[PATCH v3 0/9] drm, kernel: update locking for DRM

From: Desmond Cheong Zhi Xi
Date: Wed Aug 18 2021 - 03:39:30 EST

Next message: Desmond Cheong Zhi Xi: "[PATCH v3 1/9] drm: move master_lookup_lock into drm_device"
Previous message: Andrew Morton: "Re: [PATCH] mm: introduce PAGEFLAGS_MASK to replace ((1UL << NR_PAGEFLAGS) - 1)"
Next in thread: Desmond Cheong Zhi Xi: "[PATCH v3 1/9] drm: move master_lookup_lock into drm_device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

The patches in this series are largely fixes and prepwork leading up to
the final patch which plugs races with modesetting rights. Most of the
fixes don't have bug reports, so comments would be very appreciated.

The biggest change from the previous version is that we convert
drm_device.master_mutex into master_rwsem, instead of introducing
master_rwsem as a third lock.

Overall, this series makes the following changes:

- Patch 1: Move master_lookup_lock into struct drm_device (enables us to
use it to protect attributes accessed by different drm_files)

- Patch 2: Add a missing master_lookup_lock in drm_master_release

- Patch 3: Fix a potential race in drm_is_current_master_locked

- Patch 4: Fix potential null ptr dereferences in drm_{auth, ioctl}

- Patch 5: Move magic_map,unique{_len} out from master_mutex's
protection into master_lookup_lock's protection (allows us to avoid
read_lock -> write_lock deadlocks)

- Patch 6: Convert master_mutex into rwsem (avoids creating a new lock)

- Patch 7: Update global mutex locking in the ioctl handler (avoids
deadlock when grabbing read lock on master_rwsem in drm_ioctl_kernel)

- Patch 8: Export task_work_add (enables us to write drm_master_flush)

- Patch 9: Plug races with drm modesetting rights

v2 -> v3:
- Unexport drm_master_flush, as suggested by Daniel Vetter.
- Merge master_mutex and master_rwsem, as suggested by Daniel Vetter.
- Export task_work_add, reported by kernel test robot.
- Make master_flush static, reported by kernel test robot.
- Move master_lookup_lock into struct drm_device.
- Add a missing lock on master_lookup_lock in drm_master_release.
- Fix a potential race in drm_is_current_master_locked.
- Fix potential null ptr dereferences in drm_{auth, ioctl}.
- Protect magic_map,unique{_len} with master_lookup_lock.
- Convert master_mutex into a rwsem.
- Update global mutex locking in the ioctl handler.

v1 -> v2 (suggested by Daniel Vetter):
- Address an additional race when drm_open runs.
- Switch from SRCU to rwsem to synchronise readers and writers.
- Implement drm_master_flush with task_work so that flushes can be
queued to run before returning to userspace without creating a new
DRM_MASTER_FLUSH ioctl flag.

Best wishes,
Desmond

Desmond Cheong Zhi Xi (9):
drm: move master_lookup_lock into drm_device
drm: hold master_lookup_lock when releasing a drm_file's master
drm: check for null master in drm_is_current_master_locked
drm: fix potential null ptr dereferences in drm_{auth,ioctl}
drm: protect magic_map,unique{_len} with master_lookup_lock
drm: convert drm_device.master_mutex into a rwsem
drm: update global mutex lock in the ioctl handler
kernel: export task_work_add
drm: avoid races with modesetting rights

drivers/gpu/drm/drm_auth.c | 108 ++++++++++++++++++++++++---------
drivers/gpu/drm/drm_debugfs.c | 4 +-
drivers/gpu/drm/drm_drv.c | 4 +-
drivers/gpu/drm/drm_file.c | 1 -
drivers/gpu/drm/drm_internal.h | 1 +
drivers/gpu/drm/drm_ioctl.c | 39 +++++++-----
drivers/gpu/drm/drm_lease.c | 1 +
include/drm/drm_auth.h | 6 +-
include/drm/drm_device.h | 27 +++++++--
include/drm/drm_file.h | 20 +++---
kernel/task_work.c | 1 +
11 files changed, 145 insertions(+), 67 deletions(-)

--
2.25.1

Next message: Desmond Cheong Zhi Xi: "[PATCH v3 1/9] drm: move master_lookup_lock into drm_device"
Previous message: Andrew Morton: "Re: [PATCH] mm: introduce PAGEFLAGS_MASK to replace ((1UL << NR_PAGEFLAGS) - 1)"
Next in thread: Desmond Cheong Zhi Xi: "[PATCH v3 1/9] drm: move master_lookup_lock into drm_device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]