From: Sean Paul <sean@poorly.run>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: "DRI Development" <dri-devel@lists.freedesktop.org>,
"Intel Graphics Development" <intel-gfx@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>,
"Gustavo Padovan" <gustavo@padovan.org>,
"Maarten Lankhorst" <maarten.lankhorst@linux.intel.com>,
"Sean Paul" <sean@poorly.run>, "David Airlie" <airlied@linux.ie>,
"John Stultz" <john.stultz@linaro.org>,
"Noralf Trønnes" <noralf@tronnes.org>,
"Daniel Vetter" <daniel.vetter@intel.com>
Subject: Re: [PATCH 4/4] drm/fb: Stop leaking physical address
Date: Wed, 22 Aug 2018 08:57:36 -0400 [thread overview]
Message-ID: <20180822125736.GV164269@art_vandelay> (raw)
In-Reply-To: <20180822085405.10787-4-daniel.vetter@ffwll.ch>
On Wed, Aug 22, 2018 at 10:54:05AM +0200, Daniel Vetter wrote:
> For buffer sharing, use dma-buf instead. We can't set smem_start to 0
> unconditionally since that's used by the fbdev mmap default
> implementation. And we have plenty of userspace which would like to
> keep that working.
>
> This might break legit userspace - if it does we need to look at a
> case-by-cases basis how to handle that. Worst case I expect overrides
> for only specific drivers, since anything remotely modern should be
> using dma-buf/prime now (which is about 7 years old now for DRM
> drivers).
>
> This issue was uncovered because Noralf's rework to implement a
> generic fb_probe also implements it's own fb_mmap callback. Which
> means smem_start didn't have to be set anymore, which blew up some
> blob in userspace rather badly.
>
> Cc: Gustavo Padovan <gustavo@padovan.org>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> Cc: Sean Paul <sean@poorly.run>
> Cc: David Airlie <airlied@linux.ie>
> Cc: John Stultz <john.stultz@linaro.org>
> Cc: Noralf Trønnes <noralf@tronnes.org>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
After clarifying on IRC, I think this makes sense. The chance to break userspace
requires a very specific configuration that I don't expect will be common.
Acked-by: Sean Paul <seanpaul@chromium.org>
> ---
> drivers/gpu/drm/drm_fb_helper.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 4b0dd20bccb8..bcb78693c4f7 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -2673,6 +2673,8 @@ __drm_fb_helper_initial_config_and_unlock(struct drm_fb_helper *fb_helper,
>
> info = fb_helper->fbdev;
> info->var.pixclock = 0;
> + /* don't leak any physical addresses to userspace */
> + info->flags |= FBINFO_HIDE_SMEM_START;
>
> /* Need to drop locks to avoid recursive deadlock in
> * register_framebuffer. This is ok because the only thing left to do is
> --
> 2.18.0
>
--
Sean Paul, Software Engineer, Google / Chromium OS
WARNING: multiple messages have this Message-ID (diff)
From: Sean Paul <sean@poorly.run>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: "David Airlie" <airlied@linux.ie>,
"Intel Graphics Development" <intel-gfx@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>,
"DRI Development" <dri-devel@lists.freedesktop.org>,
"Noralf Trønnes" <noralf@tronnes.org>,
"John Stultz" <john.stultz@linaro.org>,
"Daniel Vetter" <daniel.vetter@intel.com>
Subject: Re: [PATCH 4/4] drm/fb: Stop leaking physical address
Date: Wed, 22 Aug 2018 08:57:36 -0400 [thread overview]
Message-ID: <20180822125736.GV164269@art_vandelay> (raw)
In-Reply-To: <20180822085405.10787-4-daniel.vetter@ffwll.ch>
On Wed, Aug 22, 2018 at 10:54:05AM +0200, Daniel Vetter wrote:
> For buffer sharing, use dma-buf instead. We can't set smem_start to 0
> unconditionally since that's used by the fbdev mmap default
> implementation. And we have plenty of userspace which would like to
> keep that working.
>
> This might break legit userspace - if it does we need to look at a
> case-by-cases basis how to handle that. Worst case I expect overrides
> for only specific drivers, since anything remotely modern should be
> using dma-buf/prime now (which is about 7 years old now for DRM
> drivers).
