[PATCH] drm: Drop modeset locking from crtc init function

Mon Sep 8 06:41:01 PDT 2014

On Mon, Sep 08, 2014 at 02:57:23PM +0200, Thomas Hellstrom wrote:
> On 09/08/2014 09:03 AM, Daniel Vetter wrote:
> > At driver init no one can access modeset objects and we're
> > single-threaded. So locking is just cargo-culting here. Worse, with
> > the new ww mutexes and ww mutex slowpath debugging the mutex_lock
> > might actually fail, and we don't have the full-blown ww recovery
> > dance.
> >
> > Which then leads to fireworks when we try to unlock the not-locked
> > crtc lock.
> >
> > An audit of all the functions called from here shows that none of them
> > contain locking checks, so there's also no reason to keep the locking
> > around just for consistency of caller contexts. Besides that I have
> > the rule (at least in i915) that such places where we take locks just
> > to simplify locking checks and not for correctness always require a
> > comment.
> 
> I'm not really opposed to any of the patches. It's clear that trylock
> will work, and it's also clear that locking is not strictly needed, at
> least not of a lock that has not been published yet.
> 
> However, I tend to go for the  "lock even if it's unnecessary" version
> for a couple of reasons:
> 
> a) If that turns out to be impossible or very hard, then something is
> probably wrong with the design.
> b) It's good to think of locks where possible as "protecting data"
> rather than serializing something. With that in mind, and if we in the
> future were to have tools to automatically check that relevant locks are
> held while accessing lock-protected stuff, we're in trouble.
> c) Even if there aren't any functions now that check for relevant locks
> held, there might be in the future.
> d) People will probably spend time wondering why locking is done
> elsewhere but not here.
> 
> So at least considering d) and b) I'd like to see documentation the
> other way around:
> If we avoid taking locks around data accesses that are supposed to be
> protected by the lock for whatever reason, the reason should be documented.

Well my argument nowadays is that you should never abuse locking to
enforce ordering constraints. And an objects that's just getting
initialized but isn't published anywhere really has no reason to have
locking for data consistency, so really only justified to be held if it
makes the "protecting data" self-checks easier. E.g. we have a bunch of
checks about manipulating the connector mode list all over, so init code
must hold the relevant locks.

Also ime locking sprawl (which happens escpecially with big locks like
dev->struct_mutex) is really bad for long-term maintainability, so by
default I want as little locking as possible.

I guess a comment can make sense if there's no locking to explain the odd
case. But if everything is sanely designed then imo pure init functions
really should have comments about locks they take and not if they take no
locks. Since with a sane design the no-locks case really should be the
default. And if that makes people question the locking scheme and learn
something about "locking for ordering" vs. "locking to protect data"
that's a feature ;-) Note that this is specifically about init/teardown
(suspend/resume is similar), which is all about ordering and otherwise
rather single-threaded (at least if you don't botch up the synchronization
with async workers on teardown).

So at least in i915 I'll keep on rejecting patches that add random
carg-culted locking to init/shutdown paths.
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch