From: John Stultz <john.stultz@linaro.org>
To: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: "Intel Graphics Development" <intel-gfx@lists.freedesktop.org>,
"DRI Development" <dri-devel@lists.freedesktop.org>,
"moderated list:DMA BUFFER SHARING FRAMEWORK"
<linaro-mm-sig@lists.linaro.org>,
"David Stevens" <stevensd@chromium.org>,
"Daniel Vetter" <daniel.vetter@intel.com>,
"Christian König" <christian.koenig@amd.com>,
linux-media <linux-media@vger.kernel.org>
Subject: Re: [PATCH] drm-buf: Add debug option
Date: Tue, 16 Feb 2021 19:30:34 -0800 [thread overview]
Message-ID: <CALAqxLWqgLXxry8FhVSK9xC2geiPOA+fTdC-oRENS9iG5AJz=A@mail.gmail.com> (raw)
In-Reply-To: <20210113140604.3615437-1-daniel.vetter@ffwll.ch>
On Wed, Jan 13, 2021 at 6:06 AM Daniel Vetter <daniel.vetter@ffwll.ch> wrote:
>
> We have too many people abusing the struct page they can get at but
> really shouldn't in importers. Aside from that the backing page might
> simply not exist (for dynamic p2p mappings) looking at it and using it
> e.g. for mmap can also wreak the page handling of the exporter
> completely. Importers really must go through the proper interface like
> dma_buf_mmap for everything.
>
> Just an RFC to see whether this idea has some stickiness. default y
> for now to make sure intel-gfx-ci picks it up too.
>
> I'm semi-tempted to enforce this for dynamic importers since those
> really have no excuse at all to break the rules.
>
> Unfortuantely we can't store the right pointers somewhere safe to make
> sure we oops on something recognizable, so best is to just wrangle
> them a bit by flipping all the bits. At least on x86 kernel addresses
> have all their high bits sets and the struct page array is fairly low
> in the kernel mapping, so flipping all the bits gives us a very high
> pointer in userspace and hence excellent chances for an invalid
> dereference.
>
> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
> Cc: Sumit Semwal <sumit.semwal@linaro.org>
> Cc: "Christian König" <christian.koenig@amd.com>
> Cc: David Stevens <stevensd@chromium.org>
> Cc: linux-media@vger.kernel.org
> Cc: linaro-mm-sig@lists.linaro.org
> ---
> drivers/dma-buf/Kconfig | 8 +++++++
> drivers/dma-buf/dma-buf.c | 49 +++++++++++++++++++++++++++++++++++----
> 2 files changed, 53 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig
> index 4f8224a6ac95..cddb549e5e59 100644
> --- a/drivers/dma-buf/Kconfig
> +++ b/drivers/dma-buf/Kconfig
> @@ -50,6 +50,14 @@ config DMABUF_MOVE_NOTIFY
> This is marked experimental because we don't yet have a consistent
> execution context and memory management between drivers.
>
> +config DMABUF_DEBUG
> + bool "DMA-BUF debug checks"
> + default y
> + help
> + This option enables additional checks for DMA-BUF importers and
> + exporters. Specifically it validates that importers do not peek at the
> + underlying struct page when they import a buffer.
> +
> config DMABUF_SELFTESTS
> tristate "Selftests for the dma-buf interfaces"
> default n
> diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
> index 1c9bd51db110..6e4725f7dfde 100644
> --- a/drivers/dma-buf/dma-buf.c
> +++ b/drivers/dma-buf/dma-buf.c
> @@ -666,6 +666,30 @@ void dma_buf_put(struct dma_buf *dmabuf)
> }
> EXPORT_SYMBOL_GPL(dma_buf_put);
>
> +static struct sg_table * __map_dma_buf(struct dma_buf_attachment *attach,
> + enum dma_data_direction direction)
> +{
> + struct sg_table *sg_table;
> +
> + sg_table = attach->dmabuf->ops->map_dma_buf(attach, direction);
> +
> +#if CONFIG_DMABUF_DEBUG
Hey Daniel,
I just noticed a build warning in a tree I pulled this patch into.
You probably want to use #ifdef here, as if its not defined we see:
drivers/dma-buf/dma-buf.c:813:5: warning: "CONFIG_DMABUF_DEBUG" is not
defined, evaluates to 0 [-Wundef]
thanks
-john
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2021-02-17 3:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-13 14:06 [PATCH] drm-buf: Add debug option Daniel Vetter
2021-01-13 15:43 ` [Intel-gfx] " Chris Wilson
2021-01-13 20:50 ` Daniel Vetter
2021-01-13 21:08 ` Chris Wilson
2021-01-14 9:02 ` Daniel Vetter
2021-01-14 9:23 ` Chris Wilson
2021-01-14 9:30 ` Daniel Vetter
2021-01-14 9:45 ` Chris Wilson
2021-01-14 9:47 ` Daniel Vetter
2021-01-15 8:25 ` Chris Wilson
2021-01-15 20:08 ` John Stultz
2021-02-17 3:30 ` John Stultz [this message]
2021-02-17 3:34 ` John Stultz
2021-01-15 13:02 Daniel Vetter
2021-01-15 15:36 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALAqxLWqgLXxry8FhVSK9xC2geiPOA+fTdC-oRENS9iG5AJz=A@mail.gmail.com' \
--to=john.stultz@linaro.org \
--cc=christian.koenig@amd.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel.vetter@intel.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-media@vger.kernel.org \
--cc=stevensd@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).