From: Al Viro <viro@zeniv.linux.org.uk>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
intel-gfx@lists.freedesktop.org,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: [Intel-gfx] [PATCH] drm/i915: Minimize uaccess exposure in i915_gem_execbuffer2_ioctl()
Date: Thu, 27 Feb 2020 22:35:42 +0000 [thread overview]
Message-ID: <20200227223542.GE23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <ed52cfb852d2772bf20f48614d75f1d1b1451995.1582841072.git.jpoimboe@redhat.com>
On Thu, Feb 27, 2020 at 04:08:26PM -0600, Josh Poimboeuf wrote:
> With CONFIG_CC_OPTIMIZE_FOR_SIZE, objtool reports:
>
> drivers/gpu/drm/i915/gem/i915_gem_execbuffer.o: warning: objtool: i915_gem_execbuffer2_ioctl()+0x5b7: call to gen8_canonical_addr() with UACCESS enabled
>
> This means i915_gem_execbuffer2_ioctl() is calling gen8_canonical_addr()
> -- and indirectly, sign_extend64() -- from the user_access_begin/end
> critical region (i.e, with SMAP disabled).
>
> While it's probably harmless in this case, in general we like to avoid
> extra function calls in SMAP-disabled regions because it can open up
> inadvertent security holes.
>
> Fix it by moving the gen8_canonical_addr() conversion to a separate loop
> before user_access_begin() is called.
>
> Note that gen8_canonical_addr() is now called *before* masking off the
> PIN_OFFSET_MASK bits. That should be ok because it just does a sign
> extension and ignores the masked lower bits anyway.
How painful would it be to inline the damn thing?
<looks>
static inline u64 gen8_canonical_addr(u64 address)
{
return sign_extend64(address, GEN8_HIGH_ADDRESS_BIT);
}
static inline __s64 sign_extend64(__u64 value, int index)
{
__u8 shift = 63 - index;
return (__s64)(value << shift) >> shift;
}
What the hell? Josh, what kind of .config do you have that these are
_not_ inlined? And why not mark gen8_canonical_addr() __always_inline?
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@zeniv.linux.org.uk>
To: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>,
linux-kernel@vger.kernel.org,
Randy Dunlap <rdunlap@infradead.org>,
Peter Zijlstra <peterz@infradead.org>,
intel-gfx@lists.freedesktop.org
Subject: Re: [PATCH] drm/i915: Minimize uaccess exposure in i915_gem_execbuffer2_ioctl()
Date: Thu, 27 Feb 2020 22:35:42 +0000 [thread overview]
Message-ID: <20200227223542.GE23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <ed52cfb852d2772bf20f48614d75f1d1b1451995.1582841072.git.jpoimboe@redhat.com>
On Thu, Feb 27, 2020 at 04:08:26PM -0600, Josh Poimboeuf wrote:
> With CONFIG_CC_OPTIMIZE_FOR_SIZE, objtool reports:
>
> drivers/gpu/drm/i915/gem/i915_gem_execbuffer.o: warning: objtool: i915_gem_execbuffer2_ioctl()+0x5b7: call to gen8_canonical_addr() with UACCESS enabled
>
> This means i915_gem_execbuffer2_ioctl() is calling gen8_canonical_addr()
> -- and indirectly, sign_extend64() -- from the user_access_begin/end
> critical region (i.e, with SMAP disabled).
>
> While it's probably harmless in this case, in general we like to avoid
> extra function calls in SMAP-disabled regions because it can open up
> inadvertent security holes.
>
> Fix it by moving the gen8_canonical_addr() conversion to a separate loop
> before user_access_begin() is called.
>
> Note that gen8_canonical_addr() is now called *before* masking off the
> PIN_OFFSET_MASK bits. That should be ok because it just does a sign
> extension and ignores the masked lower bits anyway.
How painful would it be to inline the damn thing?
<looks>
static inline u64 gen8_canonical_addr(u64 address)
{
return sign_extend64(address, GEN8_HIGH_ADDRESS_BIT);
}
static inline __s64 sign_extend64(__u64 value, int index)
{
__u8 shift = 63 - index;
return (__s64)(value << shift) >> shift;
}
What the hell? Josh, what kind of .config do you have that these are
_not_ inlined? And why not mark gen8_canonical_addr() __always_inline?
next prev parent reply other threads:[~2020-02-27 22:54 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-27 22:08 [Intel-gfx] [PATCH] drm/i915: Minimize uaccess exposure in i915_gem_execbuffer2_ioctl() Josh Poimboeuf
2020-02-27 22:08 ` Josh Poimboeuf
2020-02-27 22:26 ` [Intel-gfx] " Chris Wilson
2020-02-27 22:26 ` Chris Wilson
2020-02-28 16:10 ` [Intel-gfx] " Josh Poimboeuf
2020-02-28 16:10 ` Josh Poimboeuf
2020-02-27 22:35 ` Al Viro [this message]
2020-02-27 22:35 ` Al Viro
2020-02-28 1:03 ` [Intel-gfx] " Josh Poimboeuf
2020-02-28 1:03 ` Josh Poimboeuf
2020-02-28 2:42 ` [Intel-gfx] " Randy Dunlap
2020-02-28 2:42 ` Randy Dunlap
2020-02-28 18:04 ` [Intel-gfx] " Peter Zijlstra
2020-02-28 18:04 ` Peter Zijlstra
2020-02-28 19:56 ` [Intel-gfx] " Al Viro
2020-02-28 19:56 ` Al Viro
2020-02-28 2:59 ` [Intel-gfx] ✓ Fi.CI.BAT: success for " Patchwork
2020-02-29 12:54 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200227223542.GE23230@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.