From: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com>
To: Tvrtko Ursulin <tursulin@ursulin.net>,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
dri-devel@lists.freedesktop.org,
Thomas Zimmermann <tzimmermann@suse.de>,
Simona Vetter <simona.vetter@ffwll.ch>
Cc: intel-gfx@lists.freedesktop.org, jani.nikula@linux.intel.com,
rodrigo.vivi@intel.com, karol.wachowski@intel.com,
tomasz.rusinowicz@intel.com,
Krzysztof Karas <krzysztof.karas@intel.com>
Subject: Re: [PATCH v2] drm/i915: Add VM_DONTEXPAND to exported buffers
Date: Thu, 20 Feb 2025 16:40:36 +0100 [thread overview]
Message-ID: <880db65b-6d17-4adf-ad88-4a9e077aebc4@linux.intel.com> (raw)
In-Reply-To: <15c019f5-a26b-47e5-9ec5-41746e63cae6@ursulin.net>
Hi,
On 2/20/2025 2:53 PM, Tvrtko Ursulin wrote:
>
> On 20/02/2025 13:14, Jacek Lawrynowicz wrote:
>> Hi,
>>
>> On 2/19/2025 11:55 AM, Joonas Lahtinen wrote:
>>> Quoting Jacek Lawrynowicz (2025-02-11 17:57:03)
>>>> Hi, can I submit this to drm-misc or should someone commit this to drm-intel?
>>>
>>> Is the this happening in linux-next or is it still completely out-of-tree?
>> The patch is not merged so it is happening everywhere.
>>
>>> Feels weird that the splat would not have happened in any hybrid GPU
>>> systems in the past. Did you look what is the difference between your
>>> driver and amdgpu/nouveau?
>>
>> It looks like imported buffers are just never mmaped.
>>
>> This is a call chain when mmapping imported buffer in amdgpu:
>> drm_gem_mmap()->drm_gem_mmap_obj()->amdgpu_gem_object_mmap()->drm_gem_ttm_mmap()->ttm_bo_mmap_obj()
>>
>> And this is intel_vpu call chain:
>> drm_gem_mmap()->drm_gem_mmap_obj()->drm_gem_shmem_object_mmap()->drm_gem_shmem_mmap()->dma_buf_mmap()->i915_gem_dmabuf_mmap()
>>
>> amdgpu does not check if the object is imported and just calls drm_gem_ttm_mmap() and dma_buf_mmap() is never called.
>> Same with xe and nouveau. All drivers using drm_gem_shmem seems ok but besides them only couple small drivers check for import_attach in mmap.
>> Looks like most drivers do not support mmapping imported buffers.
>> Is this really possible? Do you have test coverage for this?
>
> Without going into details here, commenting just on the "mmaping imported buffers" part.
>
> My understanding is that mmaping imported buffers should not be supported by design. There was some discussion around this in https://lore.kernel.org/dri-devel/bc7f7844-0aa3-4802-b203-69d58e8be2fa@linux.intel.com/ (The thread is for a patch which added this ability to i915.).
If so, these drivers should return an error when mmaping imported buffer instead of happily proceed as if it was an ordinary buffer.
In my opinion, every driver that doesn't check obj->import_attach in drm_gem_object_funcs->mmap has potential for security vulnerability.
Thomas, Simona, shouldn't there be a clear policy regarding this for the all drivers?
Jacek
prev parent reply other threads:[~2025-02-20 15:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-14 8:23 [PATCH v2] drm/i915: Add VM_DONTEXPAND to exported buffers Jacek Lawrynowicz
2025-01-14 13:17 ` ✓ i915.CI.BAT: success for drm/i915: Add VM_DONTEXPAND to exported buffers (rev2) Patchwork
2025-01-15 10:01 ` ✗ i915.CI.Full: failure " Patchwork
2025-02-11 15:57 ` [PATCH v2] drm/i915: Add VM_DONTEXPAND to exported buffers Jacek Lawrynowicz
2025-02-11 20:50 ` Rodrigo Vivi
2025-02-19 10:55 ` Joonas Lahtinen
2025-02-20 13:14 ` Jacek Lawrynowicz
2025-02-20 13:53 ` Tvrtko Ursulin
2025-02-20 15:40 ` Jacek Lawrynowicz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=880db65b-6d17-4adf-ad88-4a9e077aebc4@linux.intel.com \
--to=jacek.lawrynowicz@linux.intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=karol.wachowski@intel.com \
--cc=krzysztof.karas@intel.com \
--cc=rodrigo.vivi@intel.com \
--cc=simona.vetter@ffwll.ch \
--cc=tomasz.rusinowicz@intel.com \
--cc=tursulin@ursulin.net \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox