[PATCH v4 06/14] dma-buf/sync_file: Support (E)POLLPRI
Tvrtko Ursulin
tvrtko.ursulin at linux.intel.com
Fri Feb 24 10:50:51 UTC 2023
On 24/02/2023 10:24, Pekka Paalanen wrote:
> On Fri, 24 Feb 2023 09:41:46 +0000
> Tvrtko Ursulin <tvrtko.ursulin at linux.intel.com> wrote:
>
>> On 24/02/2023 09:26, Pekka Paalanen wrote:
>>> On Thu, 23 Feb 2023 10:51:48 -0800
>>> Rob Clark <robdclark at gmail.com> wrote:
>>>
>>>> On Thu, Feb 23, 2023 at 1:38 AM Pekka Paalanen <ppaalanen at gmail.com> wrote:
>>>>>
>>>>> On Wed, 22 Feb 2023 07:37:26 -0800
>>>>> Rob Clark <robdclark at gmail.com> wrote:
>>>>>
>>>>>> On Wed, Feb 22, 2023 at 1:49 AM Pekka Paalanen <ppaalanen at gmail.com> wrote:
>>>
>>> ...
>>>
>>>>>>> On another matter, if the application uses SET_DEADLINE with one
>>>>>>> timestamp, and the compositor uses SET_DEADLINE on the same thing with
>>>>>>> another timestamp, what should happen?
>>>>>>
>>>>>> The expectation is that many deadline hints can be set on a fence.
>>>>>> The fence signaller should track the soonest deadline.
>>>>>
>>>>> You need to document that as UAPI, since it is observable to userspace.
>>>>> It would be bad if drivers or subsystems would differ in behaviour.
>>>>>
>>>>
>>>> It is in the end a hint. It is about giving the driver more
>>>> information so that it can make better choices. But the driver is
>>>> even free to ignore it. So maybe "expectation" is too strong of a
>>>> word. Rather, any other behavior doesn't really make sense. But it
>>>> could end up being dictated by how the hw and/or fw works.
>>>
>>> It will stop being a hint once it has been implemented and used in the
>>> wild long enough. The kernel userspace regression rules make sure of
>>> that.
>>
>> Yeah, tricky and maybe a gray area in this case. I think we eluded
>> elsewhere in the thread that renaming the thing might be an option.
>>
>> So maybe instead of deadline, which is a very strong word, use something
>> along the lines of "present time hint", or "signalled time hint"? Maybe
>> reads clumsy. Just throwing some ideas for a start.
>
> You can try, but I fear that if it ever changes behaviour and
> someone notices that, it's labelled as a kernel regression. I don't
> think documentation has ever been the authoritative definition of UABI
> in Linux, it just guides drivers and userspace towards a common
> understanding and common usage patterns.
>
> So even if the UABI contract is not documented (ugh), you need to be
> prepared to set the UABI contract through kernel implementation.
To be the devil's advocate it probably wouldn't be an ABI regression but
just an regression. Same way as what nice(2) priorities mean hasn't
always been the same over the years, I don't think there is a strict
contract.
Having said that, it may be different with latency sensitive stuff such
as UIs though since it is very observable and can be very painful to users.
> If you do not document the UABI contract, then different drivers are
> likely to implement it differently, leading to differing behaviour.
> Also userspace will invent wild ways to abuse the UABI if there is no
> documentation guiding it on proper use. If userspace or end users
> observe different behaviour, that's bad even if it's not a regression.
>
> I don't like the situation either, but it is what it is. UABI stability
> trumps everything regardless of whether it was documented or not.
>
> I bet userspace is going to use this as a "make it faster, make it
> hotter" button. I would not be surprised if someone wrote a LD_PRELOAD
> library that stamps any and all fences with an expired deadline to
> just squeeze out a little more through some weird side-effect.
>
> Well, that's hopefully overboard in scaring, but in the end, I would
> like to see UABI documented so I can have a feeling of what it is for
> and how it was intended to be used. That's all.
We share the same concern. If you read elsewhere in these threads you
will notice I have been calling this an "arms race". If the ability to
make yourself go faster does not required additional privilege I also
worry everyone will do it at which point it becomes pointless. So yes, I
do share this concern about exposing any of this as an unprivileged uapi.
Is it possible to limit access to only compositors in some sane way?
Sounds tricky when dma-fence should be disconnected from DRM..
Regards,
Tvrtko
More information about the dri-devel
mailing list