On Mon, May 15, 2017 at 12:50:04PM +0200, David Herrmann wrote:
> Hey
> 
> On Mon, May 15, 2017 at 12:10 PM, Chris Wilson <ch...@chris-wilson.co.uk> 
> wrote:
> > Constructing the name takes the majority of the time for allocating a
> > sync_file to wrap a fence, and the name is very rarely used (only via
> > the sync_file status user interface). To reduce the impact on the common
> > path (that of creating sync_file to pass around), defer the construction
> > of the name until it is first used.
> >
> > v2: Update kerneldoc (kbuild test robot)
> > v3: sync_debug.c was peeking at the name
> > v4: Comment upon the potential race between two users of
> > sync_file_get_name() and claim that such a race is below the level of
> > notice. However, to prevent any future nuisance, use a global spinlock
> > to serialize the assignment of the name.
> >
> > Signed-off-by: Chris Wilson <ch...@chris-wilson.co.uk>
> > Cc: Sumit Semwal <sumit.sem...@linaro.org>
> > Cc: Gustavo Padovan <gust...@padovan.org>
> > Cc: Daniel Vetter <daniel.vet...@ffwll.ch>
> > ---
> >  drivers/dma-buf/sync_debug.c |  3 ++-
> >  drivers/dma-buf/sync_file.c  | 54 
> > ++++++++++++++++++++++++++++++++++++++------
> >  include/linux/sync_file.h    |  5 ++--
> >  3 files changed, 52 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/dma-buf/sync_debug.c b/drivers/dma-buf/sync_debug.c
> > index 4b1731ee7458..9a93f1085c63 100644
> > --- a/drivers/dma-buf/sync_debug.c
> > +++ b/drivers/dma-buf/sync_debug.c
> > @@ -134,7 +134,8 @@ static void sync_print_sync_file(struct seq_file *s,
> >  {
> >         int i;
> >
> > -       seq_printf(s, "[%p] %s: %s\n", sync_file, sync_file->name,
> > +       seq_printf(s, "[%p] %s: %s\n", sync_file,
> > +                  sync_file_get_name(sync_file),
> >                    sync_status_str(dma_fence_get_status(sync_file->fence)));
> >
> >         if (dma_fence_is_array(sync_file->fence)) {
> > diff --git a/drivers/dma-buf/sync_file.c b/drivers/dma-buf/sync_file.c
> > index c9eb4997cfcc..0d54de79ba76 100644
> > --- a/drivers/dma-buf/sync_file.c
> > +++ b/drivers/dma-buf/sync_file.c
> > @@ -80,11 +80,6 @@ struct sync_file *sync_file_create(struct dma_fence 
> > *fence)
> >
> >         sync_file->fence = dma_fence_get(fence);
> >
> > -       snprintf(sync_file->name, sizeof(sync_file->name), "%s-%s%llu-%d",
> > -                fence->ops->get_driver_name(fence),
> > -                fence->ops->get_timeline_name(fence), fence->context,
> > -                fence->seqno);
> > -
> >         return sync_file;
> >  }
> >  EXPORT_SYMBOL(sync_file_create);
> > @@ -129,6 +124,51 @@ struct dma_fence *sync_file_get_fence(int fd)
> >  }
> >  EXPORT_SYMBOL(sync_file_get_fence);
> >
> > +/**
> > + * sync_file_get_name - get the name of the sync_file
> > + * @sync_file:         sync_file to get the fence from
> > + *
> > + * Each sync_file may have a name assigned either by the user (when merging
> > + * sync_files together) or created from the fence it contains. However,
> > + * construction of the name is deferred until first use.
> > + *
> > + * Returns: a string representing the name
> > + */
> > +char *sync_file_get_name(struct sync_file *sync_file)
> > +{
> > +       static DEFINE_SPINLOCK(name_lock);
> > +
> > +       if (!sync_file->user_name[0]) {
> > +               char buf[sizeof(sync_file->user_name)];
> > +               struct dma_fence *fence;
> > +               int len;
> > +
> > +               rcu_read_lock();
> > +               fence = sync_file->fence;
> > +               len = scnprintf(buf, sizeof(buf), "%s-%s%llu-%d",
> > +                               
> > fence->ops->get_driver_name(sync_file->fence),
> > +                               
> > fence->ops->get_timeline_name(sync_file->fence),
> > +                               fence->context,
> > +                               fence->seqno);
> > +
> > +               /* This is mildly racy, so we stage the printf into a local
> > +                * buffer and do the copy with preempt disabled to trim the
> > +                * race down to a few cycles. To completely eliminate the
> > +                * race, we do the final assignment underneath a global
> > +                * spinlock. A global lock should be adequate here for this
> > +                * rare path (called from the middle of a user sw_sync 
> > status
> > +                * ioctl and from debugfs).
> > +                */
> > +               spin_lock(&name_lock);
> > +               if (!sync_file->user_name[0])
> > +                       memcpy(sync_file->user_name, buf, len + 1);
> 
> A racing reader might get a truncated string here. Note that a racing
> reader does not take the lock as soon as the first byte is visible.
> Not sure what the name is used for, but with that code it is not
> reliable.

The comment does explain that the use case is purely debug. We may as
well forget the spinlock. It is always a valid string, if incomplete, and
the race is fairly immaterial. For the value of the name, I'd be quite
happy to ignore it entirely and have it only set when the user provides
one.
 
> Also, please zero-terminate the string... scnprintf() does not
> guarantee that, if it follows posix.

But the kernel vs[c]nprintf does ensure that the string is NUL-terminated.
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Reply via email to