Re: [PATCH 01/19] drm/msm: remove dangling submitqueue references
On Tue 01 Sep 03:42 UTC 2020, Rob Clark wrote: > On Mon, Aug 31, 2020 at 7:35 PM Bjorn Andersson > wrote: > > > > On Fri 14 Aug 02:40 UTC 2020, Rob Clark wrote: > > > > > From: Rob Clark > > > > > > Currently it doesn't matter, since we free the ctx immediately. But > > > when we start refcnt'ing the ctx, we don't want old dangling list > > > entries to hang around. > > > > > > Signed-off-by: Rob Clark > > > --- > > > drivers/gpu/drm/msm/msm_submitqueue.c | 4 +++- > > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > > > diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c > > > b/drivers/gpu/drm/msm/msm_submitqueue.c > > > index a1d94be7883a..90c9d84e6155 100644 > > > --- a/drivers/gpu/drm/msm/msm_submitqueue.c > > > +++ b/drivers/gpu/drm/msm/msm_submitqueue.c > > > @@ -49,8 +49,10 @@ void msm_submitqueue_close(struct msm_file_private > > > *ctx) > > >* No lock needed in close and there won't > > >* be any more user ioctls coming our way > > >*/ > > > - list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) > > > + list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) { > > > + list_del(&entry->node); > > > > If you refcount ctx, what does that do for the entries in the submit > > queue? > > > > "entry" here is kref'ed, but you're popping it off the list regardless > > of the put ends up freeing the object or not - which afaict would mean > > leaking the object. > > > > What ends up happening is the submit has reference to submit-queue, > which has reference to the ctx.. the submitqueue could be alive still > pending in-flight submits (in a later patch), but dead from the PoV of > userspace interface. > > We aren't relying (or at least aren't in the end, and I *think* I > didn't miss anything in the middle) relying on ctx->submitqueues list > to clean anything up in the end, just track what is still a valid > submitqueue from userspace PoV > Looks reasonable, thanks for the explanation. > BR, > -R > > > > > On the other hand, with the current implementation an object with higher > > refcount with adjacent objects of single refcount would end up with > > dangling pointers after the put. So in itself this change seems like a > > net gain, but I'm wondering about the plan described in the commit > > message. > > > > Regards, > > Bjorn > > > > > msm_submitqueue_put(entry); > > > + } > > > } > > > > > > int msm_submitqueue_create(struct drm_device *drm, struct > > > msm_file_private *ctx, > > > -- > > > 2.26.2 > > > ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH 01/19] drm/msm: remove dangling submitqueue references
On Fri 14 Aug 02:40 UTC 2020, Rob Clark wrote: > From: Rob Clark > > Currently it doesn't matter, since we free the ctx immediately. But > when we start refcnt'ing the ctx, we don't want old dangling list > entries to hang around. > > Signed-off-by: Rob Clark Reviewed-by: Bjorn Andersson > --- > drivers/gpu/drm/msm/msm_submitqueue.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c > b/drivers/gpu/drm/msm/msm_submitqueue.c > index a1d94be7883a..90c9d84e6155 100644 > --- a/drivers/gpu/drm/msm/msm_submitqueue.c > +++ b/drivers/gpu/drm/msm/msm_submitqueue.c > @@ -49,8 +49,10 @@ void msm_submitqueue_close(struct msm_file_private *ctx) >* No lock needed in close and there won't >* be any more user ioctls coming our way >*/ > - list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) > + list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) { > + list_del(&entry->node); > msm_submitqueue_put(entry); > + } > } > > int msm_submitqueue_create(struct drm_device *drm, struct msm_file_private > *ctx, > -- > 2.26.2 > ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH 01/19] drm/msm: remove dangling submitqueue references
On Mon, Aug 31, 2020 at 7:35 PM Bjorn Andersson wrote: > > On Fri 14 Aug 02:40 UTC 2020, Rob Clark wrote: > > > From: Rob Clark > > > > Currently it doesn't matter, since we free the ctx immediately. But > > when we start refcnt'ing the ctx, we don't want old dangling list > > entries to hang around. > > > > Signed-off-by: Rob Clark > > --- > > drivers/gpu/drm/msm/msm_submitqueue.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c > > b/drivers/gpu/drm/msm/msm_submitqueue.c > > index a1d94be7883a..90c9d84e6155 100644 > > --- a/drivers/gpu/drm/msm/msm_submitqueue.c > > +++ b/drivers/gpu/drm/msm/msm_submitqueue.c > > @@ -49,8 +49,10 @@ void msm_submitqueue_close(struct msm_file_private *ctx) > >* No lock needed in close and there won't > >* be any more user ioctls coming our way > >*/ > > - list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) > > + list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) { > > + list_del(&entry->node); > > If you refcount ctx, what does that do for the entries in the submit > queue? > > "entry" here is kref'ed, but you're popping it off the list regardless > of the put ends up freeing the object or not - which afaict would mean > leaking