From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44FE5C56201 for ; Thu, 19 Nov 2020 15:40:03 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C03402222F for ; Thu, 19 Nov 2020 15:40:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ZNynP0Vq"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=ffwll.ch header.i=@ffwll.ch header.b="RAGa792R" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C03402222F Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ffwll.ch Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=WUNBck3+X5u2K/8t8NBswgovwwO1SaPzdegYJc+sv7o=; b=ZNynP0VqQVT8D8isEYdNOt+yE jkRRW942V2dVEgYbavqwfQSUUo9rV0mCeVadUik+OM3QO5MCY/FFoSNYZgkDJbFTdjveR2C5vDDUX 06cfEu4f4/hU7OsWkyQ3+o8al7Pv1PYrumjHoeTtAa5BtO1DAv+CD+GzajtxoOkn27E85J9vF4v5u LytEH/6tdwI/TU7po9018pYnaeYuTneaItWkKnxDE++bF0FEVk5oiTqyMhh3NxDhBWnqMjGWB6uVg PrLN2xHyU3NHx91DCqZdvRF8UK3EaGIg+hEZtLH0YOFp7fU5WTTEHSlqb9xzJhV+yDe/YJRoRw3if 5wU5CKE3w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kfm19-0001rk-34; Thu, 19 Nov 2020 15:38:39 +0000 Received: from mail-wr1-x443.google.com ([2a00:1450:4864:20::443]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kfm0x-0001n1-9T for linux-arm-kernel@lists.infradead.org; Thu, 19 Nov 2020 15:38:34 +0000 Received: by mail-wr1-x443.google.com with SMTP id k2so6951305wrx.2 for ; Thu, 19 Nov 2020 07:38:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=6XA/mJ5qwxKzS/oPUNQf7OhfJDBjGk44DsUe5YEVuhA=; b=RAGa792RtRLMHN/6PxUhQ2WYVn4P3kUxISmR11CLAfzoJeAeWPHuleecbrhgxYl1Ox XAalTo1Cq6Pps/P1Za3IXB1JJo57Ya7j98lzmOxf2ya8VSfkclU09NNKd2vgh19S8yVK 0mNqKjjYbLAv5KDSFqzuSzH0A6PhgQIE1fvA4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=6XA/mJ5qwxKzS/oPUNQf7OhfJDBjGk44DsUe5YEVuhA=; b=hbVRJR772iwJlQqTqN3jqvNcZT6xDl4QehwsKTMCcELBGR9+Cf70kXk5tqLs49kI0k SjRX8eSZcwS7u/0k//4uiyjIGT9QsIrmnseWtJAHuSSMCzPfaKEGOig9cKDTXM/hoAqb pW9F9Z8WqPTDhxuBUbAI/HzdjP+G5WRhSpJWrPhqryKzWc3+4MHSughMF6obvIUrUkmL qZiguAuz81ywX2ID1pYMMlRkYCZT7LyIneC1XPlxEHPJE3NqurWvo50G4kyq+KF/UXcy Gef1euEjJD+u8vXBtNecWi3VqhbOLMbdrMdFyl3EeI/tJPDbVkyQI9VDfa7J76CZXhgT by3Q== X-Gm-Message-State: AOAM530aLexgyhoNPHh4Zg/RmCAxUYn+i8nyQQto3NvA5G+c7qJLV9vi 2LE63oJN2arvXnRky1/PVEoUAw== X-Google-Smtp-Source: ABdhPJziDV6aF0blOvMy2qku/KISMM8F79fMndj2I+clHB0om6jAJ3+8gKCTA8OjZgwinBkmve9uZA== X-Received: by 2002:adf:9b95:: with SMTP id d21mr10439728wrc.335.1605800306341; Thu, 19 Nov 2020 07:38:26 -0800 (PST) Received: from phenom.ffwll.local ([2a02:168:57f4:0:efd0:b9e5:5ae6:c2fa]) by smtp.gmail.com with ESMTPSA id f17sm344444wmh.10.2020.11.19.07.38.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Nov 2020 07:38:25 -0800 (PST) Date: Thu, 19 Nov 2020 16:38:23 +0100 From: Daniel Vetter To: Maxime Ripard Subject: Re: [PATCH 2/8] drm: Document use-after-free gotcha with private objects Message-ID: <20201119153823.GF401619@phenom.ffwll.local> References: <20201113152956.139663-1-maxime@cerno.tech> <20201113152956.139663-3-maxime@cerno.tech> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20201113152956.139663-3-maxime@cerno.tech> X-Operating-System: Linux phenom 5.7.0-1-amd64 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201119_103827_417400_91D678E0 X-CRM114-Status: GOOD ( 26.21 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , devicetree@vger.kernel.org, Tim Gover , Dave Stevenson , David Airlie , Maarten Lankhorst , dri-devel@lists.freedesktop.org, Eric Anholt , Rob Herring , bcm-kernel-feedback-list@broadcom.com, linux-rpi-kernel@lists.infradead.org, Thomas Zimmermann , Daniel Vetter , Frank Rowand , Phil Elwell , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, Nov 13, 2020 at 04:29:50PM +0100, Maxime Ripard wrote: > The private objects have a gotcha that could result in a use-after-free, > make sure it's properly documented. > > Signed-off-by: Maxime Ripard > --- > include/drm/drm_atomic.h | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/include/drm/drm_atomic.h b/include/drm/drm_atomic.h > index 413fd0ca56a8..24b52b3a459f 100644 > --- a/include/drm/drm_atomic.h > +++ b/include/drm/drm_atomic.h > @@ -248,6 +248,24 @@ struct drm_private_state_funcs { > * drm_dev_register() > * 2/ all calls to drm_atomic_private_obj_fini() must be done after calling > * drm_dev_unregister() > + * > + * If that private object is used to store a state shared my multiple s/my/by/ > + * CRTCs, proper care must be taken to ensure that non-blocking commits are > + * properly ordered to avoid a use-after-free issue. > + * > + * Indeed, assuming a sequence of two non-blocking commits on two different > + * CRTCs using different planes and connectors, so with no resources shared, > + * there's no guarantee on which commit is going to happen first. However, the > + * second commit will consider the first private state its old state, and will > + * be in charge of freeing it whenever the second commit is done. > + * > + * If the first commit happens after it, it will consider its private state the > + * new state and will be likely to access it, resulting in an access to a freed > + * memory region. A way to circumvent this is to store (and get a reference to) s/A way to circumvent/Driver should/ And maybe make the paragraph break here and remove the previous one in the middle of your example. > + * the crtc commit in our private state in &struct drm_crtc_commit so it's linked properly > + * &drm_mode_config_helper_funcs.atomic_commit_setup, and then wait for that > + * commit to complete as part of s/as part of/as the first step of/ > + * &drm_mode_config_helper_funcs.atomic_commit_tail. And maybe add "... similar to drm_atomic_helper_wait_for_dependencies()" With the nits addressed: Reviewed-by: Daniel Vetter > */ > struct drm_private_obj { > /** > -- > 2.28.0 > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel