From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 72845C433EF for ; Fri, 6 May 2022 10:19:17 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id E265C10FB73; Fri, 6 May 2022 10:19:05 +0000 (UTC) Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by gabe.freedesktop.org (Postfix) with ESMTPS id 1B7F110F7AD for ; Thu, 5 May 2022 08:10:45 +0000 (UTC) Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-2f83983782fso40236867b3.6 for ; Thu, 05 May 2022 01:10:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jlekstrand-net.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xqj1PK8l3CukS2Ifv9U0ecyZxwMggi8LxIQgF+eSLsQ=; b=UHE1beiL3tx7MHrhMK2N8k+pn1z+ddVRGBS8+ovvpZQ+dXuXqwBApwTEk12c/xB+j4 aRXo4p6tIiOmualdK4aw8ad3BsblHpyPliuvRl6SSDJHHIGp3bxFYK4nTNJlnJlyBzR0 Rz3uCLmIEKIpkMqVaOj7EtcBozc6x1ohk2xmve7IOe9mddtoRlLToQ6Abl8Y43ckJmn0 KmNFtMT7hO1ubY5haoCPGlExQJISrNx2yhZWsLUklrAjR6hjGj7QjgMpoAH6ymioMtWB REZYBzGMnIdIWOqrPvwR7aALN4LI/QeeE3+eVNuPlx6oh7X1jAxNYq1YRUTi6UtNQ9bo iYlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xqj1PK8l3CukS2Ifv9U0ecyZxwMggi8LxIQgF+eSLsQ=; b=UqHBA90A5M3tbi6mYTLGYdZ7h4/mKmK1JLSfBnqTiUQ2Jr1UMeTjn/mEXKNbKbXw4b j4xe6iVCJ8wcAayEPOTroW0mF3jBSEYOM7KHkinof3bvl8sJBsjenHbsS7lCQ4IfT4E1 xC14OeQnYTu4e1xSGNX2z0g70Qq0hOb+M/kjJowPMLyFuJMZqEUT1v2bsXBS1Gmn3efO +U+bxJvDjdwKsPOXZSPFB7xLBKpXvEV0o+LIOKIbR67Z8yBSTG28PpDAyHtWGbkeI4Mi 12hSl+Vr+eNv0fHCtkfJv+drWQneeoiQI8k2I7NJRhAU7W5PtXEuKWBYddl8h3SKYacP u2Ng== X-Gm-Message-State: AOAM530OtcyQB55h0Asav3+40UKBUxPbSekMRWGaRUgJrg8uXvqz6+oR YMwLjpRbTl0UhO8sKNX13ssuCsT8v0sHDFG/dtpU+Q== X-Google-Smtp-Source: ABdhPJxIxsdDx4zpk/wS5+kv+mgg0TE1/Ed4fkZJGKwCZYXeprCTFcZfnsxFRtB3iwuQXIoO4EjpGMLX94Hf4e+EV+I= X-Received: by 2002:a81:f0e:0:b0:2f7:d523:e49d with SMTP id 14-20020a810f0e000000b002f7d523e49dmr22072039ywp.311.1651738244042; Thu, 05 May 2022 01:10:44 -0700 (PDT) MIME-Version: 1.0 References: <20220504203404.1495485-1-jason@jlekstrand.net> <20220504203404.1495485-2-jason@jlekstrand.net> <7d478470-00fa-07a6-1479-dee80ced5b76@amd.com> In-Reply-To: <7d478470-00fa-07a6-1479-dee80ced5b76@amd.com> From: Jason Ekstrand Date: Thu, 5 May 2022 03:10:33 -0500 Message-ID: Subject: Re: [PATCH 1/2] dma-buf: Add an API for exporting sync files (v13) To: =?UTF-8?Q?Christian_K=C3=B6nig?= Content-Type: multipart/alternative; boundary="0000000000004c641905de3f4732" X-Mailman-Approved-At: Fri, 06 May 2022 10:19:04 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sumit Semwal , Maling list - DRI developers , Daniel Vetter Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" --0000000000004c641905de3f4732 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, May 5, 2022 at 1:25 AM Christian K=C3=B6nig wrote: > Am 04.05.22 um 22:34 schrieb Jason Ekstrand: > > Modern userspace APIs like Vulkan are built on an explicit > > synchronization model. This doesn't always play nicely with the > > implicit synchronization used in the kernel and assumed by X11 and > > Wayland. The client -> compositor half of the synchronization isn't to= o > > bad, at least on intel, because we can control whether or not i915 > > synchronizes on the buffer and whether or not it's considered written. > > > > The harder part is the compositor -> client synchronization when we get > > the buffer back from the compositor. We're required to be able to > > provide the client with a VkSemaphore and VkFence representing the poin= t > > in time where the window system (compositor and/or display) finished > > using the buffer. With current APIs, it's very hard to do this in such > > a way that we don't get confused by the Vulkan driver's access of the > > buffer. In particular, once we tell the kernel that we're rendering to > > the buffer again, any CPU waits on the buffer or GPU dependencies will > > wait on some of the client rendering and not just the compositor. > > > > This new IOCTL solves this problem by allowing us to get a snapshot of > > the implicit synchronization state of a given dma-buf in the form of a > > sync file. It's effectively the same as a poll() or I915_GEM_WAIT only= , > > instead of CPU waiting directly, it encapsulates the wait operation, at > > the current moment in time, in a sync_file so we can check/wait on it > > later. As long as the Vulkan driver does the sync_file export from the > > dma-buf before we re-introduce it for rendering, it will only contain > > fences from the compositor or display. This allows to accurately turn > > it into a VkFence or VkSemaphore without any over-synchronization. > > > > By making this an ioctl on the dma-buf itself, it allows this new > > functionality to be used in an entirely driver-agnostic way without > > having access to a DRM fd. This makes it ideal for use in driver-generi= c > > code in Mesa or in a client such as a compositor where the DRM fd may b= e > > hard to reach. > > > > v2 (Jason Ekstrand): > > - Use a wrapper dma_fence_array of all fences including the new one > > when importing an exclusive fence. > > > > v3 (Jason Ekstrand): > > - Lock around setting shared fences as well as exclusive > > - Mark SIGNAL_SYNC_FILE as a read-write ioctl. > > - Initialize ret to 0 in dma_buf_wait_sync_file > > > > v4 (Jason Ekstrand): > > - Use the new dma_resv_get_singleton helper > > > > v5 (Jason Ekstrand): > > - Rename the IOCTLs to import/export rather than wait/signal > > - Drop the WRITE flag and always get/set the exclusive fence > > > > v6 (Jason Ekstrand): > > - Drop the sync_file import as it was all-around sketchy and not near= ly > > as useful as import. > > - Re-introduce READ/WRITE flag support for export > > - Rework the commit message > > > > v7 (Jason Ekstrand): > > - Require at least one sync flag > > - Fix a refcounting bug: dma_resv_get_excl() doesn't take a reference > > - Use _rcu helpers since we're accessing the dma_resv read-only > > > > v8 (Jason Ekstrand): > > - Return -ENOMEM if the sync_file_create fails > > - Predicate support on IS_ENABLED(CONFIG_SYNC_FILE) > > > > v9 (Jason Ekstrand): > > - Add documentation for the new ioctl > > > > v10 (Jason Ekstrand): > > - Go back to dma_buf_sync_file as the ioctl struct name > > > > v11 (Daniel Vetter): > > - Go back to dma_buf_export_sync_file as the ioctl struct name > > - Better kerneldoc describing what the read/write flags do > > > > v12 (Christian K=C3=B6nig): > > - Document why we chose to make it an ioctl on dma-buf > > > > v12 (Jason Ekstrand): > > - Rebase on Christian K=C3=B6nig's fence rework > > > > Signed-off-by: Jason Ekstrand > > Acked-by: Simon Ser > > Acked-by: Christian K=C3=B6nig > > Reviewed-by: Daniel Vetter > > Cc: Sumit Semwal > > Cc: Maarten Lankhorst > > --- > > drivers/dma-buf/dma-buf.c | 64 +++++++++++++++++++++++++++++++++++= + > > include/uapi/linux/dma-buf.h | 35 ++++++++++++++++++++ > > 2 files changed, 99 insertions(+) > > > > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c > > index 79795857be3e..529e0611e53b 100644 > > --- a/drivers/dma-buf/dma-buf.c > > +++ b/drivers/dma-buf/dma-buf.c > > @@ -20,6 +20,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -192,6 +193,9 @@ static loff_t dma_buf_llseek(struct file *file, > loff_t offset, int whence) > > * Note that this only signals the completion of the respective > fences, i.e. the > > * DMA transfers are complete. Cache flushing and any other necessary > > * preparations before CPU access can begin still need to happen. > > + * > > + * As an alternative to poll(), the set of fences on DMA buffer can be > > + * exported as a &sync_file using &dma_buf_sync_file_export. > > */ > > > > static void dma_buf_poll_cb(struct dma_fence *fence, struct > dma_fence_cb *cb) > > @@ -326,6 +330,61 @@ static long dma_buf_set_name(struct dma_buf > *dmabuf, const char __user *buf) > > return 0; > > } > > > > +#if IS_ENABLED(CONFIG_SYNC_FILE) > > +static long dma_buf_export_sync_file(struct dma_buf *dmabuf, > > + void __user *user_data) > > +{ > > + struct dma_buf_export_sync_file arg; > > + enum dma_resv_usage usage; > > + struct dma_fence *fence =3D NULL; > > + struct sync_file *sync_file; > > + int fd, ret; > > + > > + if (copy_from_user(&arg, user_data, sizeof(arg))) > > + return -EFAULT; > > + > > + if (arg.flags & ~DMA_BUF_SYNC_RW) > > + return -EINVAL; > > + > > + if ((arg.flags & DMA_BUF_SYNC_RW) =3D=3D 0) > > + return -EINVAL; > > + > > + fd =3D get_unused_fd_flags(O_CLOEXEC); > > + if (fd < 0) > > + return fd; > > + > > + usage =3D (arg.flags & DMA_BUF_SYNC_WRITE) ? DMA_RESV_USAGE_WRITE= : > > + DMA_RESV_USAGE_READ; > > + ret =3D dma_resv_get_singleton(dmabuf->resv, usage, &fence); > > + if (ret) > > + goto err_put_fd; > > + > > + if (!fence) > > + fence =3D dma_fence_get_stub(); > > + > > + sync_file =3D sync_file_create(fence); > > + > > + dma_fence_put(fence); > > + > > + if (!sync_file) { > > + ret =3D -ENOMEM; > > + goto err_put_fd; > > + } > > + > > + fd_install(fd, sync_file->file); > > + > > + arg.fd =3D fd; > > + if (copy_to_user(user_data, &arg, sizeof(arg))) > > + return -EFAULT; > > I know we had that discussion before, but I'm not 100% any more what the > outcome was. > > The problem here is that when the copy_to_user fails we have a file > descriptor which is valid, but userspace doesn't know anything about it. > > I only see a few possibilities here: > 1. Keep it like this and just assume that a process which you can't copy > the fd to is also dying (a bit to much assumption for my taste). > > 2. Close the file descriptor when this happens (not ideal either). > > 3. Instead of returning the fd in the parameter structure return it as > IOCTL result. > > Number 3 is what drm_prime_handle_to_fd_ioctl() is doing as well and > IIRC we said that this is probably the best option. > I don't have a strong preference here, so I'll go with whatever in the end but let me at least explain my reasoning. First, this was based on the FD import/export in syncobj which stuffs the FD in the args struct. If `copy_to_user` is a problem here, it's a problem there as well. Second, the only way `copy_to_user` can fail is if the client gives us a read-only page or somehow manages to race removing the page from their address space (via unmap(), for instance) with this ioctl. Both of those seem like pretty serious client errors to me. That, or the client is in the process of dying, in which case we really don't care. --Jason > Apart from that the patch set looks really clean to me now. > > Regards, > Christian. > > > > + > > + return 0; > > + > > +err_put_fd: > > + put_unused_fd(fd); > > + return ret; > > +} > > +#endif > > + > > static long dma_buf_ioctl(struct file *file, > > unsigned int cmd, unsigned long arg) > > { > > @@ -369,6 +428,11 @@ static long dma_buf_ioctl(struct file *file, > > case DMA_BUF_SET_NAME_B: > > return dma_buf_set_name(dmabuf, (const char __user *)arg)= ; > > > > +#if IS_ENABLED(CONFIG_SYNC_FILE) > > + case DMA_BUF_IOCTL_EXPORT_SYNC_FILE: > > + return dma_buf_export_sync_file(dmabuf, (void __user > *)arg); > > +#endif > > + > > default: > > return -ENOTTY; > > } > > diff --git a/include/uapi/linux/dma-buf.h b/include/uapi/linux/dma-buf.= h > > index 8e4a2ca0bcbf..46f1e3e98b02 100644 > > --- a/include/uapi/linux/dma-buf.h > > +++ b/include/uapi/linux/dma-buf.h > > @@ -85,6 +85,40 @@ struct dma_buf_sync { > > > > #define DMA_BUF_NAME_LEN 32 > > > > +/** > > + * struct dma_buf_export_sync_file - Get a sync_file from a dma-buf > > + * > > + * Userspace can perform a DMA_BUF_IOCTL_EXPORT_SYNC_FILE to retrieve > the > > + * current set of fences on a dma-buf file descriptor as a sync_file. > CPU > > + * waits via poll() or other driver-specific mechanisms typically wait > on > > + * whatever fences are on the dma-buf at the time the wait begins. Th= is > > + * is similar except that it takes a snapshot of the current fences on > the > > + * dma-buf for waiting later instead of waiting immediately. This is > > + * useful for modern graphics APIs such as Vulkan which assume an > explicit > > + * synchronization model but still need to inter-operate with dma-buf. > > + */ > > +struct dma_buf_export_sync_file { > > + /** > > + * @flags: Read/write flags > > + * > > + * Must be DMA_BUF_SYNC_READ, DMA_BUF_SYNC_WRITE, or both. > > + * > > + * If DMA_BUF_SYNC_READ is set and DMA_BUF_SYNC_WRITE is not set, > > + * the returned sync file waits on any writers of the dma-buf to > > + * complete. Waiting on the returned sync file is equivalent to > > + * poll() with POLLIN. > > + * > > + * If DMA_BUF_SYNC_WRITE is set, the returned sync file waits on > > + * any users of the dma-buf (read or write) to complete. Waiting > > + * on the returned sync file is equivalent to poll() with POLLOUT= . > > + * If both DMA_BUF_SYNC_WRITE and DMA_BUF_SYNC_READ are set, this > > + * is equivalent to just DMA_BUF_SYNC_WRITE. > > + */ > > + __u32 flags; > > + /** @fd: Returned sync file descriptor */ > > + __s32 fd; > > +}; > > + > > #define DMA_BUF_BASE 'b' > > #define DMA_BUF_IOCTL_SYNC _IOW(DMA_BUF_BASE, 0, struct dma_buf_sync= ) > > > > @@ -94,5 +128,6 @@ struct dma_buf_sync { > > #define DMA_BUF_SET_NAME _IOW(DMA_BUF_BASE, 1, const char *) > > #define DMA_BUF_SET_NAME_A _IOW(DMA_BUF_BASE, 1, u32) > > #define DMA_BUF_SET_NAME_B _IOW(DMA_BUF_BASE, 1, u64) > > +#define DMA_BUF_IOCTL_EXPORT_SYNC_FILE _IOWR(DMA_BUF_BASE, 2, > struct dma_buf_export_sync_file) > > > > #endif > > --0000000000004c641905de3f4732 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Thu, May 5, 2022 at 1:25 AM Christian K=C3=B6nig <christian.koenig@amd.com> wrote:
=
Am 04.05.22 um 22:3= 4 schrieb Jason Ekstrand:
> Modern userspace APIs like Vulkan are built on an explicit
> synchronization model.=C2=A0 This doesn't always play nicely with = the
> implicit synchronization used in the kernel and assumed by X11 and
> Wayland.=C2=A0 The client -> compositor half of the synchronization= isn't too
> bad, at least on intel, because we can control whether or not i915
> synchronizes on the buffer and whether or not it's considered writ= ten.
