From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
To: intel-gfx@lists.freedesktop.org
Subject: Re: [PATCH] drm/i915: Possible security hole in command parsing
Date: Fri, 01 May 2015 20:13:21 +0100 [thread overview]
Message-ID: <5543D051.2010205@zoho.com> (raw)
In-Reply-To: <554212BF.1040309@zoho.com>
I've now done some testing (on an i5-3230M, in Debian 8), and this patch
doesn't *appear* to break anything: both with and without it (starting
from linux-next 20150430 (fa94df1) + commit 245054a drm/i915: Enable cmd
parser to do secure batch promotion for aliasing ppgtt),
-libva (said in earlier discussion to use chained batches): all basic
tests pass except test_07 (which doesn't work under 3.16 either);
putsurface works
-video (file playback and live camera) in vlc works
-beignet (OpenCL) test suite: all pass except builtin_powr_*
(long-standing known issue) and builtin_tgamma (it appears that
linux-next puts the *C*PU in denormals-flushed-to-0 floating point mode,
which breaks this test's checking mechanism: not sure if that's a bug or
just a difference between Debian's and your defaults, but as it happens
both with and without the patch, it's nothing to do with this)
The one problem I did see only with the patch was that one session had
all its windows open in the top left of the screen, un-movable, and
missing their title bar, but this was not reproducible, so I can't tell
if it was a result of the patch or a coincidence.
However, plain linux-next 20150430 (without 245054a) has a lot of
problems ("GPU HANG" in the kernel log on startup but the Xfce desktop
does come up), glxgears segfaults, beignet gives a few wrong (all-0)
results then throws CL_OUT_OF_RESOURCES, video doesn't play; probably
https://bugs.freedesktop.org/show_bug.cgi?id=90190), and given that all
245054a does is enable secure batch promotion, that suggests that the
driver no longer handles non-promoted batches properly, making this
patch a risky move.
I tried the intel-gpu-tools tests (1.10, running in recovery mode to
avoid loading X), but found that most (not all) of the tests reported
"GPU HANG" in all three linux-next cases (but worked under 3.16).
Note that I will be away from email for the next few days.
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2015-05-01 19:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-30 11:32 [PATCH] drm/i915: Possible security hole in command parsing Rebecca N. Palmer
2015-05-01 19:13 ` Rebecca N. Palmer [this message]
2015-05-05 21:39 ` Rebecca N. Palmer
2015-06-05 0:29 ` Kees Cook
2015-06-05 8:04 ` Rebecca N. Palmer
2015-05-08 9:31 ` [PATCH] " Mika Kuoppala
2015-05-08 11:24 ` Daniel Vetter
2015-05-08 13:26 ` [PATCH v2] drm/i915: Fix possible " Rebecca N. Palmer
2015-05-08 14:04 ` Mika Kuoppala
2015-05-08 14:25 ` Daniel Vetter
2015-05-08 16:51 ` [PATCH for 4.1] drm/i915: Don't clear exec_start if batch was not copied Rebecca N. Palmer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5543D051.2010205@zoho.com \
--to=rebecca_palmer@zoho.com \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox