subject:"\[PATCH 09\/19\] drm\: Fix race between drm_vblank_off\(\) and drm_queue_vblank

[Intel-gfx] [PATCH 09/19] drm: Fix race between drm_vblank_off() and drm_queue_vblank_event()

2014-08-06 Thread Ville Syrjälä

On Wed, Aug 06, 2014 at 03:23:01PM +0200, Daniel Vetter wrote:
> On Wed, Aug 06, 2014 at 02:49:52PM +0300, ville.syrjala at linux.intel.com 
> wrote:
> > From: Ville Syrj?l? 
> > 
> > Currently it's possible that the following will happen:
> > 1. drm_wait_vblank() calls drm_vblank_get()
> > 2. drm_vblank_off() gets called
> > 3. drm_wait_vblank() calls drm_queue_vblank_event() which
> >adds the event to the queue event though vblank interrupts
> >are currently disabled (and may not be re-enabled ever again).
> > 
> > To fix the problem, add another vblank->enabled check into
> > drm_queue_vblank_event().
> > 
> > drm_vblank_off() holds event_lock around the vblank disable,
> > so no further locking needs to be added to drm_queue_vblank_event().
> > vblank disable from another source is not possible since
> > drm_wait_vblank() already holds a vblank reference.
> > 
> > Reviewed-by: Matt Roper 
> > Signed-off-by: Ville Syrj?l? 
> 
> I guess the window is too small here to make this reproducible in a test?

I must admit that I didn't even try. I supposed I could try it now.

> Especially since each attempt will take a few hundred ms ...
> -Daniel
> 
> > ---
> >  drivers/gpu/drm/drm_irq.c | 13 +
> >  1 file changed, 13 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
> > index 9353609..b2428cb 100644
> > --- a/drivers/gpu/drm/drm_irq.c
> > +++ b/drivers/gpu/drm/drm_irq.c
> > @@ -1270,6 +1270,7 @@ static int drm_queue_vblank_event(struct drm_device 
> > *dev, int pipe,
> >   union drm_wait_vblank *vblwait,
> >   struct drm_file *file_priv)
> >  {
> > +   struct drm_vblank_crtc *vblank = >vblank[pipe];
> > struct drm_pending_vblank_event *e;
> > struct timeval now;
> > unsigned long flags;
> > @@ -1293,6 +1294,18 @@ static int drm_queue_vblank_event(struct drm_device 
> > *dev, int pipe,
> >  
> > spin_lock_irqsave(>event_lock, flags);
> >  
> > +   /*
> > +* drm_vblank_off() might have been called after we called
> > +* drm_vblank_get(). drm_vblank_off() holds event_lock
> > +* around the vblank disable, so no need for further locking.
> > +* The reference from drm_vblank_get() protects against
> > +* vblank disable from another source.
> > +*/
> > +   if (!vblank->enabled) {
> > +   ret = -EINVAL;
> > +   goto err_unlock;
> > +   }
> > +
> > if (file_priv->event_space < sizeof e->event) {
> > ret = -EBUSY;
> > goto err_unlock;
> > -- 
> > 1.8.5.5
> > 
> > ___
> > Intel-gfx mailing list
> > Intel-gfx at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/intel-gfx
> 
> -- 
> Daniel Vetter
> Software Engineer, Intel Corporation
> +41 (0) 79 365 57 48 - http://blog.ffwll.ch

-- 
Ville Syrj?l?
Intel OTC

[Intel-gfx] [PATCH 09/19] drm: Fix race between drm_vblank_off() and drm_queue_vblank_event()

2014-08-06 Thread Daniel Vetter

On Wed, Aug 06, 2014 at 02:49:52PM +0300, ville.syrjala at linux.intel.com 
wrote:
> From: Ville Syrj?l? 
> 
> Currently it's possible that the following will happen:
> 1. drm_wait_vblank() calls drm_vblank_get()
> 2. drm_vblank_off() gets called
> 3. drm_wait_vblank() calls drm_queue_vblank_event() which
>adds the event to the queue event though vblank interrupts
>are currently disabled (and may not be re-enabled ever again).
> 
> To fix the problem, add another vblank->enabled check into
> drm_queue_vblank_event().
> 
> drm_vblank_off() holds event_lock around the vblank disable,
> so no further locking needs to be added to drm_queue_vblank_event().
> vblank disable from another source is not possible since
> drm_wait_vblank() already holds a vblank reference.
> 
> Reviewed-by: Matt Roper 
> Signed-off-by: Ville Syrj?l? 

I guess the window is too small here to make this reproducible in a test?
Especially since each attempt will take a few hundred ms ...
-Daniel

> ---
>  drivers/gpu/drm/drm_irq.c | 13 +
>  1 file changed, 13 insertions(+)
> 
> diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
> index 9353609..b2428cb 100644
> --- a/drivers/gpu/drm/drm_irq.c
> +++ b/drivers/gpu/drm/drm_irq.c
> @@ -1270,6 +1270,7 @@ static int drm_queue_vblank_event(struct drm_device 
> *dev, int pipe,
> union drm_wait_vblank *vblwait,
> struct drm_file *file_priv)
>  {
> + struct drm_vblank_crtc *vblank = >vblank[pipe];
>   struct drm_pending_vblank_event *e;
>   struct timeval now;
>   unsigned long flags;
> @@ -1293,6 +1294,18 @@ static int drm_queue_vblank_event(struct drm_device 
> *dev, int pipe,
>  
>   spin_lock_irqsave(>event_lock, flags);
>  
> + /*
> +  * drm_vblank_off() might have been called after we called
> +  * drm_vblank_get(). drm_vblank_off() holds event_lock
> +  * around the vblank disable, so no need for further locking.
> +  * The reference from drm_vblank_get() protects against
> +  * vblank disable from another source.
> +  */
> + if (!vblank->enabled) {
> + ret = -EINVAL;
> + goto err_unlock;
> + }
> +
>   if (file_priv->event_space < sizeof e->event) {
>   ret = -EBUSY;
>   goto err_unlock;
> -- 
> 1.8.5.5
> 
> ___
> Intel-gfx mailing list
> Intel-gfx at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/intel-gfx

-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch

[PATCH 09/19] drm: Fix race between drm_vblank_off() and drm_queue_vblank_event()

2014-08-06 Thread ville.syrj...@linux.intel.com

From: Ville Syrj?l? 

Currently it's possible that the following will happen:
1. drm_wait_vblank() calls drm_vblank_get()
2. drm_vblank_off() gets called
3. drm_wait_vblank() calls drm_queue_vblank_event() which
   adds the event to the queue event though vblank interrupts
   are currently disabled (and may not be re-enabled ever again).

To fix the problem, add another vblank->enabled check into
drm_queue_vblank_event().

drm_vblank_off() holds event_lock around the vblank disable,
so no further locking needs to be added to drm_queue_vblank_event().
vblank disable from another source is not possible since
drm_wait_vblank() already holds a vblank reference.

Reviewed-by: Matt Roper 
Signed-off-by: Ville Syrj?l? 
---
 drivers/gpu/drm/drm_irq.c | 13 +
 1 file changed, 13 insertions(+)

diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index 9353609..b2428cb 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -1270,6 +1270,7 @@ static int drm_queue_vblank_event(struct drm_device *dev, 
int pipe,
  union drm_wait_vblank *vblwait,
  struct drm_file *file_priv)
 {
+   struct drm_vblank_crtc *vblank = >vblank[pipe];
struct drm_pending_vblank_event *e;
struct timeval now;
unsigned long flags;
@@ -1293,6 +1294,18 @@ static int drm_queue_vblank_event(struct drm_device 
*dev, int pipe,

spin_lock_irqsave(>event_lock, flags);

+   /*
+* drm_vblank_off() might have been called after we called
+* drm_vblank_get(). drm_vblank_off() holds event_lock
+* around the vblank disable, so no need for further locking.
+* The reference from drm_vblank_get() protects against
+* vblank disable from another source.
+*/
+   if (!vblank->enabled) {
+   ret = -EINVAL;
+   goto err_unlock;
+   }
+
if (file_priv->event_space < sizeof e->event) {
ret = -EBUSY;
goto err_unlock;
-- 
1.8.5.5

[Intel-gfx] [PATCH 09/19] drm: Fix race between drm_vblank_off() and drm_queue_vblank_event()

[Intel-gfx] [PATCH 09/19] drm: Fix race between drm_vblank_off() and drm_queue_vblank_event()

[PATCH 09/19] drm: Fix race between drm_vblank_off() and drm_queue_vblank_event()

3 matches

Site Navigation

Mail list logo

Footer information