>
> The harder part is the compositor -> client synchronization when we= get
> the buffer back from the compositor.=C2=A0 We're required to be ab= le to
> provide the client with a VkSemaphore and VkFence representing the poi= nt
> in time where the window system (compositor and/or display) finished > using the buffer.=C2=A0 With current APIs, it's very hard to do th= is in such
> a way that we don't get confused by the Vulkan driver's access= of the
> buffer.=C2=A0 In particular, once we tell the kernel that we're re= ndering to
> the buffer again, any CPU waits on the buffer or GPU dependencies will=
> wait on some of the client rendering and not just the compositor.
>
> This new IOCTL solves this problem by allowing us to get a snapshot of=
> the implicit synchronization state of a given dma-buf in the form of a=
> sync file.=C2=A0 It's effectively the same as a poll() or I915_GEM= _WAIT only,
> instead of CPU waiting directly, it encapsulates the wait operation, a= t
> the current moment in time, in a sync_file so we can check/wait on it<= br> > later.=C2=A0 As long as the Vulkan driver does the sync_file export fr= om the
> dma-buf before we re-introduce it for rendering, it will only contain<= br> > fences from the compositor or display.=C2=A0 This allows to accurately= turn
> it into a VkFence or VkSemaphore without any over-synchronization.
>
> By making this an ioctl on the dma-buf itself, it allows this new
> functionality to be used in an entirely driver-agnostic way without > having access to a DRM fd. This makes it ideal for use in driver-gener= ic
> code in Mesa or in a client such as a compositor where the DRM fd may = be
> hard to reach.
>
> v2 (Jason Ekstrand):
>=C2=A0 =C2=A0- Use a wrapper dma_fence_array of all fences including th= e new one
>=C2=A0 =C2=A0 =C2=A0when importing an exclusive fence.
>
> v3 (Jason Ekstrand):
>=C2=A0 =C2=A0- Lock around setting shared fences as well as exclusive >=C2=A0 =C2=A0- Mark SIGNAL_SYNC_FILE as a read-write ioctl.
>=C2=A0 =C2=A0- Initialize ret to 0 in dma_buf_wait_sync_file
>
> v4 (Jason Ekstrand):
>=C2=A0 =C2=A0- Use the new dma_resv_get_singleton helper
>
> v5 (Jason Ekstrand):
>=C2=A0 =C2=A0- Rename the IOCTLs to import/export rather than wait/sign= al
>=C2=A0 =C2=A0- Drop the WRITE flag and always get/set the exclusive fen= ce
>
> v6 (Jason Ekstrand):
>=C2=A0 =C2=A0- Drop the sync_file import as it was all-around sketchy a= nd not nearly
>=C2=A0 =C2=A0 =C2=A0as useful as import.
>=C2=A0 =C2=A0- Re-introduce READ/WRITE flag support for export
>=C2=A0 =C2=A0- Rework the commit message
>
> v7 (Jason Ekstrand):
>=C2=A0 =C2=A0- Require at least one sync flag
>=C2=A0 =C2=A0- Fix a refcounting bug: dma_resv_get_excl() doesn't t= ake a reference
>=C2=A0 =C2=A0- Use _rcu helpers since we're accessing the dma_resv = read-only
>
> v8 (Jason Ekstrand):
>=C2=A0 =C2=A0- Return -ENOMEM if the sync_file_create fails
>=C2=A0 =C2=A0- Predicate support on IS_ENABLED(CONFIG_SYNC_FILE)
>
> v9 (Jason Ekstrand):
>=C2=A0 =C2=A0- Add documentation for the new ioctl
>
> v10 (Jason Ekstrand):
>=C2=A0 =C2=A0- Go back to dma_buf_sync_file as the ioctl struct name >
> v11 (Daniel Vetter):
>=C2=A0 =C2=A0- Go back to dma_buf_export_sync_file as the ioctl struct = name
>=C2=A0 =C2=A0- Better kerneldoc describing what the read/write flags do=
>
> v12 (Christian K=C3=B6nig):
>=C2=A0 =C2=A0- Document why we chose to make it an ioctl on dma-buf
>
> v12 (Jason Ekstrand):
>=C2=A0 =C2=A0- Rebase on Christian K=C3=B6nig's fence rework
>
> Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
> Acked-by: Simon Ser <contact@emersion.fr>
> Acked-by: Christian K=C3=B6nig <christian.koenig@amd.com>
> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> Cc: Sumit Semwal <sumit.semwal@linaro.org>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> ---
>=C2=A0 =C2=A0drivers/dma-buf/dma-buf.c=C2=A0 =C2=A0 | 64 ++++++++++++++= ++++++++++++++++++++++
>=C2=A0 =C2=A0include/uapi/linux/dma-buf.h | 35 ++++++++++++++++++++
>=C2=A0 =C2=A02 files changed, 99 insertions(+)
>
> diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
> index 79795857be3e..529e0611e53b 100644
> --- a/drivers/dma-buf/dma-buf.c
> +++ b/drivers/dma-buf/dma-buf.c
> @@ -20,6 +20,7 @@
>=C2=A0 =C2=A0#include <linux/debugfs.h>
>=C2=A0 =C2=A0#include <linux/module.h>
>=C2=A0 =C2=A0#include <linux/seq_file.h>
> +#include <linux/sync_file.h>
>=C2=A0 =C2=A0#include <linux/poll.h>
>=C2=A0 =C2=A0#include <linux/dma-resv.h>
>=C2=A0 =C2=A0#include <linux/mm.h>
> @@ -192,6 +193,9 @@ static loff_t dma_buf_llseek(struct file *file, lo= ff_t offset, int whence)
>=C2=A0 =C2=A0 * Note that this only signals the completion of the respe= ctive fences, i.e. the
>=C2=A0 =C2=A0 * DMA transfers are complete. Cache flushing and any othe= r necessary
>=C2=A0 =C2=A0 * preparations before CPU access can begin still need to = happen.
> + *
> + * As an alternative to poll(), the set of fences on DMA buffer can b= e
> + * exported as a &sync_file using &dma_buf_sync_file_export.<= br> >=C2=A0 =C2=A0 */
>=C2=A0 =C2=A0
>=C2=A0 =C2=A0static void dma_buf_poll_cb(struct dma_fence *fence, struc= t dma_fence_cb *cb)
> @@ -326,6 +330,61 @@ static long dma_buf_set_name(struct dma_buf *dmab= uf, const char __user *buf)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0return 0;
>=C2=A0 =C2=A0}
>=C2=A0 =C2=A0
> +#if IS_ENABLED(CONFIG_SYNC_FILE)
> +static long dma_buf_export_sync_file(struct dma_buf *dmabuf,
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 void __user *user_data) > +{
> +=C2=A0 =C2=A0 =C2=A0struct dma_buf_export_sync_file arg;
> +=C2=A0 =C2=A0 =C2=A0enum dma_resv_usage usage;
> +=C2=A0 =C2=A0 =C2=A0struct dma_fence *fence =3D NULL;
> +=C2=A0 =C2=A0 =C2=A0struct sync_file *sync_file;
> +=C2=A0 =C2=A0 =C2=A0int fd, ret;
> +
> +=C2=A0 =C2=A0 =C2=A0if (copy_from_user(&arg, user_data, sizeof(ar= g)))
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -EFAULT;
> +
> +=C2=A0 =C2=A0 =C2=A0if (arg.flags & ~DMA_BUF_SYNC_RW)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -EINVAL;
> +
> +=C2=A0 =C2=A0 =C2=A0if ((arg.flags & DMA_BUF_SYNC_RW) =3D=3D 0) > +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -EINVAL;
> +
> +=C2=A0 =C2=A0 =C2=A0fd =3D get_unused_fd_flags(O_CLOEXEC);
> +=C2=A0 =C2=A0 =C2=A0if (fd < 0)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return fd;
> +
> +=C2=A0 =C2=A0 =C2=A0usage =3D (arg.flags & DMA_BUF_SYNC_WRITE) ? = DMA_RESV_USAGE_WRITE :
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 DMA_RESV_USAGE_READ;
> +=C2=A0 =C2=A0 =C2=A0ret =3D dma_resv_get_singleton(dmabuf->resv, u= sage, &fence);
> +=C2=A0 =C2=A0 =C2=A0if (ret)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto err_put_fd;
> +
> +=C2=A0 =C2=A0 =C2=A0if (!fence)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0fence =3D dma_fence_g= et_stub();
> +
> +=C2=A0 =C2=A0 =C2=A0sync_file =3D sync_file_create(fence);
> +
> +=C2=A0 =C2=A0 =C2=A0dma_fence_put(fence);
> +
> +=C2=A0 =C2=A0 =C2=A0if (!sync_file) {
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D -ENOMEM;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto err_put_fd;
> +=C2=A0 =C2=A0 =C2=A0}
> +
> +=C2=A0 =C2=A0 =C2=A0fd_install(fd, sync_file->file);
> +
> +=C2=A0 =C2=A0 =C2=A0arg.fd =3D fd;
> +=C2=A0 =C2=A0 =C2=A0if (copy_to_user(user_data, &arg, sizeof(arg)= ))
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -EFAULT;

I know we had that discussion before, but I'm not 100% any more what th= e
outcome was.