the object. > What ends up happening is the submit has reference to submit-queue, which has reference to the ctx.. the submitqueue could be alive still pending in-flight submits (in a later patch), but dead from the PoV of userspace interface. We aren't relying (or at least aren't in the end, and I *think* I didn't miss anything in the middle) relying on ctx->submitqueues list to clean anything up in the end, just track what is still a valid submitqueue from userspace PoV BR, -R > > On the other hand, with the current implementation an object with higher > refcount with adjacent objects of single refcount would end up with > dangling pointers after the put. So in itself this change seems like a > net gain, but I'm wondering about the plan described in the commit > message. > > Regards, > Bjorn > > > msm_submitqueue_put(entry); > > + } > > } > > > > int msm_submitqueue_create(struct drm_device *drm, struct msm_file_private > > *ctx, > > -- > > 2.26.2 > > ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH 01/19] drm/msm: remove dangling submitqueue references
On Fri 14 Aug 02:40 UTC 2020, Rob Clark wrote: > From: Rob Clark > > Currently it doesn't matter, since we free the ctx immediately. But > when we start refcnt'ing the ctx, we don't want old dangling list > entries to hang around. > > Signed-off-by: Rob Clark > --- > drivers/gpu/drm/msm/msm_submitqueue.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c > b/drivers/gpu/drm/msm/msm_submitqueue.c > index a1d94be7883a..90c9d84e6155 100644 > --- a/drivers/gpu/drm/msm/msm_submitqueue.c > +++ b/drivers/gpu/drm/msm/msm_submitqueue.c > @@ -49,8 +49,10 @@ void msm_submitqueue_close(struct msm_file_private *ctx) >* No lock needed in close and there won't >* be any more user ioctls coming our way >*/ > - list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) > + list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) { > + list_del(&entry->node); If you refcount ctx, what does that do for the entries in the submit queue? "entry" here is kref'ed, but you're popping it off the list regardless of the put ends up freeing the object or not - which afaict would mean leaking the object. On the other hand, with the current implementation an object with higher refcount with adjacent objects of single refcount would end up with dangling pointers after the put. So in itself this change seems like a net gain, but I'm wondering about the plan described in the commit message. Regards, Bjorn > msm_submitqueue_put(entry); > + } > } > > int msm_submitqueue_create(struct drm_device *drm, struct msm_file_private > *ctx, > -- > 2.26.2 > ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH 01/19] drm/msm: remove dangling submitqueue references
On Thu, Aug 13, 2020 at 07:40:56PM -0700, Rob Clark wrote: > From: Rob Clark > > Currently it doesn't matter, since we free the ctx immediately. But > when we start refcnt'ing the ctx, we don't want old dangling list > entries to hang around. Reviewed-by: Jordan Crouse > Signed-off-by: Rob Clark > --- > drivers/gpu/drm/msm/msm_submitqueue.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c > b/drivers/gpu/drm/msm/msm_submitqueue.c > index a1d94be7883a..90c9d84e6155 100644 > --- a/drivers/gpu/drm/msm/msm_submitqueue.c > +++ b/drivers/gpu/drm/msm/msm_submitqueue.c > @@ -49,8 +49,10 @@ void msm_submitqueue_close(struct msm_file_private *ctx) >* No lock needed in close and there won't >* be any more user ioctls coming our way >*/ > - list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) > + list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) { > + list_del(&entry->node); > msm_submitqueue_put(entry); > + } > } > > int msm_submitqueue_create(struct drm_device *drm, struct msm_file_private > *ctx, > -- > 2.26.2 > > ___ > iommu mailing list > iommu@lists.linux-foundation.org > https://lists.linuxfoundation.org/mailman/listinfo/iommu -- The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH 01/19] drm/msm: remove dangling submitqueue references
From: Rob Clark Currently it doesn't matter, since we free the ctx immediately. But when we start refcnt'ing the ctx, we don't want old dangling list entries to hang around. Signed-off-by: Rob Clark --- drivers/gpu/drm/msm/msm_submitqueue.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/msm_submitqueue.c b/drivers/gpu/drm/msm/msm_submitqueue.c index a1d94be7883a..90c9d84e6155 100644 --- a/drivers/gpu/drm/msm/msm_submitqueue.c +++ b/drivers/gpu/drm/msm/msm_submitqueue.c @@ -49,8 +49,10 @@ void msm_submitqueue_close(struct msm_file_private *ctx) * No lock needed in close and there won't * be any more user ioctls coming our way */ - list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) + list_for_each_entry_safe(entry, tmp, &ctx->submitqueues, node) { + list_del(&entry->node); msm_submitqueue_put(entry); + } } int msm_submitqueue_create(struct drm_device *drm, struct msm_file_private *ctx, -- 2.26.2 ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu