From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
To: intel-gfx@lists.freedesktop.org
Subject: Re: [PATCH] drm/i915: Possible security hole in command parsing
Date: Fri, 01 May 2015 20:13:21 +0100 [thread overview]
Message-ID: <5543D051.2010205@zoho.com> (raw)
In-Reply-To: <554212BF.1040309@zoho.com>
I've now done some testing (on an i5-3230M, in Debian 8), and this patch
doesn't *appear* to break anything: both with and without it (starting
from linux-next 20150430 (fa94df1) + commit 245054a drm/i915: Enable cmd
parser to do secure batch promotion for aliasing ppgtt),
-libva (said in earlier discussion to use chained batches): all basic
tests pass except test_07 (which doesn't work under 3.16 either);
putsurface works
-video (file playback and live camera) in vlc works
-beignet (OpenCL) test suite: all pass except builtin_powr_*
(long-standing known issue) and builtin_tgamma (it appears that
linux-next puts the *C*PU in denormals-flushed-to-0 floating point mode,
which breaks this test's checking mechanism: not sure if that's a bug or
just a difference between Debian's and your defaults, but as it happens
both with and without the patch, it's nothing to do with this)
The one problem I did see only with the patch was that one session had
all its windows open in the top left of the screen, un-movable, and
missing their title bar, but this was not reproducible, so I can't tell
if it was a result of the patch or a coincidence.
However, plain linux-next 20150430 (without 245054a) has a lot of
problems ("GPU HANG" in the kernel log on startup but the Xfce desktop
does come up), glxgears segfaults, beignet gives a few wrong (all-0)
results then throws CL_OUT_OF_RESOURCES, video doesn't play; probably
https://bugs.freedesktop.org/show_bug.cgi?id=90190), and given that all
245054a does is enable secure batch promotion, that suggests that the
driver no longer handles non-promoted batches properly, making this
patch a risky move.
I tried the intel-gpu-tools tests (1.10, running in recovery mode to
avoid loading X), but found that most (not all) of the tests reported
"GPU HANG" in all three linux-next cases (but worked under 3.16).
Note that I will be away from email for the next few days.
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2015-05-01 19:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-30 11:32 [PATCH] drm/i915: Possible security hole in command parsing Rebecca N. Palmer
2015-05-01 19:13 ` Rebecca N. Palmer [this message]
2015-05-05 21:39 ` Rebecca N. Palmer
2015-06-05 0:29 ` Kees Cook
2015-06-05 8:04 ` Rebecca N. Palmer
2015-05-08 9:31 ` [PATCH] " Mika Kuoppala
2015-05-08 11:24 ` Daniel Vetter
2015-05-08 13:26 ` [PATCH v2] drm/i915: Fix possible " Rebecca N. Palmer
2015-05-08 14:04 ` Mika Kuoppala
2015-05-08 14:25 ` Daniel Vetter
2015-05-08 16:51 ` [PATCH for 4.1] drm/i915: Don't clear exec_start if batch was not copied Rebecca N. Palmer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5543D051.2010205@zoho.com \
--to=rebecca_palmer@zoho.com \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.