The problem here is that when the copy_to_user fails we have a file
descriptor which is valid, but userspace doesn't know anything about it= .

I only see a few possibilities here:
1. Keep it like this and just assume that a process which you can't cop= y
the fd to is also dying (a bit to much assumption for my taste).

2. Close the file descriptor when this happens (not ideal either).

3. Instead of returning the fd in the parameter structure return it as
IOCTL result.

Number 3 is what drm_prime_handle_to_fd_ioctl() is doing as well and
IIRC we said that this is probably the best option.
I don't have a strong preference here, so I'll go with= whatever in the end but let me at least explain my reasoning.=C2=A0 First,= this was based on the FD import/export in syncobj which stuffs the FD in t= he args struct.=C2=A0 If `copy_to_user` is a problem here, it's a probl= em there as well.=C2=A0 Second, the only way `copy_to_user` can fail is if = the client gives us a read-only page or somehow manages to race removing th= e page from their address space (via unmap(), for instance) with this ioctl= .=C2=A0 Both of those seem like pretty serious client errors to me.=C2=A0 T= hat, or the client is in the process of dying, in which case we really don&= #39;t care.

--Jason

=C2= =A0
Apart from that the patch set looks really clean to me now.

Regards,
Christian.


> +
> +=C2=A0 =C2=A0 =C2=A0return 0;
> +
> +err_put_fd:
> +=C2=A0 =C2=A0 =C2=A0put_unused_fd(fd);
> +=C2=A0 =C2=A0 =C2=A0return ret;
> +}
> +#endif
> +
>=C2=A0 =C2=A0static long dma_buf_ioctl(struct file *file,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0unsigned int cmd, unsigned long arg)
>=C2=A0 =C2=A0{
> @@ -369,6 +428,11 @@ static long dma_buf_ioctl(struct file *file,
>=C2=A0 =C2=A0 =C2=A0 =C2=A0case DMA_BUF_SET_NAME_B:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return dma_buf_s= et_name(dmabuf, (const char __user *)arg);
>=C2=A0 =C2=A0
> +#if IS_ENABLED(CONFIG_SYNC_FILE)
> +=C2=A0 =C2=A0 =C2=A0case DMA_BUF_IOCTL_EXPORT_SYNC_FILE:
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return dma_buf_export= _sync_file(dmabuf, (void __user *)arg);
> +#endif
> +
>=C2=A0 =C2=A0 =C2=A0 =C2=A0default:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return -ENOTTY;<= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0}
> diff --git a/include/uapi/linux/dma-buf.h b/include/uapi/linux/dma-buf= .h
> index 8e4a2ca0bcbf..46f1e3e98b02 100644
> --- a/include/uapi/linux/dma-buf.h
> +++ b/include/uapi/linux/dma-buf.h
> @@ -85,6 +85,40 @@ struct dma_buf_sync {
>=C2=A0 =C2=A0
>=C2=A0 =C2=A0#define DMA_BUF_NAME_LEN=C2=A0 =C2=A0 32
>=C2=A0 =C2=A0
> +/**
> + * struct dma_buf_export_sync_file - Get a sync_file from a dma-buf > + *
> + * Userspace can perform a DMA_BUF_IOCTL_EXPORT_SYNC_FILE to retrieve= the
> + * current set of fences on a dma-buf file descriptor as a sync_file.= =C2=A0 CPU
> + * waits via poll() or other driver-specific mechanisms typically wai= t on
> + * whatever fences are on the dma-buf at the time the wait begins.=C2= =A0 This
> + * is similar except that it takes a snapshot of the current fences o= n the
> + * dma-buf for waiting later instead of waiting immediately.=C2=A0 Th= is is
> + * useful for modern graphics APIs such as Vulkan which assume an exp= licit
> + * synchronization model but still need to inter-operate with dma-buf= .
