From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
To: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
Cc: David Airlie <airlied@linux.ie>,
intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
Chris Wilson <chris@chris-wilson.co.uk>,
dri-devel@lists.freedesktop.org
Subject: Re: [Intel-gfx] [PATCH] drm/i915: Fix "mitigations" parsing if i915 is builtin
Date: Wed, 14 Apr 2021 14:40:46 +0800 [thread overview]
Message-ID: <20210414144046.7641b845@xhacker.debian> (raw)
In-Reply-To: <YHXN9lqtdvisT8gn@intel.com>
Hi Ville,
On Tue, 13 Apr 2021 19:59:34 +0300 Ville Syrjälä wrote:
>
>
> On Tue, Apr 13, 2021 at 05:02:40PM +0800, Jisheng Zhang wrote:
> > I met below error during boot with i915 builtin if pass
> > "i915.mitigations=off":
> > [ 0.015589] Booting kernel: `off' invalid for parameter `i915.mitigations'
> >
> > The reason is slab subsystem isn't ready at that time, so kstrdup()
> > returns NULL. Fix this issue by using stack var instead of kstrdup().
> >
> > Fixes: 984cadea032b ("drm/i915: Allow the sysadmin to override security mitigations")
> > Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
> > ---
> > drivers/gpu/drm/i915/i915_mitigations.c | 7 ++-----
> > 1 file changed, 2 insertions(+), 5 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/i915/i915_mitigations.c b/drivers/gpu/drm/i915/i915_mitigations.c
> > index 84f12598d145..7dadf41064e0 100644
> > --- a/drivers/gpu/drm/i915/i915_mitigations.c
> > +++ b/drivers/gpu/drm/i915/i915_mitigations.c
> > @@ -29,15 +29,13 @@ bool i915_mitigate_clear_residuals(void)
> > static int mitigations_set(const char *val, const struct kernel_param *kp)
> > {
> > unsigned long new = ~0UL;
> > - char *str, *sep, *tok;
> > + char str[64], *sep, *tok;
> > bool first = true;
> > int err = 0;
> >
> > BUILD_BUG_ON(ARRAY_SIZE(names) >= BITS_PER_TYPE(mitigations));
> >
> > - str = kstrdup(val, GFP_KERNEL);
> > - if (!str)
> > - return -ENOMEM;
> > + strncpy(str, val, sizeof(str) - 1);
>
> I don't think strncpy() guarantees that the string is properly
> terminated.
>
> Also commit b1b6bed3b503 ("usb: core: fix quirks_param_set() writing to
> a const pointer") looks broken as well given your findings, and
> arch/um/drivers/virtio_uml.c seems to suffer from this as well.
> kernel/params.c itself seems to have some slab_is_available() magic
> around kmalloc().
Just tried the "usbcore.quirks" with usb builtin, I can't reproduce the
issue. Futher investigation shows that device_param_cb() macro is the
key, or the "6" in __level_param_cb(name, ops, arg, perm, 6) is the key.
While i915.mitigations uses module_param_cb_unsafe(), in which the level
will be "-1"
arch/um/drivers/virtio_uml.c also makes use of device_param_cb()
thanks
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
WARNING: multiple messages have this Message-ID (diff)
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
To: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
Cc: David Airlie <airlied@linux.ie>,
intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
Chris Wilson <chris@chris-wilson.co.uk>,
Jon Bloomfield <jon.bloomfield@intel.com>,
dri-devel@lists.freedesktop.org,
Rodrigo Vivi <rodrigo.vivi@intel.com>
Subject: Re: [PATCH] drm/i915: Fix "mitigations" parsing if i915 is builtin
Date: Wed, 14 Apr 2021 14:40:46 +0800 [thread overview]
Message-ID: <20210414144046.7641b845@xhacker.debian> (raw)
In-Reply-To: <YHXN9lqtdvisT8gn@intel.com>
Hi Ville,
On Tue, 13 Apr 2021 19:59:34 +0300 Ville Syrjälä wrote:
>
>
> On Tue, Apr 13, 2021 at 05:02:40PM +0800, Jisheng Zhang wrote:
> > I met below error during boot with i915 builtin if pass
> > "i915.mitigations=off":
> > [ 0.015589] Booting kernel: `off' invalid for parameter `i915.mitigations'
> >
> > The reason is slab subsystem isn't ready at that time, so kstrdup()
> > returns NULL. Fix this issue by using stack var instead of kstrdup().
> >
> > Fixes: 984cadea032b ("drm/i915: Allow the sysadmin to override security mitigations")
> > Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
> > ---
> > drivers/gpu/drm/i915/i915_mitigations.c | 7 ++-----
> > 1 file changed, 2 insertions(+), 5 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/i915/i915_mitigations.c b/drivers/gpu/drm/i915/i915_mitigations.c
> > index 84f12598d145..7dadf41064e0 100644
> > --- a/drivers/gpu/drm/i915/i915_mitigations.c
> > +++ b/drivers/gpu/drm/i915/i915_mitigations.c
> > @@ -29,15 +29,13 @@ bool i915_mitigate_clear_residuals(void)
> > static int mitigations_set(const char *val, const struct kernel_param *kp)
> > {
> > unsigned long new = ~0UL;
> > - char *str, *sep, *tok;
> > + char str[64], *sep, *tok;
> > bool first = true;
> > int err = 0;
> >
> > BUILD_BUG_ON(ARRAY_SIZE(names) >= BITS_PER_TYPE(mitigations));
> >
> > - str = kstrdup(val, GFP_KERNEL);
> > - if (!str)
> > - return -ENOMEM;
> > + strncpy(str, val, sizeof(str) - 1);
>
> I don't think strncpy() guarantees that the string is properly
> terminated.
