All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/1] drm/ttm: Fix COW check
@ 2021-07-10  0:28 ` Felix Kuehling
  0 siblings, 0 replies; 4+ messages in thread
From: Felix Kuehling @ 2021-07-10  0:28 UTC (permalink / raw)
  To: amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
is_cow_mapping returns true for these mappings. Add a check for
vm_flags & VM_WRITE to avoid mmap failures on private read-only or
PROT_NONE mappings.

v2: protect against mprotect making a mapping writable after the fact

Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
---
 drivers/gpu/drm/ttm/ttm_bo_vm.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index f56be5bc0861..9ad211ede611 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -542,17 +542,28 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
 }
 EXPORT_SYMBOL(ttm_bo_vm_access);
 
+static int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
+			      unsigned long end, unsigned long newflags)
+{
+	/* Enforce no COW since would have really strange behavior with it. */
+	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
+		return -EINVAL;
+
+	return 0;
+}
+
 static const struct vm_operations_struct ttm_bo_vm_ops = {
 	.fault = ttm_bo_vm_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
 	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect,
 };
 
 int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
 {
 	/* Enforce no COW since would have really strange behavior with it. */
-	if (is_cow_mapping(vma->vm_flags))
+	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
 		return -EINVAL;
 
 	ttm_bo_get(bo);
-- 
2.32.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 1/1] drm/ttm: Fix COW check
@ 2021-07-10  0:28 ` Felix Kuehling
  0 siblings, 0 replies; 4+ messages in thread
From: Felix Kuehling @ 2021-07-10  0:28 UTC (permalink / raw)
  To: amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
is_cow_mapping returns true for these mappings. Add a check for
vm_flags & VM_WRITE to avoid mmap failures on private read-only or
PROT_NONE mappings.

v2: protect against mprotect making a mapping writable after the fact

Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
---
 drivers/gpu/drm/ttm/ttm_bo_vm.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index f56be5bc0861..9ad211ede611 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -542,17 +542,28 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
 }
 EXPORT_SYMBOL(ttm_bo_vm_access);
 
+static int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
+			      unsigned long end, unsigned long newflags)
+{
+	/* Enforce no COW since would have really strange behavior with it. */
+	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
+		return -EINVAL;
+
+	return 0;
+}
+
 static const struct vm_operations_struct ttm_bo_vm_ops = {
 	.fault = ttm_bo_vm_fault,
 	.open = ttm_bo_vm_open,
 	.close = ttm_bo_vm_close,
 	.access = ttm_bo_vm_access,
+	.mprotect = ttm_bo_vm_mprotect,
 };
 
 int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
 {
 	/* Enforce no COW since would have really strange behavior with it. */
-	if (is_cow_mapping(vma->vm_flags))
+	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
 		return -EINVAL;
 
 	ttm_bo_get(bo);
-- 
2.32.0

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] drm/ttm: Fix COW check
  2021-07-10  0:28 ` Felix Kuehling
@ 2021-07-12  9:30   ` Christian König
  -1 siblings, 0 replies; 4+ messages in thread
From: Christian König @ 2021-07-12  9:30 UTC (permalink / raw)
  To: Felix Kuehling, amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

Am 10.07.21 um 02:28 schrieb Felix Kuehling:
> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> is_cow_mapping returns true for these mappings. Add a check for
> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> PROT_NONE mappings.
>
> v2: protect against mprotect making a mapping writable after the fact
>
> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> ---
>   drivers/gpu/drm/ttm/ttm_bo_vm.c | 13 ++++++++++++-
>   1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index f56be5bc0861..9ad211ede611 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -542,17 +542,28 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>   }
>   EXPORT_SYMBOL(ttm_bo_vm_access);
>   
> +static int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +			      unsigned long end, unsigned long newflags)
> +{
> +	/* Enforce no COW since would have really strange behavior with it. */
> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +
>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>   	.fault = ttm_bo_vm_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
>   	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect,

The problem is most drivers implement their own copy of this structure.

You need to add this to those occasions as well, just search for 
references to ttm_bo_vm_open.

Regards,
Christian.

>   };
>   
>   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>   {
>   	/* Enforce no COW since would have really strange behavior with it. */
> -	if (is_cow_mapping(vma->vm_flags))
> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>   		return -EINVAL;
>   
>   	ttm_bo_get(bo);


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] drm/ttm: Fix COW check
@ 2021-07-12  9:30   ` Christian König
  0 siblings, 0 replies; 4+ messages in thread
From: Christian König @ 2021-07-12  9:30 UTC (permalink / raw)
  To: Felix Kuehling, amd-gfx, dri-devel; +Cc: Alex Deucher, christian.koenig

Am 10.07.21 um 02:28 schrieb Felix Kuehling:
> KFD Thunk maps invisible VRAM BOs with PROT_NONE, MAP_PRIVATE.
> is_cow_mapping returns true for these mappings. Add a check for
> vm_flags & VM_WRITE to avoid mmap failures on private read-only or
> PROT_NONE mappings.
>
> v2: protect against mprotect making a mapping writable after the fact
>
> Fixes: f91142c62161 ("drm/ttm: nuke VM_MIXEDMAP on BO mappings v3")
> Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
> ---
>   drivers/gpu/drm/ttm/ttm_bo_vm.c | 13 ++++++++++++-
>   1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> index f56be5bc0861..9ad211ede611 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
> @@ -542,17 +542,28 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
>   }
>   EXPORT_SYMBOL(ttm_bo_vm_access);
>   
> +static int ttm_bo_vm_mprotect(struct vm_area_struct *vma, unsigned long start,
> +			      unsigned long end, unsigned long newflags)
> +{
> +	/* Enforce no COW since would have really strange behavior with it. */
> +	if (is_cow_mapping(newflags) && (newflags & VM_WRITE))
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +
>   static const struct vm_operations_struct ttm_bo_vm_ops = {
>   	.fault = ttm_bo_vm_fault,
>   	.open = ttm_bo_vm_open,
>   	.close = ttm_bo_vm_close,
>   	.access = ttm_bo_vm_access,
> +	.mprotect = ttm_bo_vm_mprotect,

The problem is most drivers implement their own copy of this structure.

You need to add this to those occasions as well, just search for 
references to ttm_bo_vm_open.

Regards,
Christian.

>   };
>   
>   int ttm_bo_mmap_obj(struct vm_area_struct *vma, struct ttm_buffer_object *bo)
>   {
>   	/* Enforce no COW since would have really strange behavior with it. */
> -	if (is_cow_mapping(vma->vm_flags))
> +	if (is_cow_mapping(vma->vm_flags) && (vma->vm_flags & VM_WRITE))
>   		return -EINVAL;
>   
>   	ttm_bo_get(bo);

_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-12  9:30 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-10  0:28 [PATCH 1/1] drm/ttm: Fix COW check Felix Kuehling
2021-07-10  0:28 ` Felix Kuehling
2021-07-12  9:30 ` Christian König
2021-07-12  9:30   ` Christian König

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.