On Fri, 17 Sep 2021 14:59:43 +0200 Alexandre Bailon wrote:
> +static DEFINE_IDA(req_ida);
> +static LIST_HEAD(complete_node);
I see accesses to complete_node in apu_drm_callback(), apu_job_timedout()
and ioctl_gem_dequeue() without working out the serialization to avoid
list corruption. Can you add a comment to specify it?
> +
> +int apu_drm_callback(struct apu_core *apu_core, void *data, int len)
> +{
> + struct apu_request *apu_req, *tmp;
> + struct apu_dev_request *hdr = data;
> + unsigned long flags;
> +
> + spin_lock_irqsave(&apu_core->ctx_lock, flags);
> + list_for_each_entry_safe(apu_req, tmp, &apu_core->requests, node) {
> + struct apu_job *job = apu_req->job;
> +
> + if (job && hdr->id == job->id) {
> + kref_get(&job->refcount);
> + job->result = hdr->result;
> + if (job->size_out)
> + memcpy(job->data_out, hdr->data + job->size_in,
> + min(job->size_out, hdr->size_out));
> + job->size_out = hdr->size_out;
> + list_add(&job->node, &complete_node);
> + list_del(&apu_req->node);
> + ida_simple_remove(&req_ida, hdr->id);
> + kfree(apu_req);
> + drm_send_event(job->apu_drm->drm,
> + &job->event->pending_event);
> + dma_fence_signal_locked(job->done_fence);
> + }
> + }
> + spin_unlock_irqrestore(&apu_core->ctx_lock, flags);
> +
> + return 0;
> +}