>
> Also commit b1b6bed3b503 ("usb: core: fix quirks_param_set() writing to
> a const pointer") looks broken as well given your findings, and
> arch/um/drivers/virtio_uml.c seems to suffer from this as well.
> kernel/params.c itself seems to have some slab_is_available() magic
> around kmalloc().
Just tried the "usbcore.quirks" with usb builtin, I can't reproduce the
issue. Futher investigation shows that device_param_cb() macro is the
key, or the "6" in __level_param_cb(name, ops, arg, perm, 6) is the key.
While i915.mitigations uses module_param_cb_unsafe(), in which the level
will be "-1"
arch/um/drivers/virtio_uml.c also makes use of device_param_cb()
thanks
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
To: "Ville Syrjälä" <ville.syrjala@linux.intel.com>
Cc: Jani Nikula <jani.nikula@linux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
David Airlie <airlied@linux.ie>, Daniel Vetter <daniel@ffwll.ch>,
Chris Wilson <chris@chris-wilson.co.uk>,
Jon Bloomfield <jon.bloomfield@intel.com>,
intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org
Subject: Re: [PATCH] drm/i915: Fix "mitigations" parsing if i915 is builtin
Date: Wed, 14 Apr 2021 14:40:46 +0800 [thread overview]
Message-ID: <20210414144046.7641b845@xhacker.debian> (raw)
In-Reply-To: <YHXN9lqtdvisT8gn@intel.com>
Hi Ville,
On Tue, 13 Apr 2021 19:59:34 +0300 Ville Syrjälä wrote:
>
>
> On Tue, Apr 13, 2021 at 05:02:40PM +0800, Jisheng Zhang wrote:
> > I met below error during boot with i915 builtin if pass
> > "i915.mitigations=off":
> > [ 0.015589] Booting kernel: `off' invalid for parameter `i915.mitigations'
> >
> > The reason is slab subsystem isn't ready at that time, so kstrdup()
> > returns NULL. Fix this issue by using stack var instead of kstrdup().
> >
> > Fixes: 984cadea032b ("drm/i915: Allow the sysadmin to override security mitigations")
> > Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com>
> > ---
> > drivers/gpu/drm/i915/i915_mitigations.c | 7 ++-----
> > 1 file changed, 2 insertions(+), 5 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/i915/i915_mitigations.c b/drivers/gpu/drm/i915/i915_mitigations.c
> > index 84f12598d145..7dadf41064e0 100644
> > --- a/drivers/gpu/drm/i915/i915_mitigations.c
> > +++ b/drivers/gpu/drm/i915/i915_mitigations.c
> > @@ -29,15 +29,13 @@ bool i915_mitigate_clear_residuals(void)
> > static int mitigations_set(const char *val, const struct kernel_param *kp)
> > {
> > unsigned long new = ~0UL;
> > - char *str, *sep, *tok;
> > + char str[64], *sep, *tok;
> > bool first = true;
> > int err = 0;
> >
> > BUILD_BUG_ON(ARRAY_SIZE(names) >= BITS_PER_TYPE(mitigations));
> >
> > - str = kstrdup(val, GFP_KERNEL);
> > - if (!str)
> > - return -ENOMEM;
> > + strncpy(str, val, sizeof(str) - 1);
>
> I don't think strncpy() guarantees that the string is properly
> terminated.
>
> Also commit b1b6bed3b503 ("usb: core: fix quirks_param_set() writing to
> a const pointer") looks broken as well given your findings, and
> arch/um/drivers/virtio_uml.c seems to suffer from this as well.
> kernel/params.c itself seems to have some slab_is_available() magic
> around kmalloc().
Just tried the "usbcore.quirks" with usb builtin, I can't reproduce the
issue. Futher investigation shows that device_param_cb() macro is the
key, or the "6" in __level_param_cb(name, ops, arg, perm, 6) is the key.
While i915.mitigations uses module_param_cb_unsafe(), in which the level
will be "-1"
arch/um/drivers/virtio_uml.c also makes use of device_param_cb()
thanks
next prev parent reply other threads:[~2021-04-14 11:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-13 9:02 [Intel-gfx] [PATCH] drm/i915: Fix "mitigations" parsing if i915 is builtin Jisheng Zhang
2021-04-13 9:02 ` Jisheng Zhang
2021-04-13 9:02 ` Jisheng Zhang
2021-04-13 11:40 ` [Intel-gfx] ✗ Fi.CI.DOCS: warning for " Patchwork
2021-04-13 12:05 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-04-13 13:42 ` [Intel-gfx] ✗ Fi.CI.IGT: failure " Patchwork
2021-04-13 16:59 ` [Intel-gfx] [PATCH] " Ville Syrjälä
2021-04-13 16:59 ` Ville Syrjälä
2021-04-13 16:59 ` Ville Syrjälä
2021-04-14 6:16 ` [Intel-gfx] " Jisheng Zhang
2021-04-14 6:16 ` Jisheng Zhang
2021-04-14 6:16 ` Jisheng Zhang
2021-04-14 6:40 ` Jisheng Zhang [this message]
2021-04-14 6:40 ` Jisheng Zhang
2021-04-14 6:40 ` Jisheng Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210414144046.7641b845@xhacker.debian \
--to=jisheng.zhang@synaptics.com \
--cc=airlied@linux.ie \
--cc=chris@chris-wilson.co.uk \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ville.syrjala@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.