From: Dmitry Osipenko <digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Mikko Perttunen <cyndis-/1wQRMveznE@public.gmane.org>,
Thierry Reding
<thierry.reding-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
DRI Development
<dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>,
Erik Faye-Lund
<kusmabite-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH 14/22] gpu: host1x: Forbid relocation address shifting in the firewall
Date: Tue, 23 May 2017 14:28:33 +0300 [thread overview]
Message-ID: <22579f7c-ea4b-5a31-2d68-4147754b7f2f@gmail.com> (raw)
In-Reply-To: <d5197c08-516b-0687-e2ec-61adda99caa1-/1wQRMveznE@public.gmane.org>
On 23.05.2017 14:19, Mikko Perttunen wrote:
> On 23.05.2017 13:58, Dmitry Osipenko wrote:
>> On 23.05.2017 13:14, Mikko Perttunen wrote:
>>> Reloc shifts are implemented (see assignment of u32 reloc_addr in do_relocs),
>>> and they are required for VIC job submissions.
>>>
>>
>> The *validation* is unimplemented. Since VIC uses the shifts, we may add a
>> validation for it in a way it is done for the registers / class checks, i.e.
>> compare the per address register shift value. I suppose those registers are
>> documented somewhere(TRM), could you please point me to them (TRM page, reg
>> name)?
>
> Ah, indeed, sorry. I'm not sure if it's worth implementing validation for e.g.
> VIC, since it would be quite a bit of work and require many per-chip and
> per-unit tables or ranges in the kernel. I think it's a better solution to just
> forbid everything in the firewall for VIC (and eventually other units), since on
> systems with those units the normal configuration will be IOMMU anyway.
>
> Anyway, For VIC, everything happens using two registers (method index and method
> parameter), so you would need to first detect the method index, save that, then
> wait for a method parameter write and then check that against the written
> method. The TRM currently has a list methods, but doesn't list their parameter -
> at least most ones taking a pointer are called *_OFFSET, but not sure if all. In
> any case, I don't think it's worth implementing.
>
Yes, in IOMMU case firewall will be only useful as a debug feature. We may check
for the IOMMU presence and bypass the firewall if it's present, or we may bypass
the shifts validation only.
>>
>>> On 23.05.2017 03:14, Dmitry Osipenko wrote:
>>>> Incorrectly shifted relocation address will cause a lower memory corruption
>>>> and likely a hang on a write or a read of an arbitrary data in case of IOMMU
>>>> absent. As of now there is no use for the address shifting (at least on
>>>> Tegra20) and adding a proper shifting / sizes validation is much more work.
>>>> Let's forbid it in the firewall till a proper validation is implemented.
>>>>
>>>> Signed-off-by: Dmitry Osipenko <digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>>>> ---
>>>> drivers/gpu/host1x/job.c | 4 ++++
>>>> 1 file changed, 4 insertions(+)
>>>>
>>>> diff --git a/drivers/gpu/host1x/job.c b/drivers/gpu/host1x/job.c
>>>> index 190353944d23..1a1568e64ba8 100644
>>>> --- a/drivers/gpu/host1x/job.c
>>>> +++ b/drivers/gpu/host1x/job.c
>>>> @@ -332,6 +332,10 @@ static bool check_reloc(struct host1x_reloc *reloc,
>>>> struct host1x_bo *cmdbuf,
>>>> if (reloc->cmdbuf.bo != cmdbuf || reloc->cmdbuf.offset != offset)
>>>> return false;
>>>>
>>>> + /* relocation shift value validation isn't implemented yet */
>>>> + if (reloc->shift)
>>>> + return false;
>>>> +
>>>> return true;
>>>> }
>>>>
>>>>
>>
>>
--
Dmitry
next prev parent reply other threads:[~2017-05-23 11:28 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-23 0:14 [PATCH 00/22] Tegra DRM fixes Dmitry Osipenko
[not found] ` <cover.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:14 ` [PATCH 01/22] drm/tegra: Fix lockup on a use of staging API Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 02/22] drm/tegra: Correct idr_alloc() minimum id Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 03/22] drm/tegra: Check whether page belongs to BO in tegra_bo_kmap() Dmitry Osipenko
[not found] ` <04637a55694493bdd8267a7f19798d7968568087.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:21 ` Erik Faye-Lund
2017-06-01 18:01 ` Mikko Perttunen
[not found] ` <451c46eb-7e5e-8f3a-9197-adffba014559-/1wQRMveznE@public.gmane.org>
2017-06-01 18:32 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 04/22] drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL Dmitry Osipenko
[not found] ` <801e3023e6fe11744c7e675ca7b9c5890e3210f2.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-31 18:39 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 05/22] drm/tegra: Correct copying of waitchecks and disable them " Dmitry Osipenko
[not found] ` <380fc14d114ac9abb15e447c90a4363913d34a52.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-31 18:43 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 06/22] drm/tegra: Check syncpoint ID " Dmitry Osipenko
[not found] ` <f116e4fbab1391ed59a7401f2838e95bcc3025d9.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-31 18:46 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 07/22] drm/tegra: Remove module ownership from the tegra_fb_ops Dmitry Osipenko
2017-06-13 13:43 ` Thierry Reding
[not found] ` <20170613134340.GG16758-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 14:00 ` Dmitry Osipenko
[not found] ` <827dcffe-b25c-75b1-d988-5977de1dd83f-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 15:07 ` Thierry Reding
[not found] ` <20170613150720.GD20577-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 17:39 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 08/22] drm/tegra: dc: Drop the reset asserts to workaround a bug Dmitry Osipenko
[not found] ` <35e1ef44da98701b2c507c31ecc0812530303d2d.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 13:45 ` Thierry Reding
[not found] ` <20170613134546.GH16758-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 14:18 ` Dmitry Osipenko
[not found] ` <8d131ad2-5d1a-635e-4a6c-73b69cbf8e72-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 15:07 ` Thierry Reding
2017-05-23 0:14 ` [PATCH 09/22] drm/tegra: dc: Apply clipping to the plane Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 10/22] drm/tegra: Disable plane if it is invisible Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 11/22] gpu: host1x: Initialize firewall class to the jobs one Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 12/22] gpu: host1x: Correct host1x_job_pin() error handling Dmitry Osipenko
[not found] ` <a153e811388386c26d21e26ac4deb72a4d01ae74.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:32 ` Erik Faye-Lund
2017-05-31 18:50 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 13/22] gpu: host1x: Do not leak BO's phys address to userspace Dmitry Osipenko
[not found] ` <0a7594fdecc4298f684ed55fda5c5b1be9c443ec.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 17:31 ` Mikko Perttunen
[not found] ` <00e5e6d5-def4-a4f6-df93-9505be13c4be-/1wQRMveznE@public.gmane.org>
2017-06-13 18:21 ` Dmitry Osipenko
[not found] ` <5e197807-ef57-604f-879d-7be691785a60-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-13 19:03 ` Mikko Perttunen
[not found] ` <3c0df318-d1d9-60fc-81e4-0cfa871b28e1-/1wQRMveznE@public.gmane.org>
2017-06-13 19:56 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 14/22] gpu: host1x: Forbid relocation address shifting in the firewall Dmitry Osipenko
[not found] ` <15311f1c044c3ff26624e2a980b0c477b1cf33b2.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:33 ` Erik Faye-Lund
2017-05-23 10:14 ` Mikko Perttunen
[not found] ` <3c5d7896-6753-78c5-5a74-25061244acff-/1wQRMveznE@public.gmane.org>
2017-05-23 10:58 ` Dmitry Osipenko
[not found] ` <b481d7f3-d82a-407b-4eb0-6ed24ca32199-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 11:19 ` Mikko Perttunen
[not found] ` <d5197c08-516b-0687-e2ec-61adda99caa1-/1wQRMveznE@public.gmane.org>
2017-05-23 11:28 ` Dmitry Osipenko [this message]
2017-06-01 17:39 ` Mikko Perttunen
[not found] ` <56ee62e7-a53b-0270-837a-2ae6f0a848cc-/1wQRMveznE@public.gmane.org>
2017-06-01 18:37 ` Dmitry Osipenko
[not found] ` <0a4181f5-2e19-31ed-2a8b-3314a0481c81-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 18:44 ` Dmitry Osipenko
[not found] ` <58379261-a17a-fc59-e29b-c670eafbbce5-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 18:51 ` Mikko Perttunen
[not found] ` <34b2d0b4-0e53-98b6-6859-34b8f3e32251-/1wQRMveznE@public.gmane.org>
2017-06-01 19:15 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 15/22] gpu: host1x: Forbid RESTART opcode " Dmitry Osipenko
[not found] ` <b214fc1c2e3952511eb97a404795b786c08bdeed.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:41 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 16/22] gpu: host1x: Forbid unrelated SETCLASS " Dmitry Osipenko
[not found] ` <741d3bbfb74b5455e016164a3a30d9e3101bdc24.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:39 ` Erik Faye-Lund
[not found] ` <CABPQNSbEXGHUv8kHr2sLjOLrVAiNXdStKUapMZX+CX5RWi0cfg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-23 0:45 ` Dmitry Osipenko
2017-06-13 14:06 ` Thierry Reding
[not found] ` <20170613140653.GI16758-m5CkvRiFyV9wFLYp8hBm2A@public.gmane.org>
2017-06-13 14:15 ` Dmitry Osipenko
2017-06-01 17:46 ` Mikko Perttunen
[not found] ` <11a042e3-a220-556f-ecdb-a2d9f93910eb-/1wQRMveznE@public.gmane.org>
2017-06-01 18:36 ` Dmitry Osipenko
2017-05-23 0:14 ` [PATCH 17/22] gpu: host1x: Check waits " Dmitry Osipenko
[not found] ` <1c406c0f1ed144abb3d4b5f52272c5cd6faa2d3a.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:51 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 18/22] gpu: host1x: Remove unused 'struct host1x_cmdbuf' Dmitry Osipenko
2017-05-23 0:42 ` Erik Faye-Lund
[not found] ` <f744341274b5749761550d14e37cac57cd0e63fc.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:52 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 19/22] gpu: host1x: Remove unused host1x_cdma_stop() definition Dmitry Osipenko
2017-05-23 0:43 ` Erik Faye-Lund
[not found] ` <2c22b2d1cedcfe75f66aa8500c2b9425e10724d0.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:52 ` Mikko Perttunen
2017-05-23 0:14 ` [PATCH 20/22] gpu: host1x: Refactor channel allocation code Dmitry Osipenko
2017-05-23 0:16 ` [PATCH 21/22] drm/tegra: Don't use IOMMU on Tegra20 Dmitry Osipenko
[not found] ` <fb3b357fbbdf61a20609f38a817c3f45ebc238fc.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-23 0:16 ` [PATCH 22/22] Revert "iommu/tegra: gart: Do not register with bus" Dmitry Osipenko
[not found] ` <781477cf9ac61301e639f71236d65a8b31586827.1495498184.git.digetx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-05-30 9:21 ` Joerg Roedel
2017-05-30 9:21 ` [PATCH 21/22] drm/tegra: Don't use IOMMU on Tegra20 Joerg Roedel
[not found] ` <20170530092109.GA2818-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2017-05-30 10:08 ` Dmitry Osipenko
2017-06-01 8:36 ` Dmitry Osipenko
[not found] ` <a61919f1-df1f-9cd0-3059-53daa3a88ff7-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-06-01 17:57 ` Mikko Perttunen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22579f7c-ea4b-5a31-2d68-4147754b7f2f@gmail.com \
--to=digetx-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=cyndis-/1wQRMveznE@public.gmane.org \
--cc=dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
--cc=kusmabite-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=thierry.reding-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).