Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp3606535rwl;
        Sun, 2 Apr 2023 11:03:28 -0700 (PDT)
X-Google-Smtp-Source: AKy350bkmgFIURxoVSM2kPSCCmQ/LgTik8B2TcSi2EGiePnxACVmEiwT8hk3qOR2++wck12uploN
X-Received: by 2002:a17:903:3093:b0:19d:1bc1:ce22 with SMTP id u19-20020a170903309300b0019d1bc1ce22mr29147269plc.5.1680458608658;
        Sun, 02 Apr 2023 11:03:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680458608; cv=none;
        d=google.com; s=arc-20160816;
        b=yRzKiIqm2Y9UXZkTN/NUiDAP+PDdyOhWwIgU6AEc928mw4f/R3AVshPVWP/TTGJkYB
         E2/b7i0FIaKuDzQ/KtwcpQPlPJ47Cs2mHtk+YXItGcF788oWe9AtnrTOoqfj38xWZTBU
         W1AMEziqfx5lydTVmJ6IXfzspsiWlcsqgQGD+rli+bv9idgucU7q0z36E0QyUokvuQmY
         7vkidxFKuEx1oC1wmSfhd2ooH58G7US6rjzsbE4nQf73CSgVSRjbSHvjGoOvx7XA6GiX
         Qcf101xAYqAFAg1+/RBtDtF32sa3Fp+kne9o9fupC9Xyj09SVUZjCIbxz0d1USbCC7N9
         1bNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=5FU7znkHgRy7RwaJykplDRWJkHHglyuoS+m5M0o3rU4=;
        b=Ae0pn1EkFr0CNxQLPvF7OBF4vdVSFjXNI66tRGKoPCkxiSa+SAS4mR+X6i1wX17lhU
         4ZkC3JC5ORdoftT/Z7zNZZ7iVPbO6BeC6hByQHg7u1S0aW/LDTjdGqP0fH3H5R4xQVJ5
         PG9rno9+O17NScncpCMvOz1OcVYD272Otf3+s8G9uNvLw0zXpPV5+3fk+hx3m+7fSVLx
         JEEvZmMNWyyAlZsnIDcxaEOhS+UjNcokGZEMMJBsZSLEZyX2pEWVnpFdTjpk/hUIOPJ2
         ux21R7LRC8FCQHoNxALjfob37fMccfg2Mf9aMvteiwz61jFG8MW2l8md6t+hypHSZnfE
         0XkA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=IdhoDVHb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id w5-20020a170902e88500b001a1af4f6089si6661962plg.155.2023.04.02.11.03.17;
        Sun, 02 Apr 2023 11:03:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=IdhoDVHb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230418AbjDBRp1 (ORCPT <rfc822;ankuragr.engg@gmail.com>
        + 99 others); Sun, 2 Apr 2023 13:45:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54372 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229448AbjDBRp0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 2 Apr 2023 13:45:26 -0400
Received: from madras.collabora.co.uk (madras.collabora.co.uk [IPv6:2a00:1098:0:82:1000:25:2eeb:e5ab])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 918DDCDC4
        for <linux-kernel@vger.kernel.org>; Sun,  2 Apr 2023 10:45:25 -0700 (PDT)
Received: from [192.168.2.163] (109-252-124-32.nat.spd-mgts.ru [109.252.124.32])
        (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
         key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
        (No client certificate requested)
        (Authenticated sender: dmitry.osipenko)
        by madras.collabora.co.uk (Postfix) with ESMTPSA id 1CC166602EDC;
        Sun,  2 Apr 2023 18:45:23 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com;
        s=mail; t=1680457524;
        bh=LQR9mavIiKKD1Q2f+8uq43FK4M4C09ETxpwD/UcvWp0=;
        h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
        b=IdhoDVHb2ZwbrR5Bt8RZj7mnma0Wf1SMHw9eb6adCbETUE8xjL07xb9bvdDHQV7Tr
         ywWSc46Jn9vKXR+zsyamTXeVG1Oezt7oVRfrdkCuv5TZExjn3MzxW/ZlXrrQVVuzOQ
         z8VxYvafqCqj97+2JFjJn1LKv3mfmRG7m00WXZEfdLz/P9M11NVgWXwwemlCoeRrxh
         GJuHF4qba5PftW3e4p9WLvXY8GG3pUAgS3hcxv3KhUC9l1QHOtusNxl989O3HTIg8a
         U2Dtj+SWl/z2joh7OHomI931kz1NlBZSyjRTvGJsCwrAOUomT3iVtsEcps87aJumpv
         yh2EBlykfj+Wg==
Message-ID: <3618a293-4f61-b076-0a9c-c70812436431@collabora.com>
Date:   Sun, 2 Apr 2023 20:45:19 +0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.0
Subject: Re: [PATCH v4 2/2] drm/virtio: Support sync objects
Content-Language: en-US
To:     Emil Velikov <emil.velikov@collabora.com>
Cc:     David Airlie <airlied@redhat.com>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Gurchetan Singh <gurchetansingh@chromium.org>,
        Chia-I Wu <olvaffe@gmail.com>, Daniel Vetter <daniel@ffwll.ch>,
        Rob Clark <robdclark@gmail.com>,
        =?UTF-8?B?TWFyZWsgT2zFocOhaw==?= <maraeo@gmail.com>,
        Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>,
        dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
        kernel@collabora.com, virtualization@lists.linux-foundation.org
References: <20230323230755.1094832-1-dmitry.osipenko@collabora.com>
 <20230323230755.1094832-3-dmitry.osipenko@collabora.com>
 <ZCXF4q81wPcczkqx@arch-x395>
From:   Dmitry Osipenko <dmitry.osipenko@collabora.com>
In-Reply-To: <ZCXF4q81wPcczkqx@arch-x395>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 3/30/23 20:24, Emil Velikov wrote:
> Hi Dmitry,
> 
> Have you considered creating a few DRM helpers for this functionality?
> 
> AFAICT this is the third driver which supports syncobj timelines and
> looking at one of the implementations ... it is not great. Note that
> this suggestion is _not_ a blocker.

