Re: [RFC PATCH] dma-fence: Fix races of fence callbacks versus destructors by locking

Next message: David Woodhouse: "[PATCH v5 14/34] KVM: x86: Fix compute_guest_tsc() to handle negative time deltas"
Previous message: David Woodhouse: "[PATCH v5 32/34] KVM: x86: Compute kvmclock base without pvclock_gtod_data"
In reply to: Philipp Stanner: "[RFC PATCH] dma-fence: Fix races of fence callbacks versus destructors by locking"
Next in thread: Philipp Stanner: "Re: [RFC PATCH] dma-fence: Fix races of fence callbacks versus destructors by locking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Boris Brezillon

Date: Mon Jun 08 2026 - 11:38:15 EST

On Mon, 8 Jun 2026 16:24:37 +0200
Philipp Stanner <phasta@xxxxxxxxxx> wrote:

> @@ -1020,11 +1024,20 @@ EXPORT_SYMBOL(dma_fence_wait_any_timeout);
> void dma_fence_set_deadline(struct dma_fence *fence, ktime_t deadline)
> {
> const struct dma_fence_ops *ops;
> + unsigned long flags;
>
> rcu_read_lock();
> ops = rcu_dereference(fence->ops);
> - if (ops && ops->set_deadline && !dma_fence_is_signaled(fence))
> + if (!ops || !ops->set_deadline) {
> + rcu_read_unlock();
> + return;
> + }
> +
> + dma_fence_lock_irqsave(fence, flags);
> + if (!dma_fence_is_signaled_locked(fence))
> ops->set_deadline(fence, deadline);

You can't take the fence lock around ->set_deadline(), otherwise you'll
deadlock here [1] or here [2].

> +
> + dma_fence_unlock_irqrestore(fence, flags);
> rcu_read_unlock();
> }

[1]https://elixir.bootlin.com/linux/v7.0.11/source/drivers/dma-buf/sw_sync.c#L182
[2]https://elixir.bootlin.com/linux/v7.0.11/source/drivers/gpu/drm/msm/msm_fence.c#L139