From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com
Cc: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
dri-devel@lists.freedesktop.org, intel-gfx@lists.freedesktop.org,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org, skhan@linuxfoundation.org,
gregkh@linuxfoundation.org,
linux-kernel-mentees@lists.linuxfoundation.org,
emil.l.velikov@gmail.com
Subject: [PATCH v6 2/4] drm: avoid circular locks in __drm_mode_object_find
Date: Wed, 30 Jun 2021 22:54:02 +0800 [thread overview]
Message-ID: <20210630145404.5958-3-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210630145404.5958-1-desmondcheongzx@gmail.com>
In a future patch, _drm_lease_held will dereference drm_file->master
only after making a call to drm_file_get_master which increments the
reference count of drm_file->master while holding a lock on
drm_device.master_mutex.
In preparation for this, the call to _drm_lease_held should be moved
out from the section locked by &dev->mode_config.idr_mutex. This
avoids inverting the lock hierarchy for
&dev->master_mutex --> &dev->mode_config.idr_mutex
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_mode_object.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c
index b26588b52795..63d35f1f98dd 100644
--- a/drivers/gpu/drm/drm_mode_object.c
+++ b/drivers/gpu/drm/drm_mode_object.c
@@ -146,16 +146,18 @@ struct drm_mode_object *__drm_mode_object_find(struct drm_device *dev,
if (obj && obj->id != id)
obj = NULL;
- if (obj && drm_mode_object_lease_required(obj->type) &&
- !_drm_lease_held(file_priv, obj->id))
- obj = NULL;
-
if (obj && obj->free_cb) {
if (!kref_get_unless_zero(&obj->refcount))
obj = NULL;
}
mutex_unlock(&dev->mode_config.idr_mutex);
+ if (obj && drm_mode_object_lease_required(obj->type) &&
+ !_drm_lease_held(file_priv, obj->id)) {
+ drm_mode_object_put(obj);
+ obj = NULL;
+ }
+
return obj;
}
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com
Cc: intel-gfx@lists.freedesktop.org, emil.l.velikov@gmail.com,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
linaro-mm-sig@lists.linaro.org,
Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
linux-media@vger.kernel.org
Subject: [PATCH v6 2/4] drm: avoid circular locks in __drm_mode_object_find
Date: Wed, 30 Jun 2021 22:54:02 +0800 [thread overview]
Message-ID: <20210630145404.5958-3-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210630145404.5958-1-desmondcheongzx@gmail.com>
In a future patch, _drm_lease_held will dereference drm_file->master
only after making a call to drm_file_get_master which increments the
reference count of drm_file->master while holding a lock on
drm_device.master_mutex.
In preparation for this, the call to _drm_lease_held should be moved
out from the section locked by &dev->mode_config.idr_mutex. This
avoids inverting the lock hierarchy for
&dev->master_mutex --> &dev->mode_config.idr_mutex
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_mode_object.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c
index b26588b52795..63d35f1f98dd 100644
--- a/drivers/gpu/drm/drm_mode_object.c
+++ b/drivers/gpu/drm/drm_mode_object.c
@@ -146,16 +146,18 @@ struct drm_mode_object *__drm_mode_object_find(struct drm_device *dev,
if (obj && obj->id != id)
obj = NULL;
- if (obj && drm_mode_object_lease_required(obj->type) &&
- !_drm_lease_held(file_priv, obj->id))
- obj = NULL;
-
if (obj && obj->free_cb) {
if (!kref_get_unless_zero(&obj->refcount))
obj = NULL;
}
mutex_unlock(&dev->mode_config.idr_mutex);
+ if (obj && drm_mode_object_lease_required(obj->type) &&
+ !_drm_lease_held(file_priv, obj->id)) {
+ drm_mode_object_put(obj);
+ obj = NULL;
+ }
+
return obj;
}
--
2.25.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
WARNING: multiple messages have this Message-ID (diff)
From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com
Cc: gregkh@linuxfoundation.org, intel-gfx@lists.freedesktop.org,
emil.l.velikov@gmail.com, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
skhan@linuxfoundation.org,
Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
linux-media@vger.kernel.org
Subject: [PATCH v6 2/4] drm: avoid circular locks in __drm_mode_object_find
Date: Wed, 30 Jun 2021 22:54:02 +0800 [thread overview]
Message-ID: <20210630145404.5958-3-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210630145404.5958-1-desmondcheongzx@gmail.com>
In a future patch, _drm_lease_held will dereference drm_file->master
only after making a call to drm_file_get_master which increments the
reference count of drm_file->master while holding a lock on
drm_device.master_mutex.
