From: Boris Brezillon <boris.brezillon@collabora.com>
To: Danilo Krummrich <dakr@redhat.com>
Cc: matthew.brost@intel.com, thomas.hellstrom@linux.intel.com,
sarah.walker@imgtec.com, nouveau@lists.freedesktop.org,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
donald.robson@imgtec.com, christian.koenig@amd.com,
faith.ekstrand@collabora.com
Subject: Re: [PATCH drm-misc-next v3 6/7] drm/gpuvm: generalize dma_resv/extobj handling and GEM validation
Date: Mon, 11 Sep 2023 16:45:26 +0200 [thread overview]
Message-ID: <20230911164526.0192a686@collabora.com> (raw)
In-Reply-To: <20230909153125.30032-7-dakr@redhat.com>
On Sat, 9 Sep 2023 17:31:13 +0200
Danilo Krummrich <dakr@redhat.com> wrote:
> @@ -807,6 +1262,14 @@ drm_gpuvm_bo_destroy(struct kref *kref)
>
> drm_gem_gpuva_assert_lock_held(vm_bo->obj);
>
> + spin_lock(&gpuvm->extobj.lock);
> + list_del(&vm_bo->list.entry.extobj);
> + spin_unlock(&gpuvm->extobj.lock);
> +
> + spin_lock(&gpuvm->evict.lock);
> + list_del(&vm_bo->list.entry.evict);
> + spin_unlock(&gpuvm->evict.lock);
> +
> list_del(&vm_bo->list.entry.gem);
>
> drm_gem_object_put(obj);
I ran into a UAF situation when the drm_gpuvm_bo object is the last
owner of obj, because the lock that's supposed to be held when calling
this function (drm_gem_gpuva_assert_lock_held() call above), belongs to
obj (either obj->resv, or a driver specific lock that's attached to the
driver-specific GEM object). I worked around it by taking a ref to obj
before calling lock()+drm_gpuvm_bo_put()+unlock(), and releasing it
after I'm node with the lock, but that just feels wrong.
WARNING: multiple messages have this Message-ID (diff)
From: Boris Brezillon <boris.brezillon@collabora.com>
To: Danilo Krummrich <dakr@redhat.com>
Cc: airlied@gmail.com, daniel@ffwll.ch, matthew.brost@intel.com,
thomas.hellstrom@linux.intel.com, sarah.walker@imgtec.com,
donald.robson@imgtec.com, christian.koenig@amd.com,
faith.ekstrand@collabora.com, dri-devel@lists.freedesktop.org,
nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH drm-misc-next v3 6/7] drm/gpuvm: generalize dma_resv/extobj handling and GEM validation
Date: Mon, 11 Sep 2023 16:45:26 +0200 [thread overview]
Message-ID: <20230911164526.0192a686@collabora.com> (raw)
In-Reply-To: <20230909153125.30032-7-dakr@redhat.com>
On Sat, 9 Sep 2023 17:31:13 +0200
Danilo Krummrich <dakr@redhat.com> wrote:
> @@ -807,6 +1262,14 @@ drm_gpuvm_bo_destroy(struct kref *kref)
>
> drm_gem_gpuva_assert_lock_held(vm_bo->obj);
>
> + spin_lock(&gpuvm->extobj.lock);
> + list_del(&vm_bo->list.entry.extobj);
> + spin_unlock(&gpuvm->extobj.lock);
> +
> + spin_lock(&gpuvm->evict.lock);
> + list_del(&vm_bo->list.entry.evict);
> + spin_unlock(&gpuvm->evict.lock);
> +
> list_del(&vm_bo->list.entry.gem);
>
> drm_gem_object_put(obj);
I ran into a UAF situation when the drm_gpuvm_bo object is the last
owner of obj, because the lock that's supposed to be held when calling
this function (drm_gem_gpuva_assert_lock_held() call above), belongs to
obj (either obj->resv, or a driver specific lock that's attached to the
driver-specific GEM object). I worked around it by taking a ref to obj
before calling lock()+drm_gpuvm_bo_put()+unlock(), and releasing it
after I'm node with the lock, but that just feels wrong.
next prev parent reply other threads:[~2023-09-11 14:45 UTC|newest]
Thread overview: 214+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-09 15:31 [Nouveau] [PATCH drm-misc-next v3 0/7] [RFC] DRM GPUVA Manager GPU-VM features Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 1/7] drm/gpuvm: rename struct drm_gpuva_manager to struct drm_gpuvm Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 18:23 ` [Nouveau] " kernel test robot
2023-09-09 18:23 ` kernel test robot
2023-09-09 18:23 ` kernel test robot
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 2/7] drm/gpuvm: allow building as module Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-11 13:09 ` [Nouveau] " Christian König
2023-09-11 13:09 ` Christian König
2023-09-11 13:09 ` Christian König
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 3/7] drm/nouveau: uvmm: rename 'umgr' to 'base' Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 4/7] drm/gpuvm: common dma-resv per struct drm_gpuvm Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-11 12:00 ` Boris Brezillon
2023-09-11 12:00 ` Boris Brezillon
2023-09-11 16:16 ` [Nouveau] " Danilo Krummrich
2023-09-11 16:16 ` Danilo Krummrich
2023-09-11 16:16 ` Danilo Krummrich
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 5/7] drm/gpuvm: add an abstraction for a VM / BO combination Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-11 17:19 ` [Nouveau] " Thomas Hellström
2023-09-11 17:19 ` Thomas Hellström
2023-09-11 17:19 ` Thomas Hellström
2023-09-11 17:49 ` [Nouveau] " Danilo Krummrich
2023-09-11 17:49 ` Danilo Krummrich
2023-09-11 17:49 ` Danilo Krummrich
2023-09-11 18:37 ` [Nouveau] " Thomas Hellström
2023-09-11 18:37 ` Thomas Hellström
2023-09-11 18:37 ` Thomas Hellström
2023-09-12 7:42 ` [Nouveau] " Thomas Hellström
2023-09-12 7:42 ` Thomas Hellström
2023-09-12 7:42 ` Thomas Hellström
2023-09-12 10:06 ` [Nouveau] " Danilo Krummrich
2023-09-12 10:06 ` Danilo Krummrich
2023-09-12 10:06 ` Danilo Krummrich
2023-09-12 10:33 ` [Nouveau] " Thomas Hellström
2023-09-12 10:33 ` Thomas Hellström
2023-09-12 10:33 ` Thomas Hellström
2023-09-12 11:05 ` [Nouveau] " Danilo Krummrich
2023-09-12 11:05 ` Danilo Krummrich
2023-09-12 11:05 ` Danilo Krummrich
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 6/7] drm/gpuvm: generalize dma_resv/extobj handling and GEM validation Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 20:16 ` [Nouveau] " kernel test robot
2023-09-09 20:16 ` kernel test robot
2023-09-09 20:16 ` kernel test robot
2023-09-11 10:35 ` Boris Brezillon
2023-09-11 10:35 ` Boris Brezillon
2023-09-11 16:23 ` [Nouveau] " Danilo Krummrich
2023-09-11 16:23 ` Danilo Krummrich
2023-09-11 16:23 ` Danilo Krummrich
2023-09-11 12:54 ` Boris Brezillon
2023-09-11 12:54 ` Boris Brezillon
2023-09-11 14:45 ` Boris Brezillon [this message]
2023-09-11 14:45 ` Boris Brezillon
2023-09-11 16:30 ` [Nouveau] " Danilo Krummrich
2023-09-11 16:30 ` Danilo Krummrich
2023-09-11 16:30 ` Danilo Krummrich
2023-09-12 16:20 ` [Nouveau] " Thomas Hellström
2023-09-12 16:20 ` Thomas Hellström
2023-09-12 16:20 ` Thomas Hellström
2023-09-12 16:50 ` [Nouveau] " Danilo Krummrich
2023-09-12 16:50 ` Danilo Krummrich
2023-09-12 16:50 ` Danilo Krummrich
2023-09-12 19:23 ` [Nouveau] " Thomas Hellström
2023-09-12 19:23 ` Thomas Hellström
2023-09-12 19:23 ` Thomas Hellström
2023-09-12 23:36 ` [Nouveau] " Danilo Krummrich
2023-09-12 23:36 ` Danilo Krummrich
2023-09-12 23:36 ` Danilo Krummrich
2023-09-13 9:14 ` [Nouveau] " Thomas Hellström
2023-09-13 9:14 ` Thomas Hellström
2023-09-13 9:14 ` Thomas Hellström
2023-09-13 12:16 ` [Nouveau] " Danilo Krummrich
2023-09-13 12:16 ` Danilo Krummrich
2023-09-13 12:16 ` Danilo Krummrich
2023-09-13 14:26 ` [Nouveau] " Christian König
2023-09-13 14:26 ` Christian König
2023-09-13 14:26 ` Christian König
2023-09-13 15:13 ` [Nouveau] " Thomas Hellström
2023-09-13 15:13 ` Thomas Hellström
2023-09-13 15:13 ` Thomas Hellström
2023-09-13 15:26 ` [Nouveau] " Christian König
2023-09-13 15:26 ` Christian König
2023-09-13 15:26 ` Christian König
2023-09-13 15:15 ` [Nouveau] " Danilo Krummrich
2023-09-13 15:15 ` Danilo Krummrich
2023-09-13 15:15 ` Danilo Krummrich
2023-09-13 15:33 ` [Nouveau] " Christian König
2023-09-13 15:33 ` Christian König
2023-09-13 15:33 ` Christian König
2023-09-13 15:46 ` [Nouveau] " Danilo Krummrich
2023-09-13 15:46 ` Danilo Krummrich
2023-09-13 15:46 ` Danilo Krummrich
2023-09-19 12:07 ` [Nouveau] " Christian König
2023-09-19 12:07 ` Christian König
2023-09-19 12:07 ` Christian König
2023-09-19 12:21 ` [Nouveau] " Thomas Hellström
2023-09-19 12:21 ` Thomas Hellström
2023-09-19 12:21 ` Thomas Hellström
2023-09-19 15:16 ` [Nouveau] " Danilo Krummrich
2023-09-19 15:16 ` Danilo Krummrich
2023-09-19 15:16 ` Danilo Krummrich
2023-09-19 15:23 ` [Nouveau] " Thomas Hellström
2023-09-19 15:23 ` Thomas Hellström
2023-09-19 15:23 ` Thomas Hellström
2023-09-20 5:37 ` [Nouveau] " Christian König
2023-09-20 5:37 ` Christian König
2023-09-20 5:37 ` Christian König
2023-09-20 7:44 ` [Nouveau] " Thomas Hellström
2023-09-20 7:44 ` Thomas Hellström
2023-09-20 7:44 ` Thomas Hellström
2023-09-20 8:29 ` [Nouveau] " Thomas Hellström
2023-09-20 8:29 ` Thomas Hellström
2023-09-20 8:29 ` Thomas Hellström
2023-09-20 10:51 ` [Nouveau] " Christian König
2023-09-20 10:51 ` Christian König
2023-09-20 10:51 ` Christian König
2023-09-20 12:06 ` [Nouveau] " Thomas Hellström
2023-09-20 12:06 ` Thomas Hellström
2023-09-20 12:06 ` Thomas Hellström
2023-09-20 13:06 ` [Nouveau] " Christian König
2023-09-20 13:06 ` Christian König
2023-09-20 13:06 ` Christian König
2023-09-20 13:38 ` [Nouveau] " Thomas Hellström
2023-09-20 13:38 ` Thomas Hellström
2023-09-20 13:38 ` Thomas Hellström
2023-09-20 13:48 ` [Nouveau] " Christian König
2023-09-20 13:48 ` Christian König
2023-09-20 13:48 ` Christian König
2023-09-20 14:02 ` [Nouveau] " Thomas Hellström
2023-09-20 14:02 ` Thomas Hellström
2023-09-20 14:02 ` Thomas Hellström
2023-09-20 14:11 ` [Nouveau] " Christian König
2023-09-20 14:11 ` Christian König
2023-09-20 14:11 ` Christian König
2023-09-14 10:57 ` [Nouveau] " Danilo Krummrich
2023-09-14 10:57 ` Danilo Krummrich
2023-09-14 11:32 ` Thomas Hellström
2023-09-14 11:32 ` Thomas Hellström
