On Wed, Jun 15, 2016 at 06:01:41PM +0200, Daniel Vetter wrote:
> On Wed, Jun 15, 2016 at 01:10:35PM +0100, Chris Wilson wrote:
> > On Tue, Jun 14, 2016 at 08:51:07PM +0200, Daniel Vetter wrote:
> > > There can only be one current master, and it's for the overall device.
> > > Render/control minors don't support master-based auth at all.
> > >
> > > This simplifies the master logic a lot, at least in my eyes: All these
> > > additional pointer chases are just confusing.
> >
> > One master for the device, on the struct drm_device, as opposed to hidden
> > behind the first of three minors, makes sense.
> >
> > > @@ -128,13 +128,13 @@ static int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv)
> > > lockdep_assert_held_once(&dev->master_mutex);
> > >
> > > /* create a new master */
> > > - fpriv->minor->master = drm_master_create(fpriv->minor->dev);
> > > - if (!fpriv->minor->master)
> > > + dev->master = drm_master_create(dev);
> > > + if (!dev->master)
> > > return -ENOMEM;
> > >
> > > /* take another reference for the copy in the local file priv */
> > > old_master = fpriv->master;
> > > - fpriv->master = drm_master_get(fpriv->minor->master);
> > > + fpriv->master = drm_master_get(dev->master);
> > >
> > > if (dev->driver->master_create) {
> > > ret = dev->driver->master_create(dev, fpriv->master);
> >
> > > @@ -234,10 +234,10 @@ int drm_master_open(struct drm_file *file_priv)
> > > /* if there is no current master make this fd it, but do not create
> > > * any master object for render clients */
> > > mutex_lock(&dev->master_mutex);
> > > - if (!file_priv->minor->master)
> > > + if (!dev->master)
> > > ret = drm_new_set_master(dev, file_priv);
> > > else
> > > - file_priv->master = drm_master_get(file_priv->minor->master);
> > > + file_priv->master = drm_master_get(dev->master);
> > > mutex_unlock(&dev->master_mutex);
> >
> > You could take the opportunity to make this a bit simpler:
> >
> > if (!READ_ONCE(dev->master)) {
> > int ret;
> >
> > ret = 0;
> > mutex_lock(&dev->master_mutex);
> > if (!dev->master)
> > ret = drm_new_master(dev);
> > mutex_unlock(&dev->master_mutex);
> > if (ret)
> > return ret;
> > }
> >
> > file_priv->master = drm_master_get(dev->master);
>
> drm_master_get(dev->master) must be under the master_mutex, without it we
> could race with a drm_master_put(&dev->master) and end up doing a kref_get
> when the refcount already reached 0.
Something is very fishy then. The behaviour of drm_new_master() would
appear to be to create a drm_master owned by the device, but really it is
owned by file_priv?
* checks back on drm_master
So drm_master is the authentication structure that needs to be unique to
a hierachy. So drm_new_set_master() and here really do appear backwards.
The old drm_new_set_master() makes more sense, it assigns to the
file_priv, and then performs a setmaster operation. In that ordering,
you could even do the file_priv local operation of creating the new
master structure before taking the lock to perform setmaster.
> > Just to straighten out the kref dance.
> >
> > >
> > > return ret;
> > > @@ -271,11 +271,11 @@ void drm_master_release(struct drm_file *file_priv)
> > > mutex_unlock(&dev->struct_mutex);
> > > }
> > >
> > > - if (file_priv->minor->master == file_priv->master) {
> > > + if (dev->master == file_priv->master) {
> > > /* drop the reference held my the minor */
> > > if (dev->driver->master_drop)
> > > dev->driver->master_drop(dev, file_priv, true);
> > > - drm_master_put(&file_priv->minor->master);
> > > + drm_master_put(&dev->master);
> >
> > This still makes me uneasy. This is not equivalent to dropmaster_ioctl
> > and subsequent setmaster_ioctl will fail as dev->master is still
> > assigned (but the owner has gone).
>
> drm_master_put clears the pointer passed to it, so dev->master will be set
> to NULL. And it does the same as drop_master (wrt dev->master at least,
> master_release also needs to clean up file_priv->master on top). Not sure
> it's worth it to extract those 5 lines into a __drm_drop_master() helper
> function? I can respin with that if you want. On the master_open/setmaster
> side the shared code is already extracted in drm_new_set_master().
drm_master_put() nullifies, didn't expect that.
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