>
> This issue was uncovered because Noralf's rework to implement a
> generic fb_probe also implements it's own fb_mmap callback. Which
> means smem_start didn't have to be set anymore, which blew up some
> blob in userspace rather badly.
>
> Cc: Gustavo Padovan <gustavo@padovan.org>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> Cc: Sean Paul <sean@poorly.run>
> Cc: David Airlie <airlied@linux.ie>
> Cc: John Stultz <john.stultz@linaro.org>
> Cc: Noralf Trønnes <noralf@tronnes.org>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
After clarifying on IRC, I think this makes sense. The chance to break userspace
requires a very specific configuration that I don't expect will be common.
Acked-by: Sean Paul <seanpaul@chromium.org>
> ---
> drivers/gpu/drm/drm_fb_helper.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 4b0dd20bccb8..bcb78693c4f7 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -2673,6 +2673,8 @@ __drm_fb_helper_initial_config_and_unlock(struct drm_fb_helper *fb_helper,
>
> info = fb_helper->fbdev;
> info->var.pixclock = 0;
> + /* don't leak any physical addresses to userspace */
> + info->flags |= FBINFO_HIDE_SMEM_START;
>
> /* Need to drop locks to avoid recursive deadlock in
> * register_framebuffer. This is ok because the only thing left to do is
> --
> 2.18.0
>
--
Sean Paul, Software Engineer, Google / Chromium OS
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2018-08-22 12:57 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20180822085418epcas5p30ab8aa4b49ba204f4891760af002bce1@epcas5p3.samsung.com>
2018-08-22 8:54 ` [PATCH 1/4] fbdev: Drop FBINFO_CAN_FORCE_OUTPUT flag Daniel Vetter
2018-08-22 8:54 ` Daniel Vetter
2018-08-22 8:54 ` [PATCH 2/4] vt: Remove vc_panic_force_write Daniel Vetter
2018-08-22 8:59 ` Greg Kroah-Hartman
2018-08-22 8:59 ` Greg Kroah-Hartman
2018-09-11 12:11 ` Daniel Vetter
2018-08-22 8:54 ` [PATCH 3/4] fbdev: Add FBINFO_HIDE_SMEM_START flag Daniel Vetter
2018-08-22 8:54 ` Daniel Vetter
2018-08-22 8:54 ` Daniel Vetter
2018-09-03 16:48 ` Daniel Vetter
2018-09-03 16:48 ` Daniel Vetter
2018-09-03 16:48 ` Daniel Vetter
2018-09-10 12:51 ` Bartlomiej Zolnierkiewicz
2018-09-10 12:51 ` Bartlomiej Zolnierkiewicz
2018-08-22 8:54 ` [PATCH 4/4] drm/fb: Stop leaking physical address Daniel Vetter
2018-08-22 12:57 ` Sean Paul [this message]
2018-08-22 12:57 ` Sean Paul
2018-08-22 9:21 ` ✓ Fi.CI.BAT: success for series starting with [1/4] fbdev: Drop FBINFO_CAN_FORCE_OUTPUT flag Patchwork
2018-08-22 10:09 ` ✓ Fi.CI.IGT: " Patchwork
2018-09-10 12:48 ` [PATCH 1/4] " Bartlomiej Zolnierkiewicz
2018-09-10 12:48 ` Bartlomiej Zolnierkiewicz
2018-09-10 12:48 ` Bartlomiej Zolnierkiewicz
2018-09-11 7:42 ` Daniel Vetter
2018-09-11 7:42 ` Daniel Vetter
2018-09-11 7:42 ` Daniel Vetter
2018-09-11 8:47 ` Bartlomiej Zolnierkiewicz
2018-09-11 8:47 ` Bartlomiej Zolnierkiewicz
2018-09-11 8:47 ` Bartlomiej Zolnierkiewicz
2018-09-11 12:12 ` [Intel-gfx] " Daniel Vetter
2018-09-11 12:12 ` Daniel Vetter
2018-09-11 12:12 ` Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180822125736.GV164269@art_vandelay \
--to=sean@poorly.run \
--cc=airlied@linux.ie \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavo@padovan.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=john.stultz@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=noralf@tronnes.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.