2023-09-14 15:27 ` Danilo Krummrich
2023-09-14 15:27 ` Danilo Krummrich
2023-09-14 17:13 ` Thomas Hellström
2023-09-14 17:13 ` Thomas Hellström
2023-09-14 17:15 ` Danilo Krummrich
2023-09-14 17:15 ` Danilo Krummrich
2023-09-18 11:21 ` Danilo Krummrich
2023-09-18 11:21 ` Danilo Krummrich
2023-09-13 7:03 ` Boris Brezillon
2023-09-13 7:03 ` Boris Brezillon
2023-09-13 7:05 ` [Nouveau] " Dave Airlie
2023-09-13 7:05 ` Dave Airlie
2023-09-13 7:05 ` Dave Airlie
2023-09-13 7:19 ` Boris Brezillon
2023-09-13 7:19 ` Boris Brezillon
2023-09-13 10:39 ` [Nouveau] " Thomas Hellström
2023-09-13 10:39 ` Thomas Hellström
2023-09-13 10:39 ` Thomas Hellström
2023-09-13 11:33 ` Boris Brezillon
2023-09-13 11:33 ` Boris Brezillon
2023-09-13 12:01 ` [Nouveau] " Danilo Krummrich
2023-09-13 12:01 ` Danilo Krummrich
2023-09-13 12:01 ` Danilo Krummrich
2023-09-13 13:22 ` [Nouveau] " Thomas Hellström
2023-09-13 13:22 ` Thomas Hellström
2023-09-13 13:22 ` Thomas Hellström
2023-09-13 14:01 ` Boris Brezillon
2023-09-13 14:01 ` Boris Brezillon
2023-09-13 14:29 ` [Nouveau] " Thomas Hellström
2023-09-13 14:29 ` Thomas Hellström
2023-09-13 14:29 ` Thomas Hellström
2023-09-13 15:17 ` Boris Brezillon
2023-09-13 15:17 ` Boris Brezillon
2023-09-14 8:20 ` Boris Brezillon
2023-09-14 8:20 ` Boris Brezillon
2023-09-14 10:45 ` [Nouveau] " Thomas Hellström
2023-09-14 10:45 ` Thomas Hellström
2023-09-14 10:45 ` Thomas Hellström
2023-09-14 11:54 ` Boris Brezillon
2023-09-14 11:54 ` Boris Brezillon
2023-09-14 13:33 ` [Nouveau] " Thomas Hellström
2023-09-14 13:33 ` Thomas Hellström
2023-09-14 13:33 ` Thomas Hellström
2023-09-14 15:37 ` Boris Brezillon
2023-09-14 15:37 ` Boris Brezillon
2023-09-14 13:48 ` [Nouveau] " Thomas Hellström
2023-09-14 13:48 ` Thomas Hellström
2023-09-14 13:48 ` Thomas Hellström
2023-09-14 16:36 ` [Nouveau] " Danilo Krummrich
2023-09-14 16:36 ` Danilo Krummrich
2023-09-14 16:36 ` Danilo Krummrich
2023-09-14 17:21 ` [Nouveau] " Thomas Hellström
2023-09-14 17:21 ` Thomas Hellström
2023-09-14 17:21 ` Thomas Hellström
2023-09-14 17:25 ` [Nouveau] " Danilo Krummrich
2023-09-14 17:25 ` Danilo Krummrich
2023-09-14 17:25 ` Danilo Krummrich
2023-09-14 19:14 ` [Nouveau] " Thomas Hellström
2023-09-14 19:14 ` Thomas Hellström
2023-09-14 19:14 ` Thomas Hellström
2023-09-09 15:31 ` [Nouveau] [PATCH drm-misc-next v3 7/7] drm/nouveau: GPUVM dma-resv/extobj handling, " Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
2023-09-09 15:31 ` Danilo Krummrich
-- strict thread matches above, loose matches on Subject: below --
2023-09-11 9:08 [PATCH drm-misc-next v3 6/7] drm/gpuvm: generalize dma_resv/extobj handling and " kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230911164526.0192a686@collabora.com \
--to=boris.brezillon@collabora.com \
--cc=christian.koenig@amd.com \
--cc=dakr@redhat.com \
--cc=donald.robson@imgtec.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=faith.ekstrand@collabora.com \
--cc=linux-kernel@vger.kernel.org \
--cc=matthew.brost@intel.com \
--cc=nouveau@lists.freedesktop.org \
--cc=sarah.walker@imgtec.com \
--cc=thomas.hellstrom@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.