diff --git a/linux-core/drm_bo.c b/linux-core/drm_bo.c index 1c0eebd0..b9a261d5 100644 --- a/linux-core/drm_bo.c +++ b/linux-core/drm_bo.c @@ -67,6 +67,9 @@ void drm_bo_add_to_pinned_lru(drm_buffer_object_t * bo) { drm_mem_type_manager_t *man; + DRM_ASSERT_LOCKED(&bo->dev->struct_mutex); + DRM_ASSERT_LOCKED(&bo->mutex); + man = &bo->dev->bm.man[bo->pinned_mem_type]; list_add_tail(&bo->pinned_lru, &man->pinned); } @@ -75,6 +78,8 @@ void drm_bo_add_to_lru(drm_buffer_object_t * bo) { drm_mem_type_manager_t *man; + DRM_ASSERT_LOCKED(&bo->dev->struct_mutex); + if (!(bo->mem.mask & (DRM_BO_FLAG_NO_MOVE | DRM_BO_FLAG_NO_EVICT)) || bo->mem.mem_type != bo->pinned_mem_type) { man = &bo->dev->bm.man[bo->mem.mem_type]; @@ -134,6 +139,8 @@ static int drm_bo_add_ttm(drm_buffer_object_t * bo) int ret = 0; bo->ttm = NULL; + DRM_ASSERT_LOCKED(&bo->mutex); + switch (bo->type) { case drm_bo_type_dc: bo->ttm = drm_ttm_init(dev, bo->mem.num_pages << PAGE_SHIFT); @@ -266,6 +273,8 @@ int drm_bo_wait(drm_buffer_object_t * bo, int lazy, int ignore_signals, drm_fence_object_t *fence = bo->fence; int ret; + DRM_ASSERT_LOCKED(&bo->mutex); + if (fence) { drm_device_t *dev = bo->dev; if (drm_fence_object_signaled(dev, fence, bo->fence_type, 0)) { @@ -331,6 +340,8 @@ static void drm_bo_cleanup_refs(drm_buffer_object_t * bo, int remove_all) drm_device_t *dev = bo->dev; drm_buffer_manager_t *bm = &dev->bm; + DRM_ASSERT_LOCKED(&dev->struct_mutex); + atomic_inc(&bo->usage); mutex_unlock(&dev->struct_mutex); mutex_lock(&bo->mutex); @@ -393,6 +404,8 @@ static void drm_bo_destroy_locked(drm_buffer_object_t * bo) drm_device_t *dev = bo->dev; drm_buffer_manager_t *bm = &dev->bm; + DRM_ASSERT_LOCKED(&dev->struct_mutex); + if (list_empty(&bo->lru) && bo->mem.mm_node == NULL && list_empty(&bo->pinned_lru) && bo->pinned_node == NULL && list_empty(&bo->ddestroy) && atomic_read(&bo->usage) == 0) { @@ -415,6 +428,7 @@ static void drm_bo_destroy_locked(drm_buffer_object_t * bo) atomic_dec(&bm->count); + BUG_ON(!list_empty(&bo->base.list)); drm_ctl_free(bo, sizeof(*bo), DRM_MEM_BUFOBJ); return; @@ -491,6 +505,8 @@ static void drm_bo_delayed_workqueue(struct work_struct *work) void drm_bo_usage_deref_locked(drm_buffer_object_t * bo) { + DRM_ASSERT_LOCKED(&bo->dev->struct_mutex); + if (atomic_dec_and_test(&bo->usage)) { drm_bo_destroy_locked(bo); } @@ -501,6 +517,8 @@ static void drm_bo_base_deref_locked(drm_file_t * priv, drm_user_object_t * uo) drm_buffer_object_t *bo = drm_user_object_entry(uo, drm_buffer_object_t, base); + DRM_ASSERT_LOCKED(&bo->dev->struct_mutex); + drm_bo_takedown_vm_locked(bo); drm_bo_usage_deref_locked(bo); } @@ -1462,11 +1480,14 @@ static int drm_bo_handle_validate(drm_file_t * priv, uint32_t handle, uint32_t flags, uint32_t mask, uint32_t hint, drm_bo_arg_reply_t * rep) { + struct drm_device *dev = priv->head->dev; drm_buffer_object_t *bo; int ret; int no_wait = hint & DRM_BO_HINT_DONT_BLOCK; + mutex_lock(&dev->struct_mutex); bo = drm_lookup_buffer_object(priv, handle, 1); + mutex_unlock(&dev->struct_mutex); if (!bo) { return -EINVAL; } @@ -1498,9 +1519,13 @@ static int drm_bo_handle_validate(drm_file_t * priv, uint32_t handle, static int drm_bo_handle_info(drm_file_t * priv, uint32_t handle, drm_bo_arg_reply_t * rep) { + struct drm_device *dev = priv->head->dev; drm_buffer_object_t *bo; + mutex_lock(&dev->struct_mutex); bo = drm_lookup_buffer_object(priv, handle, 1); + mutex_unlock(&dev->struct_mutex); + if (!bo) { return -EINVAL; } @@ -1520,7 +1545,11 @@ static int drm_bo_handle_wait(drm_file_t * priv, uint32_t handle, int no_wait = hint & DRM_BO_HINT_DONT_BLOCK; int ret; + struct drm_device *dev = priv->head->dev; + mutex_lock(&dev->struct_mutex); bo = drm_lookup_buffer_object(priv, handle, 1); + mutex_unlock(&dev->struct_mutex); + if (!bo) { return -EINVAL; } @@ -2319,6 +2348,7 @@ static void drm_bo_takedown_vm_locked(drm_buffer_object_t * bo) drm_local_map_t *map; drm_device_t *dev = bo->dev; + DRM_ASSERT_LOCKED(&dev->struct_mutex); if (list->user_token) { drm_ht_remove_item(&dev->map_hash, &list->hash); list->user_token = 0; @@ -2344,6 +2374,7 @@ static int drm_bo_setup_vm_locked(drm_buffer_object_t * bo) drm_local_map_t *map; drm_device_t *dev = bo->dev; + DRM_ASSERT_LOCKED(&dev->struct_mutex); list->map = drm_ctl_calloc(1, sizeof(*map), DRM_MEM_BUFOBJ); if (!list->map) return -ENOMEM; diff --git a/linux-core/drm_fence.c b/linux-core/drm_fence.c index 70baad9f..b5fc2235 100644 --- a/linux-core/drm_fence.c +++ b/linux-core/drm_fence.c @@ -129,11 +129,14 @@ void drm_fence_usage_deref_locked(drm_device_t * dev, { drm_fence_manager_t *fm = &dev->fm; + DRM_ASSERT_LOCKED(&dev->struct_mutex); + if (atomic_dec_and_test(&fence->usage)) { drm_fence_unring(dev, &fence->ring); DRM_DEBUG("Destroyed a fence object 0x%08lx\n", fence->base.hash.key); atomic_dec(&fm->count); + BUG_ON(!list_empty(&fence->base.list)); drm_ctl_free(fence, sizeof(*fence), DRM_MEM_FENCE); } } @@ -148,6 +151,7 @@ void drm_fence_usage_deref_unlocked(drm_device_t * dev, if (atomic_read(&fence->usage) == 0) { drm_fence_unring(dev, &fence->ring); atomic_dec(&fm->count); + BUG_ON(!list_empty(&fence->base.list)); drm_ctl_free(fence, sizeof(*fence), DRM_MEM_FENCE); } mutex_unlock(&dev->struct_mutex); @@ -448,15 +452,16 @@ int drm_fence_add_user_object(drm_file_t * priv, drm_fence_object_t * fence, mutex_lock(&dev->struct_mutex); ret = drm_add_user_object(priv, &fence->base, shareable); - mutex_unlock(&dev->struct_mutex); if (ret) - return ret; + goto out; + atomic_inc(&fence->usage); fence->base.type = drm_fence_type; fence->base.remove = &drm_fence_object_destroy; DRM_DEBUG("Fence 0x%08lx created\n", fence->base.hash.key); - return 0; +out: + mutex_unlock(&dev->struct_mutex); + return ret; } - EXPORT_SYMBOL(drm_fence_add_user_object); int drm_fence_object_create(drm_device_t * dev, uint32_t class, uint32_t type, @@ -466,7 +471,7 @@ int drm_fence_object_create(drm_device_t * dev, uint32_t class, uint32_t type, int ret; drm_fence_manager_t *fm = &dev->fm; - fence = drm_ctl_alloc(sizeof(*fence), DRM_MEM_FENCE); + fence = drm_ctl_calloc(1, sizeof(*fence), DRM_MEM_FENCE); if (!fence) return -ENOMEM; ret = drm_fence_object_init(dev, class, type, flags, fence); @@ -566,13 +571,8 @@ int drm_fence_ioctl(DRM_IOCTL_ARGS) drm_fence_usage_deref_unlocked(dev, fence); return ret; } - - /* - * usage > 0. No need to lock dev->struct_mutex; - */ - - atomic_inc(&fence->usage); arg.handle = fence->base.hash.key; + break; case drm_fence_destroy: mutex_lock(&dev->struct_mutex); @@ -637,7 +637,6 @@ int drm_fence_ioctl(DRM_IOCTL_ARGS) DRM_FENCE_FLAG_SHAREABLE); if (ret) return ret; - atomic_inc(&fence->usage); arg.handle = fence->base.hash.key; break; default: diff --git a/linux-core/drm_object.c b/linux-core/drm_object.c index 03906034..567a7d2b 100644 --- a/linux-core/drm_object.c +++ b/linux-core/drm_object.c @@ -36,6 +36,8 @@ int drm_add_user_object(drm_file_t * priv, drm_user_object_t * item, drm_device_t *dev = priv->head->dev; int ret; + DRM_ASSERT_LOCKED(&dev->struct_mutex); + atomic_set(&item->refcount, 1); item->shareable = shareable; item->owner = priv; @@ -56,6 +58,8 @@ drm_user_object_t *drm_lookup_user_object(drm_file_t * priv, uint32_t key) int ret; drm_user_object_t *item; + DRM_ASSERT_LOCKED(&dev->struct_mutex); + ret = drm_ht_find_item(&dev->object_hash, key, &hash); if (ret) { return NULL; @@ -88,6 +92,8 @@ static void drm_deref_user_object(drm_file_t * priv, drm_user_object_t * item) int drm_remove_user_object(drm_file_t * priv, drm_user_object_t * item) { + DRM_ASSERT_LOCKED(&priv->head->dev->struct_mutex); + if (item->owner != priv) { DRM_ERROR("Cannot destroy object not owned by you.\n"); return -EINVAL; @@ -125,6 +131,7 @@ int drm_add_ref_object(drm_file_t * priv, drm_user_object_t * referenced_object, drm_ref_object_t *item; drm_open_hash_t *ht = &priv->refd_object_hash[ref_action]; + DRM_ASSERT_LOCKED(&priv->head->dev->struct_mutex); if (!referenced_object->shareable && priv != referenced_object->owner) { DRM_ERROR("Not allowed to reference this object\n"); return -EINVAL; @@ -181,6 +188,7 @@ drm_ref_object_t *drm_lookup_ref_object(drm_file_t * priv, drm_hash_item_t *hash; int ret; + DRM_ASSERT_LOCKED(&priv->head->dev->struct_mutex); ret = drm_ht_find_item(&priv->refd_object_hash[ref_action], (unsigned long)referenced_object, &hash); if (ret) @@ -213,6 +221,7 @@ void drm_remove_ref_object(drm_file_t * priv, drm_ref_object_t * item) drm_open_hash_t *ht = &priv->refd_object_hash[item->unref_action]; drm_ref_t unref_action; + DRM_ASSERT_LOCKED(&priv->head->dev->struct_mutex); unref_action = item->unref_action; if (atomic_dec_and_test(&item->refcount)) { ret = drm_ht_remove_item(ht, &item->hash); diff --git a/linux-core/drm_objects.h b/linux-core/drm_objects.h index 42c8e536..59c8902d 100644 --- a/linux-core/drm_objects.h +++ b/linux-core/drm_objects.h @@ -473,4 +473,12 @@ extern int drm_bo_move_accel_cleanup(drm_buffer_object_t * bo, uint32_t fence_flags, drm_bo_mem_reg_t * new_mem); +#ifdef CONFIG_DEBUG_MUTEXES +#define DRM_ASSERT_LOCKED(_mutex) \ + BUG_ON(!mutex_is_locked(_mutex) || \ + ((_mutex)->owner != current_thread_info())) +#else +#define DRM_ASSERT_LOCKED(_mutex) +#endif + #endif