[bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking

All of lore.kernel.org
 help / color / mirror / Atom feed

* [bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking
@ 2021-12-16 12:08 ` Dan Carpenter
  0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2021-12-16 12:08 UTC (permalink / raw)
  To: dri-devel; +Cc: virtualization, amd-gfx, lima, etnaviv

Hi DRM Devs,

In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB.
I have a static checker warning for this and most of the warnings are
from DRM ioctls.

drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:120 amdgpu_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN

These ioctls can all trigger the stack dump.  The line numbers are from
linux next (next-20211214).

I feel like ideally if this could be fixed in a central way, but if not
then hopefully I've added the relevant lists to the CC.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking
@ 2021-12-16 12:08 ` Dan Carpenter
  0 siblings, 0 replies; 5+ messages in thread
From: Dan Carpenter @ 2021-12-16 12:08 UTC (permalink / raw)
  To: dri-devel; +Cc: virtualization, amd-gfx, lima, etnaviv

Hi DRM Devs,

In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB.
I have a static checker warning for this and most of the warnings are
from DRM ioctls.

drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:120 amdgpu_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN

These ioctls can all trigger the stack dump.  The line numbers are from
linux next (next-20211214).

I feel like ideally if this could be fixed in a central way, but if not
then hopefully I've added the relevant lists to the CC.

regards,
dan carpenter
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking
  2021-12-16 12:08 ` Dan Carpenter
  (?)
@ 2021-12-16 14:02 ` Steven Price
  2021-12-16 14:15   ` Boris Brezillon
  -1 siblings, 1 reply; 5+ messages in thread
From: Steven Price @ 2021-12-16 14:02 UTC (permalink / raw)
  To: Dan Carpenter, dri-devel, Boris Brezillon
  Cc: etnaviv, lima, amd-gfx, virtualization

+ Boris

On 16/12/2021 12:08, Dan Carpenter wrote:
> Hi DRM Devs,
> 
> In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
> from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB.
> I have a static checker warning for this and most of the warnings are
> from DRM ioctls.
> 
> drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN
> drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN

I believe this one in Panfrost would be fixed by Boris's series
reworking the submit ioctl[1].

Boris: are you planning on submitting that series soon - or is it worth
cherry picking the rework in patch 5 to fix this issue?

[1]
https://lore.kernel.org/all/20210930190954.1525933-1-boris.brezillon@collabora.com/

> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:120 amdgpu_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
> 
> These ioctls can all trigger the stack dump.  The line numbers are from
> linux next (next-20211214).
> 
> I feel like ideally if this could be fixed in a central way, but if not
> then hopefully I've added the relevant lists to the CC.

I've only looked at Panfrost, but at least here we're simply allowing
user space to allocate an arbitrary amount of kernel memory in one go -
which is always going to be a good way of triggering the OOM killer if
nothing else. Boris's series includes a change that means instead trying
to copy an (attacker controller) sized array into the kernel to process,
we copy each each element of the array in turn.

So I don't really see how this could be fixed in a central way (but some
of the other cases might be different).

Thanks,

Steve

> regards,
> dan carpenter
> 


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking
  2021-12-16 14:02 ` Steven Price
@ 2021-12-16 14:15   ` Boris Brezillon
  2021-12-16 14:23     ` Steven Price
  0 siblings, 1 reply; 5+ messages in thread
From: Boris Brezillon @ 2021-12-16 14:15 UTC (permalink / raw)
  To: Steven Price
  Cc: lima, etnaviv, amd-gfx, virtualization, dri-devel, Dan Carpenter

Hi Steve,

On Thu, 16 Dec 2021 14:02:25 +0000
Steven Price <steven.price@arm.com> wrote:

> + Boris
> 
> On 16/12/2021 12:08, Dan Carpenter wrote:
> > Hi DRM Devs,
> > 
> > In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
> > from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB.
> > I have a static checker warning for this and most of the warnings are
> > from DRM ioctls.
> > 
> > drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN
> > drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN  
> 
> I believe this one in Panfrost would be fixed by Boris's series
> reworking the submit ioctl[1].
> 
> Boris: are you planning on submitting that series soon - or is it worth
> cherry picking the rework in patch 5 to fix this issue?

Don't know when I'll get back to it, so I'd recommend cherry-picking
what you need.

Regards,

Boris

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking
  2021-12-16 14:15   ` Boris Brezillon
@ 2021-12-16 14:23     ` Steven Price
  0 siblings, 0 replies; 5+ messages in thread
From: Steven Price @ 2021-12-16 14:23 UTC (permalink / raw)
  To: Boris Brezillon
  Cc: lima, etnaviv, amd-gfx, virtualization, dri-devel, Dan Carpenter

On 16/12/2021 14:15, Boris Brezillon wrote:
> Hi Steve,
> 
> On Thu, 16 Dec 2021 14:02:25 +0000
> Steven Price <steven.price@arm.com> wrote:
> 
>> + Boris
>>
>> On 16/12/2021 12:08, Dan Carpenter wrote:
>>> Hi DRM Devs,
>>>
>>> In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
>>> from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB.
>>> I have a static checker warning for this and most of the warnings are
>>> from DRM ioctls.
>>>
>>> drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN
>>> drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN  
>>
>> I believe this one in Panfrost would be fixed by Boris's series
>> reworking the submit ioctl[1].
>>
>> Boris: are you planning on submitting that series soon - or is it worth
>> cherry picking the rework in patch 5 to fix this issue?
> 
> Don't know when I'll get back to it, so I'd recommend cherry-picking
> what you need.

Thanks, no problem - it was mostly when I looked at the code I had the
feeling that "surely this has already been fixed", then discovered your
series was never merged ;)

I'll hammer out a patch for this one issue.

Thanks,

Steve

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-12-16 14:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-16 12:08 [bug report] new kvmalloc() WARN() triggered by DRM ioctls tracking Dan Carpenter
2021-12-16 12:08 ` Dan Carpenter
2021-12-16 14:02 ` Steven Price
2021-12-16 14:15   ` Boris Brezillon
2021-12-16 14:23     ` Steven Price

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.