From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753444AbbLYONg (ORCPT ); Fri, 25 Dec 2015 09:13:36 -0500 Received: from smtp-outbound-1.vmware.com ([208.91.2.12]:45513 "EHLO smtp-outbound-1.vmware.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752958AbbLYONd (ORCPT ); Fri, 25 Dec 2015 09:13:33 -0500 Subject: Re: [PATCH 3.2 46/77] drm: Fix an unwanted master inheritance v2 To: Ben Hutchings , , References: CC: , Dave Airlie From: Thomas Hellstrom Message-ID: <567D4F08.9000700@vmware.com> Date: Fri, 25 Dec 2015 15:13:28 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.113.170.11] X-ClientProxiedBy: EX13-CAS-013.vmware.com (10.113.191.65) To EX13-MBX-024.vmware.com (10.113.191.44) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/24/2015 04:37 PM, Ben Hutchings wrote: > 3.2.75-rc1 review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Thomas Hellstrom > > commit a0af2e538c80f3e47f1d6ddf120a153ad909e8ad upstream. > > A client calling drmSetMaster() using a file descriptor that was opened > when another client was master would inherit the latter client's master > object and all its authenticated clients. > > This is unwanted behaviour, and when this happens, instead allocate a > brand new master object for the client calling drmSetMaster(). > > Fixes a BUG() throw in vmw_master_set(). > > Signed-off-by: Thomas Hellstrom > Signed-off-by: Dave Airlie > [bwh: Backported to 3.2: > - s/master_mutex/struct_mutex/ > - drm_new_set_master() must drop struct_mutex while calling > drm_driver::master_create > - Adjust filename, context, indentation] > Signed-off-by: Ben Hutchings > --- > --- a/drivers/gpu/drm/drm_stub.c > +++ b/drivers/gpu/drm/drm_stub.c > @@ -225,6 +225,10 @@ int drm_setmaster_ioctl(struct drm_devic > if (!file_priv->minor->master && > file_priv->minor->master != file_priv->master) { > mutex_lock(&dev->struct_mutex); > + if (!file_priv->allowed_master) { > + ret = drm_new_set_master(dev, file_priv); > + goto out_unlock; > + } > file_priv->minor->master = drm_master_get(file_priv->master); > file_priv->is_master = 1; > if (dev->driver->master_set) { > @@ -234,10 +238,11 @@ int drm_setmaster_ioctl(struct drm_devic > drm_master_put(&file_priv->minor->master); > } > } > + out_unlock: > mutex_unlock(&dev->struct_mutex); > } > > - return 0; > + return ret; > } > > int drm_dropmaster_ioctl(struct drm_device *dev, void *data, > --- a/drivers/gpu/drm/drm_fops.c > +++ b/drivers/gpu/drm/drm_fops.c > @@ -219,6 +219,62 @@ static int drm_cpu_valid(void) > } > > /** > + * drm_new_set_master - Allocate a new master object and become master for the > + * associated master realm. > + * > + * @dev: The associated device. > + * @fpriv: File private identifying the client. > + * > + * This function must be called with dev::struct_mutex held. > + * Returns negative error code on failure. Zero on success. > + */ > +int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv) > +{ > + struct drm_master *old_master; > + int ret; > + > + lockdep_assert_held_once(&dev->struct_mutex); > + Is lockdep_assert_held_once() backported into the 3.2 series? If not, this line could probably be replaced by lockdep_assert_held() for stable kernels or removed entirely. Thanks, Thomas