From: Daniel Vetter <daniel@ffwll.ch>
To: "Antoine, Peter" <peter.antoine@intel.com>
Cc: "daniel.vetter@ffwll.ch" <daniel.vetter@ffwll.ch>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"airlied@redhat.com" <airlied@redhat.com>
Subject: Re: [Intel-gfx] [PATCH 3/5] drm: Possible lock priority escalation.
Date: Tue, 5 May 2015 09:23:07 +0200 [thread overview]
Message-ID: <20150505072307.GX30184@phenom.ffwll.local> (raw)
In-Reply-To: <1430808329.15051.14.camel@peterant-linux>
On Tue, May 05, 2015 at 06:45:30AM +0000, Antoine, Peter wrote:
> On Mon, 2015-05-04 at 15:56 +0200, Daniel Vetter wrote:
> > On Mon, Apr 27, 2015 at 07:52:46PM +0300, Ville Syrjälä wrote:
> > > On Thu, Apr 23, 2015 at 03:07:56PM +0100, Peter Antoine wrote:
> > > > If an application that has a driver lock created, wants the lock the
> > > > kernel context, it is not allowed to. If the call to drm_lock has a
> > > > context of 0, it is rejected. If you set the context to _DRM_LOCK_CONT
> > > > then call drm lock, it will pass the context == DRM_KERNEL_CONTEXT checks.
> > > > But as the DRM_LOCK_CONT bits are not part of the context id this allows
> > > > operations on the DRM_KERNEL_CONTEXT.
> > > >
> > > > Issue: VIZ-5485
> > > > Signed-off-by: Peter Antoine <peter.antoine@intel.com>
> >
> > If you're touching code with drm_legacy_ prefix of in such a file you've
> > ended up in the horrible corners of the dri1 dungeons and should head back
> > out pronto ;-)
> >
> > If we can actually run into this code on production i915 then we need to
> > improve the locks at the door of these dungeons for kms drivers, not try
> > to fix up the mess behind them. That's just plain impossible.
> >
> > If you want to make really sure we get this right some simple drm igt
> > tests to make sure these codepaths are really dead for kms driver might be
> > good. But otherwise we really can only annotate this as wontfix in
> > code security issue scanners.
> > -Daniel
> >
> There is a test that covers this fix. This is a simple three line fix
> that stops a userspace driver locking the kernel context. Yes they are
> other problems with this code, but why are they stopping this patch that
> does a simple fix from going in?
>
> I'll happily drop this patch if it causes more problems that it fixes.
Because we don't want to fix the legacy context crap but instead outright
disable it for everyone (well except nouveau) running in kms code. drm
legacy code really is broken by design, there's no way to fix it.
And worst case we'll end up breaking some old machines in some and then
have to deal with the regression. Which means I won't apply these patches
if we can somehow just disable all that code for i915.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2015-05-05 7:23 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-23 14:07 [PATCH 0/5] HW_LOCK Security Patches Peter Antoine
2015-04-23 14:07 ` [PATCH 1/5] drm: Kernel Crash in drm_unlock Peter Antoine
2015-04-23 14:19 ` [Intel-gfx] " Chris Wilson
2015-04-23 14:34 ` Antoine, Peter
2015-04-23 14:39 ` [Intel-gfx] " Chris Wilson
2015-04-24 5:52 ` Antoine, Peter
2015-04-28 9:21 ` Dave Gordon
2015-04-28 9:52 ` chris
2015-05-04 13:52 ` Daniel Vetter
2015-05-05 6:37 ` Antoine, Peter
2015-05-05 7:20 ` Daniel Vetter
2015-04-28 14:56 ` Dave Gordon
2015-04-23 14:07 ` [PATCH 2/5] drm: Fixes unsafe deference in locks Peter Antoine
2015-04-23 14:21 ` [Intel-gfx] " Chris Wilson
2015-04-23 14:07 ` [PATCH 3/5] drm: Possible lock priority escalation Peter Antoine
2015-04-27 16:52 ` [Intel-gfx] " Ville Syrjälä
2015-05-04 13:56 ` Daniel Vetter
2015-05-05 6:45 ` Antoine, Peter
2015-05-05 7:23 ` Daniel Vetter [this message]
2015-04-23 14:07 ` [PATCH 4/5] drm: Make HW_LOCK access functions optional Peter Antoine
2015-04-27 17:03 ` Ville Syrjälä
2015-04-28 5:52 ` Antoine, Peter
2015-04-28 10:40 ` Ville Syrjälä
2015-04-28 11:29 ` Antoine, Peter
2015-04-28 13:08 ` Ville Syrjälä
2015-04-28 13:29 ` Antoine, Peter
2015-05-04 14:05 ` Daniel Vetter
2015-05-04 23:02 ` Dave Airlie
2015-04-23 14:07 ` [PATCH 5/5] drm: Make Legacy Context " Peter Antoine
2015-04-23 19:01 ` shuang.he
2015-05-13 6:54 ` [PATCH v2 0/2] HW_LOCK kernel patched Peter Antoine
2015-05-13 6:54 ` [PATCH v2 1/2] drm: Make HW_LOCK access functions optional Peter Antoine
2015-05-13 7:14 ` Daniel Vetter
2015-05-13 7:24 ` Daniel Vetter
2015-05-13 6:54 ` [PATCH v2 2/2] drm: Make Legacy Context " Peter Antoine
2015-05-13 7:19 ` Daniel Vetter
2015-05-13 9:41 ` Ville Syrjälä
2015-05-15 5:58 ` shuang.he
2015-05-13 7:08 ` [PATCH v2 0/2] HW_LOCK kernel patched Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150505072307.GX30184@phenom.ffwll.local \
--to=daniel@ffwll.ch \
--cc=airlied@redhat.com \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=peter.antoine@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox