On Mon, Sep 08, 2014 at 02:57:23PM +0200, Thomas Hellstrom wrote: > On 09/08/2014 09:03 AM, Daniel Vetter wrote: > > At driver init no one can access modeset objects and we're > > single-threaded. So locking is just cargo-culting here. Worse, with > > the new ww mutexes and ww mutex slowpath debugging the mutex_lock > > might actually fail, and we don't have the full-blown ww recovery > > dance. > > > > Which then leads to fireworks when we try to unlock the not-locked > > crtc lock. > > > > An audit of all the functions called from here shows that none of them > > contain locking checks, so there's also no reason to keep the locking > > around just for consistency of caller contexts. Besides that I have > > the rule (at least in i915) that such places where we take locks just > > to simplify locking checks and not for correctness always require a > > comment. > > I'm not really opposed to any of the patches. It's clear that trylock > will work, and it's also clear that locking is not strictly needed, at > least not of a lock that has not been published yet. > > However, I tend to go for the "lock even if it's unnecessary" version > for a couple of reasons: > > a) If that turns out to be impossible or very hard, then something is > probably wrong with the design. > b) It's good to think of locks where possible as "protecting data" > rather than serializing something. With that in mind, and if we in the > future were to have tools to automatically check that relevant locks are > held while accessing lock-protected stuff, we're in trouble. > c) Even if there aren't any functions now that check for relevant locks > held, there might be in the future. > d) People will probably spend time wondering why locking is done > elsewhere but not here. > > So at least considering d) and b) I'd like to see documentation the > other way around: > If we avoid taking locks around data accesses that are supposed to be > protected by the lock for whatever reason, the reason should be documented. Well my argument nowadays is that you should never abuse locking to enforce ordering constraints. And an objects that's just getting initialized but isn't published anywhere really has no reason to have locking for data consistency, so really only justified to be held if it makes the "protecting data" self-checks easier. E.g. we have a bunch of checks about manipulating the connector mode list all over, so init code must hold the relevant locks. Also ime locking sprawl (which happens escpecially with big locks like dev->struct_mutex) is really bad for long-term maintainability, so by default I want as little locking as possible. I guess a comment can make sense if there's no locking to explain the odd case. But if everything is sanely designed then imo pure init functions really should have comments about locks they take and not if they take no locks. Since with a sane design the no-locks case really should be the default. And if that makes people question the locking scheme and learn something about "locking for ordering" vs. "locking to protect data" that's a feature ;-) Note that this is specifically about init/teardown (suspend/resume is similar), which is all about ordering and otherwise rather single-threaded (at least if you don't botch up the synchronization with async workers on teardown). So at least in i915 I'll keep on rejecting patches that add random carg-culted locking to init/shutdown paths. -Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html