On Mon, Apr 11, 2022 at 04:13:53PM +0200, Christoph Hellwig wrote:

All the dmabufs are torn down when th VGPU is released, so there is no need for extra refcounting here.

'th' -> 'the'

I think the specific argument is that intel_vgpu_query_plane() is only called from intel_vgpu_ioctl() which has to happen while the device is open so intel_vgpu_query_plane() has no issue.

dmabuf_gem_object_free() is OK because: intel_vgpu_close_device __intel_vgpu_release intel_gvt_release_vgpu intel_vgpu_dmabuf_cleanup

Menaing dmabuf->vgpu was already NULL once close_device is passed, and the vfio_device reference is held automatically from open_device->close_device

And similarly intel_vgpu_dmabuf_cleanup() is OK because it is called by the above.

The other places that call intel_vgpu_dmabuf_cleanup() are redundant with the close_device path.

Though the 'release_work' callpath is buggy, for many reasons, but not for this series.

Reviewed-by: Jason Gunthorpe jgg@nvidia.com

diff --git a/drivers/gpu/drm/i915/gvt/dmabuf.c b/drivers/gpu/drm/i915/gvt/dmabuf.c index 90443306a9ad4..01e54b45c5c1b 100644 +++ b/drivers/gpu/drm/i915/gvt/dmabuf.c @@ -139,7 +139,6 @@ static void dmabuf_gem_object_free(struct kref *kref) dmabuf_obj = list_entry(pos, struct intel_vgpu_dmabuf_obj, list); if (dmabuf_obj == obj) {

Not for this series but it seems like there is something off about the locking here:

if (vgpu && vgpu->active && !list_empty(&vgpu->dmabuf_obj_list_head)) {

This is called under the dmabuf lock but active is protected by the vgpu_lock.. It seems strange that vgpu->active could be false but the device is still open, so maybe it is not possible.

Jason