[3/4] gpiolib: cdev: reduce locking in gpio_desc_to_lineinfo()

Message ID 20231212054253.50094-4-warthog618@gmail.com
State New
Headers
Series gpiolib: cdev: relocate debounce_period_us |

Commit Message

Kent Gibson Dec. 12, 2023, 5:42 a.m. UTC
  Reduce the time holding the gpio_lock by snapshotting the desc flags,
rather than testing them individually while holding the lock.

Accept that the calculation of the used field is inherently racy, and
only check the availabilty of the line from pinctrl if other checks
pass, so avoiding the check for lines that are otherwise in use.

Signed-off-by: Kent Gibson <warthog618@gmail.com>
---
 drivers/gpio/gpiolib-cdev.c | 66 ++++++++++++++++++-------------------
 1 file changed, 32 insertions(+), 34 deletions(-)
  

Comments

andy@kernel.org Dec. 13, 2023, 1:56 p.m. UTC | #1
On Tue, Dec 12, 2023 at 01:42:52PM +0800, Kent Gibson wrote:
> Reduce the time holding the gpio_lock by snapshotting the desc flags,
> rather than testing them individually while holding the lock.
> 
> Accept that the calculation of the used field is inherently racy, and
> only check the availabilty of the line from pinctrl if other checks
> pass, so avoiding the check for lines that are otherwise in use.

...

> -	bool ok_for_pinctrl;
> -	unsigned long flags;
> +	unsigned long iflags, dflags;

With a preliminary conversion to cleanup.h this whole change becomes cleaner,
no?
  
Kent Gibson Dec. 13, 2023, 2:07 p.m. UTC | #2
On Wed, Dec 13, 2023 at 03:56:27PM +0200, Andy Shevchenko wrote:
> On Tue, Dec 12, 2023 at 01:42:52PM +0800, Kent Gibson wrote:
> > Reduce the time holding the gpio_lock by snapshotting the desc flags,
> > rather than testing them individually while holding the lock.
> >
> > Accept that the calculation of the used field is inherently racy, and
> > only check the availabilty of the line from pinctrl if other checks
> > pass, so avoiding the check for lines that are otherwise in use.
>
> ...
>
> > -	bool ok_for_pinctrl;
> > -	unsigned long flags;
> > +	unsigned long iflags, dflags;
>
> With a preliminary conversion to cleanup.h this whole change becomes cleaner,
> no?
>

You mean the scoped guards?  Dunno - haven't used them.
Care to provide more detail?

Cheers,
Kent.
  
andy@kernel.org Dec. 13, 2023, 3:05 p.m. UTC | #3
On Wed, Dec 13, 2023 at 10:07:28PM +0800, Kent Gibson wrote:
> On Wed, Dec 13, 2023 at 03:56:27PM +0200, Andy Shevchenko wrote:
> > On Tue, Dec 12, 2023 at 01:42:52PM +0800, Kent Gibson wrote:

...

> > > -	unsigned long flags;
> > > +	unsigned long iflags, dflags;
> >
> > With a preliminary conversion to cleanup.h this whole change becomes cleaner,
> > no?
> 
> You mean the scoped guards?  Dunno - haven't used them.
> Care to provide more detail?

Yes.

With use of those the flags will gone and you won't need iflags,
which is non-standard name for the spin lock flags variable anyway,
at all. Only new dflags will come here.
  
Kent Gibson Dec. 13, 2023, 3:11 p.m. UTC | #4
On Wed, Dec 13, 2023 at 10:07:28PM +0800, Kent Gibson wrote:
> On Wed, Dec 13, 2023 at 03:56:27PM +0200, Andy Shevchenko wrote:
> > On Tue, Dec 12, 2023 at 01:42:52PM +0800, Kent Gibson wrote:
> > > Reduce the time holding the gpio_lock by snapshotting the desc flags,
> > > rather than testing them individually while holding the lock.
> > >
> > > Accept that the calculation of the used field is inherently racy, and
> > > only check the availabilty of the line from pinctrl if other checks
> > > pass, so avoiding the check for lines that are otherwise in use.
> >
> > ...
> >
> > > -	bool ok_for_pinctrl;
> > > -	unsigned long flags;
> > > +	unsigned long iflags, dflags;
> >
> > With a preliminary conversion to cleanup.h this whole change becomes cleaner,
> > no?
> >
>
> You mean the scoped guards?  Dunno - haven't used them.
> Care to provide more detail?
>

Ok, so changing the spin_lock/unlock to

       scoped_guard(spinlock_irqsave, &gpio_lock) {
       ...
       }

you no longer need the iflags at all, and can rename dflags to flags.
Got it.

Cheers,
Kent.
  
andy@kernel.org Dec. 13, 2023, 3:28 p.m. UTC | #5
On Wed, Dec 13, 2023 at 11:11:34PM +0800, Kent Gibson wrote:
> On Wed, Dec 13, 2023 at 10:07:28PM +0800, Kent Gibson wrote:
> > On Wed, Dec 13, 2023 at 03:56:27PM +0200, Andy Shevchenko wrote:
> > > On Tue, Dec 12, 2023 at 01:42:52PM +0800, Kent Gibson wrote:

...

> > > > -	unsigned long flags;
> > > > +	unsigned long iflags, dflags;
> > >
> > > With a preliminary conversion to cleanup.h this whole change becomes cleaner,
> > > no?
> >
> > You mean the scoped guards?  Dunno - haven't used them.
> > Care to provide more detail?
> 
> Ok, so changing the spin_lock/unlock to
> 
>        scoped_guard(spinlock_irqsave, &gpio_lock) {
>        ...
>        }
> 
> you no longer need the iflags at all, and can rename dflags to flags.