> + */
> +struct dma_buf_export_sync_file {
> +=C2=A0 =C2=A0 =C2=A0/**
> +=C2=A0 =C2=A0 =C2=A0 * @flags: Read/write flags
> +=C2=A0 =C2=A0 =C2=A0 *
> +=C2=A0 =C2=A0 =C2=A0 * Must be DMA_BUF_SYNC_READ, DMA_BUF_SYNC_WRITE,= or both.
> +=C2=A0 =C2=A0 =C2=A0 *
> +=C2=A0 =C2=A0 =C2=A0 * If DMA_BUF_SYNC_READ is set and DMA_BUF_SYNC_W= RITE is not set,
> +=C2=A0 =C2=A0 =C2=A0 * the returned sync file waits on any writers of= the dma-buf to
> +=C2=A0 =C2=A0 =C2=A0 * complete.=C2=A0 Waiting on the returned sync f= ile is equivalent to
> +=C2=A0 =C2=A0 =C2=A0 * poll() with POLLIN.
> +=C2=A0 =C2=A0 =C2=A0 *
> +=C2=A0 =C2=A0 =C2=A0 * If DMA_BUF_SYNC_WRITE is set, the returned syn= c file waits on
> +=C2=A0 =C2=A0 =C2=A0 * any users of the dma-buf (read or write) to co= mplete.=C2=A0 Waiting
> +=C2=A0 =C2=A0 =C2=A0 * on the returned sync file is equivalent to pol= l() with POLLOUT.
> +=C2=A0 =C2=A0 =C2=A0 * If both DMA_BUF_SYNC_WRITE and DMA_BUF_SYNC_RE= AD are set, this
> +=C2=A0 =C2=A0 =C2=A0 * is equivalent to just DMA_BUF_SYNC_WRITE.
> +=C2=A0 =C2=A0 =C2=A0 */
> +=C2=A0 =C2=A0 =C2=A0__u32 flags;
> +=C2=A0 =C2=A0 =C2=A0/** @fd: Returned sync file descriptor */
> +=C2=A0 =C2=A0 =C2=A0__s32 fd;
> +};
> +
>=C2=A0 =C2=A0#define DMA_BUF_BASE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 'b'
>=C2=A0 =C2=A0#define DMA_BUF_IOCTL_SYNC=C2=A0 _IOW(DMA_BUF_BASE, 0, str= uct dma_buf_sync)
>=C2=A0 =C2=A0
> @@ -94,5 +128,6 @@ struct dma_buf_sync {
>=C2=A0 =C2=A0#define DMA_BUF_SET_NAME=C2=A0 =C2=A0 _IOW(DMA_BUF_BASE, 1= , const char *)
>=C2=A0 =C2=A0#define DMA_BUF_SET_NAME_A=C2=A0 _IOW(DMA_BUF_BASE, 1, u32= )
>=C2=A0 =C2=A0#define DMA_BUF_SET_NAME_B=C2=A0 _IOW(DMA_BUF_BASE, 1, u64= )
> +#define DMA_BUF_IOCTL_EXPORT_SYNC_FILE=C2=A0 =C2=A0 =C2=A0 =C2=A0_IOW= R(DMA_BUF_BASE, 2, struct dma_buf_export_sync_file)
>=C2=A0 =C2=A0
>=C2=A0 =C2=A0#endif

--0000000000004c641905de3f4732--