, int id);
+
void drm_lease_revoke(struct drm_master *master);
uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs);
--
2.25.1
next prev parent reply other threads:[~2021-08-26 2:03 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 2:01 [PATCH v8 0/7] drm: update locking for modesetting Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [PATCH v8 1/7] drm: fix null ptr dereference in drm_master_release Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 9:53 ` Daniel Vetter
2021-08-26 9:53 ` [Intel-gfx] " Daniel Vetter
2021-08-26 9:53 ` Daniel Vetter
2021-08-26 11:53 ` Desmond Cheong Zhi Xi
2021-08-26 11:53 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 11:53 ` Desmond Cheong Zhi Xi
2021-08-26 12:51 ` [Intel-gfx] " Daniel Vetter
2021-08-26 12:51 ` Daniel Vetter
2021-08-26 2:01 ` [PATCH v8 2/7] drm: convert drm_device.master_mutex into a rwsem Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 9:55 ` Daniel Vetter
2021-08-26 9:55 ` [Intel-gfx] " Daniel Vetter
2021-08-26 9:55 ` Daniel Vetter
2021-08-26 2:01 ` [PATCH v8 3/7] drm: lock drm_global_mutex earlier in the ioctl handler Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 9:58 ` Daniel Vetter
2021-08-26 9:58 ` Daniel Vetter
2021-08-26 9:58 ` [Intel-gfx] " Daniel Vetter
2021-08-30 21:04 ` Desmond Cheong Zhi Xi
2021-08-30 21:04 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-30 21:04 ` Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [PATCH v8 4/7] drm: avoid races with modesetting rights Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 12:59 ` Daniel Vetter
2021-08-26 12:59 ` Daniel Vetter
2021-08-26 12:59 ` [Intel-gfx] " Daniel Vetter
2021-08-30 21:36 ` Desmond Cheong Zhi Xi
2021-08-30 21:36 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-30 21:36 ` Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [PATCH v8 5/7] drm: avoid circular locks in drm_mode_object_find Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 13:13 ` Daniel Vetter
2021-08-26 13:13 ` [Intel-gfx] " Daniel Vetter
2021-08-26 13:13 ` Daniel Vetter
2021-08-26 2:01 ` Desmond Cheong Zhi Xi [this message]
2021-08-26 2:01 ` [Intel-gfx] [PATCH v8 6/7] drm: avoid circular locks in drm_lease_held Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [PATCH v8 7/7] drm: remove drm_file.master_lookup_lock Desmond Cheong Zhi Xi
2021-08-26 2:01 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-26 2:01 ` Desmond Cheong Zhi Xi
2021-08-26 13:21 ` Daniel Vetter
2021-08-26 13:21 ` [Intel-gfx] " Daniel Vetter
2021-08-26 13:21 ` Daniel Vetter
2021-08-31 6:02 ` Desmond Cheong Zhi Xi
2021-08-31 6:02 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-08-31 6:02 ` Desmond Cheong Zhi Xi
2021-08-31 12:28 ` Daniel Vetter
2021-08-31 12:28 ` [Intel-gfx] " Daniel Vetter
2021-08-31 12:28 ` Daniel Vetter
2021-08-26 2:31 ` [Intel-gfx] ✗ Fi.CI.SPARSE: warning for drm: update locking for modesetting (rev5) Patchwork
2021-08-26 2:48 ` [Intel-gfx] ✗ Fi.CI.BAT: failure " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210826020122.1488002-7-desmondcheongzx@gmail.com \
--to=desmondcheongzx@gmail.com \
--cc=aditya.swarup@intel.com \
--cc=airlied@linux.ie \
--cc=airlied@redhat.com \
--cc=andrescj@chromium.org \
--cc=chris@chris-wilson.co.uk \
--cc=christian.koenig@amd.com \
--cc=dan.carpenter@oracle.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=jose.souza@intel.com \
--cc=karthik.b.s@intel.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-graphics-maintainer@vmware.com \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=lucas.demarchi@intel.com \
--cc=maarten.lankhorst@linux.intel.com \
--cc=manasi.d.navare@intel.com \
--cc=matthew.auld@intel.com \
--cc=matthew.d.roper@intel.com \
--cc=mripard@kernel.org \
--cc=rodrigo.vivi@intel.com \
--cc=skhan@linuxfoundation.org \
--cc=sumit.semwal@linaro.org \
--cc=tvrtko.ursulin@intel.com \
--cc=tzimmermann@suse.de \
--cc=ville.syrjala@linux.intel.com \
--cc=zackr@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.