Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2029639pxb; Mon, 23 Aug 2021 10:18:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx5naaY9ZC0sSEC1IgZvtWP4LDaetQTZ9bs7iQP+4uuPLJTnteCPr279gAAVUGUhSKi1lV0 X-Received: by 2002:a05:6e02:1288:: with SMTP id y8mr23320480ilq.206.1629739101967; Mon, 23 Aug 2021 10:18:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629739101; cv=none; d=google.com; s=arc-20160816; b=E2oOkybCgv25g8ahwucyO6L4FHAGzEip1Il2vGKoj9arjuBjb+yTNQExcwIiv1j41F cfBEz2GCJtwDYBYxyMn/NaMS1JsQVZ92cYhmDu30nng2u+O5POWqO+X5N+R2O0Ajt7Hm eJwhgD9oQPDTCxtdCPkSvAXCMCxa9WrpFbK79GoC3VWGQud7DFJo3Y+1l7TVsphyEOWa RPhEHUmA25289dy1OYFjvJc3JbUWI8L9IbQH1ScefRbhDSU+ZbnN/2e6AL2l2x+5/Uew 1PwfpXUaI/t8qYultMeeAN1Av3+hiwDeqIw+tRF/nlFSWNL9mKRUY0OP71+je9YIxgBd KOWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LBNnbRdOB7gSyGYfTznXsYtZJZQrtVufmncq+RbfE9Q=; b=S+0YjB3RKAfbANLTu+xIq/ZfYYdtgxBVmRj9cd7xr38Ivg2SZkg45M6GeIHcBtxMV4 Y7LGlItOuaY/+4Z5hAucaWclOikGZBf9gSIGfKwK+QTaKkxKyvfZXxXB4KdV0VO9DiGd kjxj4+qpP+ZtsQCAY8z+A3NCf26nrPnaFeq2R+Bo2ll0UeUq02XjLO8qVKtZEl6Y6chN vzqX2iXtOyVJ54ed3Mf6AT9KXMxeyk8duboan7YWVl46Vp0I0+muzmiCLdQVXiw2uVL+ 4K72wGI3/CtIF116z8py6A4+dm5vFCUOdRCUjqqNLXz1ku53N/OXGL2SA3j9qqAqP68J l7yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=hG8Mzg+1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x8si2174440iom.11.2021.08.23.10.18.07; Mon, 23 Aug 2021 10:18:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=hG8Mzg+1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230439AbhHWRSI (ORCPT + 99 others); Mon, 23 Aug 2021 13:18:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40558 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231936AbhHWRQZ (ORCPT ); Mon, 23 Aug 2021 13:16:25 -0400 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5BF24C061760; Mon, 23 Aug 2021 10:15:42 -0700 (PDT) Received: by mail-pf1-x431.google.com with SMTP id x16so15947435pfh.2; Mon, 23 Aug 2021 10:15:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LBNnbRdOB7gSyGYfTznXsYtZJZQrtVufmncq+RbfE9Q=; b=hG8Mzg+1ySiHuITmyp+yvPuFpdEA3NP/19iTrD/Y0g0PtxF/8NMH2RdPjpY+kbjKoC lgv6NuYvXX+ah1Ke3DNhU9t+K2wY7IXGibMNDyvyWvRGRz8ST+sNlTJrgXezunIw4Y8Z GwOykfo+d5qT42m40aTeOUsNhh+aYQzE7lPgiQ6SDVXJu443TytjA87r6yaN1S+1aABn 4q7ueSkFnhzrZdi95OgKPwaCwFOnpBWcG/utpwxSqpbNwBwCSUFbDw3zRKeeb8QyvQYq tfX37J3sQ7cVKCRDvHwOLFTchIfpZNpfFtppYryIroIl0qB/zmOfRs8guAGNwPt+IbA3 /lOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LBNnbRdOB7gSyGYfTznXsYtZJZQrtVufmncq+RbfE9Q=; b=O1dJ3L0QdHHW9ZanhEg+unAvdhhnaI9PdDpqSUL7FiUwfIaWP+Llhg+Z8Uuuh9OCqK I6CT3wKRYX+jXRrip39341jzmv8YvMXaZymwrRMQq3yNuZ7h11TRDIzNsd93uQ5DwGd4 LzapnEZGOf9G0V+8WilILp8uDInDh735KPoYdetlQ41ymYChVty5lLOw9vbF1etX3xBS WSANoykX9eWU+HsWw9vgmT4fu8CiEoFIzEpL3rBueICD8kMDYfZNA8xYENNkk9Ik7k0+ PDpIF4B6rgwtTOsjnvtYc65h2MoxeivypFek42tZk3+xDu1asmm0SWsXVvgfdPl2qk++ WkwA== X-Gm-Message-State: AOAM532Yyg9wdl+uhogp9fbfMnPY53wiiiicaLewQFoswLGsCYHOEKKA xui5sqn6D9D5XYyskoAZ4is= X-Received: by 2002:aa7:850c:0:b0:3e2:edf3:3d09 with SMTP id v12-20020aa7850c000000b003e2edf33d09mr28372462pfn.42.1629738941879; Mon, 23 Aug 2021 10:15:41 -0700 (PDT) Received: from localhost.localdomain ([118.200.190.93]) by smtp.gmail.com with ESMTPSA id q4sm14290830pjd.52.2021.08.23.10.15.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Aug 2021 10:15:41 -0700 (PDT) From: Desmond Cheong Zhi Xi To: maarten.lankhorst@linux.intel.com, mripard@kernel.org, tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch, sumit.semwal@linaro.org, christian.koenig@amd.com Cc: Desmond Cheong Zhi Xi , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, intel-gfx@lists.freedesktop.org, linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org, skhan@linuxfoundation.org, gregkh@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org Subject: [PATCH v5 5/6] drm: avoid circular locks with modeset_mutex and master_rwsem Date: Tue, 24 Aug 2021 01:14:36 +0800 Message-Id: <20210823171437.829404-6-desmondcheongzx@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210823171437.829404-1-desmondcheongzx@gmail.com> References: <20210823171437.829404-1-desmondcheongzx@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org drm_device.master_rwsem is an outer lock that's grabbed in the ioctl handler. However, in a future patch, master_rwsem will replace drm_file.master_lookup_lock in drm_file_get_master, which is sometimes called while holding other locks that depend on master_rwsem. This circular locking should be avoided to prevent deadlocks. _drm_lease_held and drm_lease_held call drm_file_get_master. However, both functions are called while holding on to modeset_mutex, inverting the master_rwsem --> modeset_mutex lock hierarchy. To fix this, we do two things: 1. Wrap __drm_mode_object_find with read locks on master_rwsem before locking modeset mutex so that we can still safely access drm_file.master without drm_file_get_master 2. Call drm_file_get_master before locking modeset_mutex, then check for leases with the new drm_lease_held_master function instead of drm_lease_held Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_atomic_uapi.c | 4 +++- drivers/gpu/drm/drm_auth.c | 3 +++ drivers/gpu/drm/drm_encoder.c | 7 ++++++- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_lease.c | 34 ++++++++----------------------- drivers/gpu/drm/drm_mode_object.c | 16 +++++++++++---- drivers/gpu/drm/drm_plane.c | 17 +++++++++++++--- drivers/gpu/drm/drm_property.c | 6 +++--- include/drm/drm_lease.h | 4 +++- 9 files changed, 53 insertions(+), 40 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index 909f31833181..203b0936f7f4 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -1366,6 +1366,7 @@ int drm_mode_atomic_ioctl(struct drm_device *dev, if (!state) return -ENOMEM; + down_read(&dev->master_rwsem); drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE); state->acquire_ctx = &ctx; state->allow_modeset = !!(arg->flags & DRM_MODE_ATOMIC_ALLOW_MODESET); @@ -1385,7 +1386,7 @@ int drm_mode_atomic_ioctl(struct drm_device *dev, goto out; } - obj = drm_mode_object_find(dev, file_priv, obj_id, DRM_MODE_OBJECT_ANY); + obj = __drm_mode_object_find(dev, file_priv, obj_id, DRM_MODE_OBJECT_ANY); if (!obj) { ret = -ENOENT; goto out; @@ -1474,6 +1475,7 @@ int drm_mode_atomic_ioctl(struct drm_device *dev, drm_modeset_drop_locks(&ctx); drm_modeset_acquire_fini(&ctx); + up_read(&dev->master_rwsem); return