Yes, but I prefer still dflags as it is a distinction from the lock flags
and we use lflags/dflags a lot in GPIO library, so reading the code will
give a hint about the semantics.

> Got it.
  

Patch

diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index 7999c1a72cfa..37f2c9acc770 100644
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -2398,22 +2398,12 @@  static void gpio_desc_to_lineinfo(struct gpio_desc *desc,
 				  struct gpio_v2_line_info *info)
 {
 	struct gpio_chip *gc = desc->gdev->chip;
-	bool ok_for_pinctrl;
-	unsigned long flags;
+	unsigned long iflags, dflags;
 
 	memset(info, 0, sizeof(*info));
 	info->offset = gpio_chip_hwgpio(desc);
 
-	/*
-	 * This function takes a mutex so we must check this before taking
-	 * the spinlock.
-	 *
-	 * FIXME: find a non-racy way to retrieve this information. Maybe a
-	 * lock common to both frameworks?
-	 */
-	ok_for_pinctrl = pinctrl_gpio_can_use_line(gc, info->offset);
-
-	spin_lock_irqsave(&gpio_lock, flags);
+	spin_lock_irqsave(&gpio_lock, iflags);
 
 	if (desc->name)
 		strscpy(info->name, desc->name, sizeof(info->name));
@@ -2421,51 +2411,59 @@  static void gpio_desc_to_lineinfo(struct gpio_desc *desc,
 	if (desc->label)
 		strscpy(info->consumer, desc->label, sizeof(info->consumer));
 
+	dflags = READ_ONCE(desc->flags);
+
+	spin_unlock_irqrestore(&gpio_lock, iflags);
+
 	/*
-	 * Userspace only need to know that the kernel is using this GPIO so
-	 * it can't use it.
+	 * Userspace only need know that the kernel is using this GPIO so it
+	 * can't use it.
+	 * The calculation of the used flag is slightly racy, as it may read
+	 * desc, gc and pinctrl state without a lock covering all three at
+	 * once.  Worst case if the line is in transition and the calculation
+	 * is incorrect then it looks to the user like they performed the read
+	 * on the wrong side of the transition - but that can always happen.
+	 * The definitive test that a line is available to userspace is to
+	 * request it.
 	 */
-	info->flags = 0;
-	if (test_bit(FLAG_REQUESTED, &desc->flags) ||
-	    test_bit(FLAG_IS_HOGGED, &desc->flags) ||
-	    test_bit(FLAG_USED_AS_IRQ, &desc->flags) ||
-	    test_bit(FLAG_EXPORT, &desc->flags) ||
-	    test_bit(FLAG_SYSFS, &desc->flags) ||
+	if (test_bit(FLAG_REQUESTED, &dflags) ||
+	    test_bit(FLAG_IS_HOGGED, &dflags) ||
+	    test_bit(FLAG_USED_AS_IRQ, &dflags) ||
+	    test_bit(FLAG_EXPORT, &dflags) ||
+	    test_bit(FLAG_SYSFS, &dflags) ||
 	    !gpiochip_line_is_valid(gc, info->offset) ||
-	    !ok_for_pinctrl)
+	    !pinctrl_gpio_can_use_line(gc, info->offset))
 		info->flags |= GPIO_V2_LINE_FLAG_USED;
 
-	if (test_bit(FLAG_IS_OUT, &desc->flags))
+	if (test_bit(FLAG_IS_OUT, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_OUTPUT;
 	else
 		info->flags |= GPIO_V2_LINE_FLAG_INPUT;
 
-	if (test_bit(FLAG_ACTIVE_LOW, &desc->flags))
+	if (test_bit(FLAG_ACTIVE_LOW, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_ACTIVE_LOW;
 
-	if (test_bit(FLAG_OPEN_DRAIN, &desc->flags))
+	if (test_bit(FLAG_OPEN_DRAIN, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_OPEN_DRAIN;
-	if (test_bit(FLAG_OPEN_SOURCE, &desc->flags))
+	if (test_bit(FLAG_OPEN_SOURCE, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_OPEN_SOURCE;
 
-	if (test_bit(FLAG_BIAS_DISABLE, &desc->flags))
+	if (test_bit(FLAG_BIAS_DISABLE, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_BIAS_DISABLED;
-	if (test_bit(FLAG_PULL_DOWN, &desc->flags))
+	if (test_bit(FLAG_PULL_DOWN, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_BIAS_PULL_DOWN;
-	if (test_bit(FLAG_PULL_UP, &desc->flags))
+	if (test_bit(FLAG_PULL_UP, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_BIAS_PULL_UP;
 
-	if (test_bit(FLAG_EDGE_RISING, &desc->flags))
+	if (test_bit(FLAG_EDGE_RISING, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_EDGE_RISING;
-	if (test_bit(FLAG_EDGE_FALLING, &desc->flags))
+	if (test_bit(FLAG_EDGE_FALLING, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_EDGE_FALLING;
 
-	if (test_bit(FLAG_EVENT_CLOCK_REALTIME, &desc->flags))
+	if (test_bit(FLAG_EVENT_CLOCK_REALTIME, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_EVENT_CLOCK_REALTIME;
-	else if (test_bit(FLAG_EVENT_CLOCK_HTE, &desc->flags))
+	else if (test_bit(FLAG_EVENT_CLOCK_HTE, &dflags))
 		info->flags |= GPIO_V2_LINE_FLAG_EVENT_CLOCK_HTE;
-
-	spin_unlock_irqrestore(&gpio_lock, flags);
 }
 
 struct gpio_chardev_data {