Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp2454655rwl;
        Thu, 30 Mar 2023 10:29:31 -0700 (PDT)
X-Google-Smtp-Source: AKy350ZRDS27E5UImEoIAVCr1IHWgAU0SLkNAH3oTCDrVxqtHWRAzIEnRiSizwnfYTDCamCeclfk
X-Received: by 2002:a17:906:1001:b0:93f:e5e4:8c13 with SMTP id 1-20020a170906100100b0093fe5e48c13mr15198326ejm.5.1680197370688;
        Thu, 30 Mar 2023 10:29:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680197370; cv=none;
        d=google.com; s=arc-20160816;
        b=PojHBeUzChY054pdZJOvr4doYeU/otfJoQiM27lD0sv9mwsSPg2h4ca0m7VeObP3za
         XgHQi9QCNr17Kgik/R5D5uWhXJxroJ/wGAftShAr0pSVggWRJGpqiBTY+uxQrJvNK0nI
         Y1Td1bu9uxQ5yy+r5BpAiFNRur9Wf+VO3WQfuEZdS46CPnw7WACEsGODyt+0lrOLDVLi
         +OqinLulm7gFOwFg3hbJNBTuHMZKeWMZEBli8ju2Cp8MXpNDBAn+39/T6VJzFjjhYWF3
         YdFYYnTVRFuZUzVbrlTYr/0jdsGoAISaiyS9yj+QltWWpOa7CkvB9WkhvaJCH3cql3Dt
         DoOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=GabI36tUypd7sVg3ePFESEUQ5odMpADxCrMpuVBXB7w=;
        b=Rr1mPgFpqKpjyKuPezpEhpoBwEYSkvfm+MgatZGGt49ntC3n0E8KkRYUv/EIxFRjg2
         eTYFHsTjp9azTiji1ziToI9wsP3HM/kVj3+020ZKreqfHaUYhjDUjpq3WbGPGoUSFbiI
         /+XaHH5a5Z9IVH5koUbSKxnwkWY/rnkE0vodJY8aYNPmy9XbqvcHNsRYKMxDgpDR8iyd
         IXv9+enrrraPv4LHEnW6qyLBYzLs93EGUgoC+BlbN0AHiIH7t1qDe67mKcgJ12c+EMDv
         xgQTtXO7QmeNxnQMX1SCiX5M7G+jcFIJ8Tmp+ovo74KITWRVGt36CoZyIUUrscRmr5FT
         Hw8w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=Q107qfRF;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id g5-20020a17090669c500b00935ad387614si119455ejs.376.2023.03.30.10.28.53;
        Thu, 30 Mar 2023 10:29:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=Q107qfRF;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232358AbjC3RZA (ORCPT <rfc822;anenbupt@gmail.com> + 99 others);
        Thu, 30 Mar 2023 13:25:00 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57304 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232369AbjC3RY4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 30 Mar 2023 13:24:56 -0400
Received: from madras.collabora.co.uk (madras.collabora.co.uk [46.235.227.172])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B47822D55
        for <linux-kernel@vger.kernel.org>; Thu, 30 Mar 2023 10:24:55 -0700 (PDT)
Received: from arch-x395 (unknown [IPv6:2a00:5f00:102:0:38b0:2479:c2d8:9a86])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
        (No client certificate requested)
        (Authenticated sender: evelikov)
        by madras.collabora.co.uk (Postfix) with ESMTPSA id BA6496602F6A;
        Thu, 30 Mar 2023 18:24:53 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com;
        s=mail; t=1680197093;
        bh=V8BWybAwlz2UVgTWThMD8IWctSismFf3F23v7AiQ7Ao=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=Q107qfRF1on+Eipk/3DuvirmZThiwpH+3IVOEAft8sbtOHUjYuANiNHY+0+5Hj+Mt
         Uejj3YHHXEWDvPML9DSMi4RqIK4+nur0Z4QGKoKbulXVPbIXqt657u3WQ2jMf7zV5S
         WrXclYSM1ed1NdoGz+BAQ1ytIh9YiyWfPAbV1YwJiaO5TcNn90xHqKYyaEvZ4x73Jw
         MROUO/U6k307BeIToBQ1n7+/Rg3JkBm6mTq7+xYbsdFOFHB3HIJwi68QHeVPInch8U
         RQA3F+kWHBvUOjx08iX6akyTQ8qG2DGe7JtmLFY0yzAoNdh+j27JSQZ0FGNrdXCRBd
         +PRQ7feG6QPmA==
Date:   Thu, 30 Mar 2023 18:24:50 +0100
From:   Emil Velikov <emil.velikov@collabora.com>
To:     Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc:     David Airlie <airlied@redhat.com>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Gurchetan Singh <gurchetansingh@chromium.org>,
        Chia-I Wu <olvaffe@gmail.com>, Daniel Vetter <daniel@ffwll.ch>,
        Rob Clark <robdclark@gmail.com>,
        Marek =?utf-8?B?T2zFocOhaw==?= <maraeo@gmail.com>,
        Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>,
        dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        kernel@collabora.com, virtualization@lists.linux-foundation.org
Subject: Re: [PATCH v4 2/2] drm/virtio: Support sync objects
Message-ID: <ZCXF4q81wPcczkqx@arch-x395>
References: <20230323230755.1094832-1-dmitry.osipenko@collabora.com>
 <20230323230755.1094832-3-dmitry.osipenko@collabora.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230323230755.1094832-3-dmitry.osipenko@collabora.com>
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Dmitry,

Have you considered creating a few DRM helpers for this functionality?