ret; } diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c index 65065f7e1499..f2b2f197052a 100644 --- a/drivers/gpu/drm/drm_auth.c +++ b/drivers/gpu/drm/drm_auth.c @@ -410,6 +410,9 @@ struct drm_master *drm_file_get_master(struct drm_file *file_priv) { struct drm_master *master = NULL; + if (!file_priv) + return NULL; + spin_lock(&file_priv->master_lookup_lock); if (!file_priv->master) goto unlock; diff --git a/drivers/gpu/drm/drm_encoder.c b/drivers/gpu/drm/drm_encoder.c index 72e982323a5e..a4852876f91f 100644 --- a/drivers/gpu/drm/drm_encoder.c +++ b/drivers/gpu/drm/drm_encoder.c @@ -22,6 +22,7 @@ #include +#include #include #include #include @@ -281,6 +282,7 @@ int drm_mode_getencoder(struct drm_device *dev, void *data, struct drm_mode_get_encoder *enc_resp = data; struct drm_encoder *encoder; struct drm_crtc *crtc; + struct drm_master *master = NULL; if (!drm_core_check_feature(dev, DRIVER_MODESET)) return -EOPNOTSUPP; @@ -289,13 +291,16 @@ int drm_mode_getencoder(struct drm_device *dev, void *data, if (!encoder) return -ENOENT; + master = drm_file_get_master(file_priv); drm_modeset_lock(&dev->mode_config.connection_mutex, NULL); crtc = drm_encoder_get_crtc(encoder); - if (crtc && drm_lease_held(file_priv, crtc->base.id)) + if (crtc && drm_lease_held_master(master, crtc->base.id)) enc_resp->crtc_id = crtc->base.id; else enc_resp->crtc_id = 0; drm_modeset_unlock(&dev->mode_config.connection_mutex); + if (master) + drm_master_put(&master); enc_resp->encoder_type = encoder->encoder_type; enc_resp->encoder_id = encoder->base.id; diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c index 07f5abc875e9..9c1db91b150d 100644 --- a/drivers/gpu/drm/drm_framebuffer.c +++ b/drivers/gpu/drm/drm_framebuffer.c @@ -887,7 +887,7 @@ struct drm_framebuffer *drm_framebuffer_lookup(struct drm_device *dev, struct drm_mode_object *obj; struct drm_framebuffer *fb = NULL; - obj = __drm_mode_object_find(dev, file_priv, id, DRM_MODE_OBJECT_FB); + obj = drm_mode_object_find(dev, file_priv, id, DRM_MODE_OBJECT_FB); if (obj) fb = obj_to_fb(obj); return fb; diff --git a/drivers/gpu/drm/drm_lease.c b/drivers/gpu/drm/drm_lease.c index bed6f7636cbe..4d434ee6730d 100644 --- a/drivers/gpu/drm/drm_lease.c +++ b/drivers/gpu/drm/drm_lease.c @@ -85,7 +85,7 @@ _drm_find_lessee(struct drm_master *master, int lessee_id) return idr_find(&drm_lease_owner(master)->lessee_idr, lessee_id); } -static int _drm_lease_held_master(struct drm_master *master, int id) +bool _drm_lease_held_master(struct drm_master *master, int id) { lockdep_assert_held(&master->dev->mode_config.idr_mutex); if (master->lessor) @@ -105,20 +105,16 @@ static bool _drm_has_leased(struct drm_master *master, int id) return false; } -/* Called with idr_mutex held */ -bool _drm_lease_held(struct drm_file *file_priv, int id) +bool drm_lease_held_master(struct drm_master *master, int id) { bool ret; - struct drm_master *master; - if (!file_priv) + if (!master || !master->lessor) return true; - master = drm_file_get_master(file_priv); - if (!master) - return true; + mutex_lock(&master->dev->mode_config.idr_mutex); ret = _drm_lease_held_master(master, id); - drm_master_put(&master); + mutex_unlock(&master->dev->mode_config.idr_mutex); return ret; } @@ -128,22 +124,11 @@ bool drm_lease_held(struct drm_file *file_priv, int id) struct drm_master *master; bool ret; - if (!file_priv) - return true; - master = drm_file_get_master(file_priv); - if (!master) - return true; - if (!master->lessor) { - ret = true; - goto out; - } - mutex_lock(&master->dev->mode_config.idr_mutex); - ret = _drm_lease_held_master(master, id); - mutex_unlock(&master->dev->mode_config.idr_mutex); + ret = drm_lease_held_master(master, id); + if (master) + drm_master_put(&master); -out: - drm_master_put(&master); return ret; } @@ -159,9 +144,6 @@ uint32_t drm_lease_filter_crtcs(struct drm_file *file_priv, uint32_t crtcs_in) int count_in, count_out; uint32_t crtcs_out = 0; - if (!file_priv) - return crtcs_in; - master = drm_file_get_master(file_priv); if (!master) return crtcs_in; diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c index 86d9e907c0b2..911f658a8ffc 100644 --- a/drivers/gpu/drm/drm_mode_object.c +++ b/drivers/gpu/drm/drm_mode_object.c @@ -139,6 +139,7 @@ struct drm_mode_object *__drm_mode_object_find(struct drm_device *dev, { struct drm_mode_object *obj = NULL; + lockdep_assert_held_once(&dev->master_rwsem); mutex_lock(&dev->mode_config.idr_mutex); obj = idr_find(&dev->mode_config.object_idr, id); if (obj && type != DRM_MODE_OBJECT_ANY && obj->type != type) @@ -146,9 +147,11 @@ struct drm_mode_object *__drm_mode_object_find(struct drm_device *dev, if (obj && obj->id != id) obj = NULL; - if (obj && drm_mode_object_lease_required(obj->type) && - !_drm_lease_held(file_priv, obj->id)) - obj = NULL; + if (obj && drm_mode_object_lease_required(obj->type)) { + if (file_priv && file_priv->master && + !_drm_lease_held_master(file_priv->master, obj->id)) + obj = NULL; + } if (obj && obj->free_cb) { if (!kref_get_unless_zero(&obj->refcount)) @@ -176,7 +179,9 @@ struct drm_mode_object *drm_mode_object_find(struct drm_device *dev, { struct drm_mode_object *obj = NULL; + down_read(&dev->master_rwsem); obj = __drm_mode_object_find(dev, file_priv, id, type); + up_read(&dev->master_rwsem); return obj; } EXPORT_SYMBOL(drm_mode_object_find); @@ -408,9 +413,12 @@ int drm_mode_obj_get_properties_ioctl(struct drm_device *dev, void *data, if (!drm_core_check_feature(dev, DRIVER_MODESET)) return -EOPNOTSUPP; + down_read(&dev->master_rwsem); DRM_MODESET_LOCK_ALL_BEGIN(dev, ctx, 0, ret); - obj = drm_mode_object_find(dev, file_priv, arg->obj_id, arg->obj_type); + obj = __drm_mode_object_find(dev, file_priv, arg->obj_id, + arg->obj_type); + up_read(&dev->master_rwsem); if (!obj) { ret = -ENOENT; goto out; diff --git a/drivers/gpu/drm/drm_plane.c b/drivers/gpu/drm/drm_plane.c index 82afb854141b..90f056169331 100644 --- a/drivers/gpu/drm/drm_plane.c +++ b/drivers/gpu/drm/drm_plane.c @@ -23,6 +23,7 @@ #include #include +#include #include #include #include @@ -687,6 +688,7 @@ int drm_mode_getplane(struct drm_device *dev, void *data, struct drm_mode_get_plane *plane_resp = data; struct drm_plane *plane; uint32_t __user *format_ptr; + struct drm_master *master = NULL; if (!drm_core_check_feature(dev, DRIVER_MODESET)) return -EOPNOTSUPP; @@ -695,10 +697,13 @@ int drm_mode_getplane(struct drm_device *dev, void *data, if (!plane) return -ENOENT; + master = drm_file_get_master(file_priv); drm_modeset_lock(&plane->mutex, NULL); - if (plane->state && plane->state->crtc && drm_lease_held(file_priv, plane->state->crtc->base.id)) + if (plane->state && plane->state->crtc && + drm_lease_held_master(master, plane->state->crtc->base.id)) plane_resp->crtc_id = plane->state->crtc->base.id; - else if (!plane->state && plane->crtc && drm_lease_held(file_priv, plane->crtc->base.id)) + else if (!plane->state && plane->crtc && + drm_lease_held_master(master, plane->crtc->base.id)) plane_resp->crtc_id = plane->crtc->base.id; else plane_resp->crtc_id = 0; @@ -710,6 +715,8 @@ int drm_mode_getplane(struct drm_device *dev, void *data, else plane_resp->fb_id = 0; drm_modeset_unlock(&plane->mutex); + if (master) + drm_master_put(&master); plane_resp->plane_id = plane->base.id; plane_resp->possible_crtcs = drm_lease_filter_crtcs(file_priv, @@ -1100,6 +1107,7 @@ static int drm_mode_cursor_common(struct drm_device *dev, { struct drm_crtc *crtc; struct drm_modeset_acquire_ctx ctx; + struct drm_master *master = NULL; int ret = 0; if (!drm_core_check_feature(dev, DRIVER_MODESET)) @@ -1114,6 +1122,7 @@ static int drm_mode_cursor_common(struct drm_device *dev, return -ENOENT; } + master = drm_file_get_master(file_priv); drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE); retry: ret = drm_modeset_lock(&crtc->mutex, &ctx); @@ -1128,7 +1137,7 @@ static int drm_mode_cursor_common(struct drm_device *dev, if (ret) goto out; - if (!drm_lease_held(file_priv, crtc->cursor->base.id)) { + if (!drm_lease_held_master(master, crtc->cursor->base.id)) { ret = -EACCES; goto out; } @@ -1168,6 +1177,8 @@ static int drm_mode_cursor_common(struct drm_device *dev, drm_modeset_drop_locks(&ctx); drm_modeset_acquire_fini(&ctx); + if (master) + drm_master_put(&master); return ret; diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c index 6c353c9dc772..9f04dcb81d07 100644 --- a/drivers/gpu/drm/drm_property.c +++ b/drivers/gpu/drm/drm_property.c @@ -656,7 +656,7 @@ struct drm_property_blob *drm_property_lookup_blob(struct drm_device *dev, struct drm_mode_object *obj; struct drm_property_blob *blob = NULL; - obj = __drm_mode_object_find(dev, NULL, id, DRM_MODE_OBJECT_BLOB); + obj = drm_mode_object_find(dev, NULL, id, DRM_MODE_OBJECT_BLOB); if (obj) blob = obj_to_blob(obj); return blob; @@ -919,8 +919,8 @@ bool drm_property_change_valid_get(struct drm_property *property, if (value == 0) return true; - *ref = __drm_mode_object_find(property->dev, NULL, value, - property->values[0]); + *ref = drm_mode_object_find(property->dev, NULL, value, + property->values[0]); return *ref != NULL; } diff --git a/include/drm/drm_lease.h b/include/drm/drm_lease.h index 5c9ef6a2aeae..62d9de6ecada 100644 --- a/include/drm/drm_lease.h +++ b/include/drm/drm_lease.h @@ -16,7 +16,9 @@ void drm_lease_destroy(struct drm_master *lessee); bool drm_lease_held(struct drm_file *file_priv, int id); -bool _drm_lease_held(struct drm_file *file_priv, int id); +bool _drm_lease_held_master(struct drm_master *master, int id); + +bool drm_lease_held_master(struct drm_master *master, int id); void drm_lease_revoke(struct drm_master *master); -- 2.25.1