In preparation for this, the call to _drm_lease_held should be moved
out from the section locked by &dev->mode_config.idr_mutex. This
avoids inverting the lock hierarchy for
&dev->master_mutex --> &dev->mode_config.idr_mutex
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_mode_object.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c
index b26588b52795..63d35f1f98dd 100644
--- a/drivers/gpu/drm/drm_mode_object.c
+++ b/drivers/gpu/drm/drm_mode_object.c
@@ -146,16 +146,18 @@ struct drm_mode_object *__drm_mode_object_find(struct drm_device *dev,
if (obj && obj->id != id)
obj = NULL;
- if (obj && drm_mode_object_lease_required(obj->type) &&
- !_drm_lease_held(file_priv, obj->id))
- obj = NULL;
-
if (obj && obj->free_cb) {
if (!kref_get_unless_zero(&obj->refcount))
obj = NULL;
}
mutex_unlock(&dev->mode_config.idr_mutex);
+ if (obj && drm_mode_object_lease_required(obj->type) &&
+ !_drm_lease_held(file_priv, obj->id)) {
+ drm_mode_object_put(obj);
+ obj = NULL;
+ }
+
return obj;
}
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
To: maarten.lankhorst@linux.intel.com, mripard@kernel.org,
tzimmermann@suse.de, airlied@linux.ie, daniel@ffwll.ch,
sumit.semwal@linaro.org, christian.koenig@amd.com
Cc: gregkh@linuxfoundation.org, intel-gfx@lists.freedesktop.org,
linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
linaro-mm-sig@lists.linaro.org, skhan@linuxfoundation.org,
Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>,
linux-kernel-mentees@lists.linuxfoundation.org,
linux-media@vger.kernel.org
Subject: [Intel-gfx] [PATCH v6 2/4] drm: avoid circular locks in __drm_mode_object_find
Date: Wed, 30 Jun 2021 22:54:02 +0800 [thread overview]
Message-ID: <20210630145404.5958-3-desmondcheongzx@gmail.com> (raw)
In-Reply-To: <20210630145404.5958-1-desmondcheongzx@gmail.com>
In a future patch, _drm_lease_held will dereference drm_file->master
only after making a call to drm_file_get_master which increments the
reference count of drm_file->master while holding a lock on
drm_device.master_mutex.
In preparation for this, the call to _drm_lease_held should be moved
out from the section locked by &dev->mode_config.idr_mutex. This
avoids inverting the lock hierarchy for
&dev->master_mutex --> &dev->mode_config.idr_mutex
Signed-off-by: Desmond Cheong Zhi Xi <desmondcheongzx@gmail.com>
---
drivers/gpu/drm/drm_mode_object.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c
index b26588b52795..63d35f1f98dd 100644
--- a/drivers/gpu/drm/drm_mode_object.c
+++ b/drivers/gpu/drm/drm_mode_object.c
@@ -146,16 +146,18 @@ struct drm_mode_object *__drm_mode_object_find(struct drm_device *dev,
if (obj && obj->id != id)
obj = NULL;
- if (obj && drm_mode_object_lease_required(obj->type) &&
- !_drm_lease_held(file_priv, obj->id))
- obj = NULL;
-
if (obj && obj->free_cb) {
if (!kref_get_unless_zero(&obj->refcount))
obj = NULL;
}
mutex_unlock(&dev->mode_config.idr_mutex);
+ if (obj && drm_mode_object_lease_required(obj->type) &&
+ !_drm_lease_held(file_priv, obj->id)) {
+ drm_mode_object_put(obj);
+ obj = NULL;
+ }
+
return obj;
}
--
2.25.1
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2021-06-30 14:55 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-30 14:54 [PATCH v6 0/4] drm: address potential UAF bugs with drm_master ptrs Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [PATCH v6 1/4] drm: avoid circular locks in drm_mode_getconnector Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi [this message]
2021-06-30 14:54 ` [Intel-gfx] [PATCH v6 2/4] drm: avoid circular locks in __drm_mode_object_find Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [PATCH v6 3/4] drm: add a locked version of drm_is_current_master Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [PATCH v6 4/4] drm: protect drm_master pointers in drm_lease.c Desmond Cheong Zhi Xi
2021-06-30 14:54 ` [Intel-gfx] " Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 14:54 ` Desmond Cheong Zhi Xi
2021-06-30 18:18 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for drm: address potential UAF bugs with drm_master ptrs Patchwork
2021-06-30 18:31 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-07-01 1:04 ` [Intel-gfx] ✗ Fi.CI.IGT: failure " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210630145404.5958-3-desmondcheongzx@gmail.com \
--to=desmondcheongzx@gmail.com \
--cc=airlied@linux.ie \
--cc=christian.koenig@amd.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=emil.l.velikov@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mripard@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=sumit.semwal@linaro.org \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.