Would like to see a third driver starting to use the exactly same
drm_execbuffer_syncobj struct because UABI part isn't generic, though
it's a replica of the MSM driver for now.

The virtio-gpu is only at the beginning of starting to use sync objects,
compared to MSM driver. Will be better to defer the generalization until
virtio-gpu will become more mature, like maybe after a year since the
time virtio userspace will start using sync objects, IMO.

...
>> +static void virtio_gpu_reset_syncobjs(struct drm_syncobj **syncobjs,
>> +				      uint32_t nr_syncobjs)
>> +{
>> +	uint32_t i;
>> +
>> +	for (i = 0; i < nr_syncobjs; i++) {
>> +		if (syncobjs[i])
>> +			drm_syncobj_replace_fence(syncobjs[i], NULL);
> 
> Side note: the drm_syncobj_put() called immediately after also calls
> replace/reset fence internally. Although reading from the docs, I'm not
> sure if relying on that is a wise move.
> 
> Just thought I'd point it out.

The drm_syncobj_put() doesn't call replace/reset fence until syncobj is
freed. We drop the old fence for active/alive in-syncobj here after
handling the fence-wait, this makes syncobj reusable, otherwise
userpsace would have to re-create syncobjs after each submission.

>>  
>> +	ret = virtio_gpu_parse_deps(&submit);
>> +	if (ret)
>> +		goto cleanup;
>> +
>> +	ret = virtio_gpu_parse_post_deps(&submit);
>> +	if (ret)
>> +		goto cleanup;
>> +
> 
> I think we should zero num_(in|out)_syncobjs when the respective parse
> fails. Otherwise we get one "cleanup" within the parse function itself
> and a second during the cleanup_submit. Haven't looked at it too closely
> but I suspect that will trigger an UAF or two.

There are checks for NULL pointers in the code that will prevent the
UAF. I'll add zeroing of the nums for more consistency.

>>  	ret = virtio_gpu_install_out_fence_fd(&submit);
>>  	if (ret)
>>  		goto cleanup;
>> @@ -294,6 +512,7 @@ int virtio_gpu_execbuffer_ioctl(struct drm_device *dev, void *data,
>>  		goto cleanup;
>>  
>>  	virtio_gpu_submit(&submit);
>> +	virtio_gpu_process_post_deps(&submit);
> 
> Any particular reason why the virtio_gpu_reset_syncobjs is deferred to
> virtio_gpu_cleanup_submit(). Having it just above the process_post_deps
> (similar to msm) allows the reader to get closure about the in syncobjs.
> 
> This is just personal preference, so don't read too much into it.

The job submission path should be short as possible in general.
Technically, virtio_gpu_process_post_deps() should be fast, but since
I'm not 100% sure about all the corner cases, it's better to hold until
job is sent out.

Thank you very much for the review! I'll address the rest of comments in v5.

-- 
Best regards,
Dmitry