AFAICT this is the third driver which supports syncobj timelines and
looking at one of the implementations ... it is not great. Note that
this suggestion is _not_ a blocker.

On 2023/03/24, Dmitry Osipenko wrote:
> Add sync object DRM UAPI support to VirtIO-GPU driver. It's required
> for enabling a full-featured Vulkan fencing by Venus and native context
> VirtIO-GPU Mesa drivers.
> 
> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
> ---

> +static int
> +virtio_gpu_parse_deps(struct virtio_gpu_submit *submit)
> +{
> +	struct drm_virtgpu_execbuffer *exbuf = submit->exbuf;
> +	struct drm_virtgpu_execbuffer_syncobj syncobj_desc;
> +	size_t syncobj_stride = exbuf->syncobj_stride;
> +	struct drm_syncobj **syncobjs;
> +	int ret = 0, i;
> +
> +	if (!submit->num_in_syncobjs)
> +		return 0;
> +
> +	syncobjs = kvcalloc(submit->num_in_syncobjs, sizeof(*syncobjs),
> +			    GFP_KERNEL);

Please add an inline note about the decision behind the allocators used,
both here and in the parse_post_deps below. IIRC there was some nice
discussion between you and Rob in earlier revisions.


> +	if (!syncobjs)
> +		return -ENOMEM;
> +
> +	for (i = 0; i < submit->num_in_syncobjs; i++) {
> +		uint64_t address = exbuf->in_syncobjs + i * syncobj_stride;
> +		struct dma_fence *fence;
> +
> +		if (copy_from_user(&syncobj_desc,
> +				   u64_to_user_ptr(address),
> +				   min(syncobj_stride, sizeof(syncobj_desc)))) {
> +			ret = -EFAULT;
> +			break;
> +		}
> +
> +		if (syncobj_desc.flags & ~VIRTGPU_EXECBUF_SYNCOBJ_FLAGS) {
> +			ret = -EINVAL;
> +			break;
> +		}
> +
> +		ret = drm_syncobj_find_fence(submit->file, syncobj_desc.handle,
> +					     syncobj_desc.point, 0, &fence);
> +		if (ret)
> +			break;
> +

> +		ret = virtio_gpu_dma_fence_wait(submit, fence);
> +
> +		dma_fence_put(fence);
> +		if (ret)
> +			break;

If going the DRM helpers route:

The above two are effectively the only variance across vendors - a
simple function point as arg should suffice. Might want to use internal
flags, but that's also trivial.

> +	submit->in_syncobjs = syncobjs;
> +
> +	return ret;
> +}
> +
> +static void virtio_gpu_reset_syncobjs(struct drm_syncobj **syncobjs,
> +				      uint32_t nr_syncobjs)
> +{
> +	uint32_t i;
> +
> +	for (i = 0; i < nr_syncobjs; i++) {
> +		if (syncobjs[i])
> +			drm_syncobj_replace_fence(syncobjs[i], NULL);

Side note: the drm_syncobj_put() called immediately after also calls
replace/reset fence internally. Although reading from the docs, I'm not
sure if relying on that is a wise move.

Just thought I'd point it out.


>  
> +	ret = virtio_gpu_parse_deps(&submit);
> +	if (ret)
> +		goto cleanup;
> +
> +	ret = virtio_gpu_parse_post_deps(&submit);
> +	if (ret)
> +		goto cleanup;
> +

I think we should zero num_(in|out)_syncobjs when the respective parse
fails. Otherwise we get one "cleanup" within the parse function itself
and a second during the cleanup_submit. Haven't looked at it too closely
but I suspect that will trigger an UAF or two.

>  	ret = virtio_gpu_install_out_fence_fd(&submit);
>  	if (ret)
>  		goto cleanup;
> @@ -294,6 +512,7 @@ int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
>  		goto cleanup;
>  
>  	virtio_gpu_submit(&submit);
> +	virtio_gpu_process_post_deps(&submit);

Any particular reason why the virtio_gpu_reset_syncobjs is deferred to
virtio_gpu_cleanup_submit(). Having it just above the process_post_deps
(similar to msm) allows the reader to get closure about the in syncobjs.

This is just personal preference, so don't read too much into it.

HTH
Emil