* [PATCH v2] drm/radeon: have the callers of set_memory_*() check the return value
@ 2020-02-03 16:18 Tianlin Li
2020-02-03 17:16 ` Christian König
0 siblings, 1 reply; 3+ messages in thread
From: Tianlin Li @ 2020-02-03 16:18 UTC (permalink / raw)
To: kernel-hardening
Cc: keescook, Alex Deucher, christian.koenig, David1.Zhou,
David Airlie, Daniel Vetter, amd-gfx, dri-devel, linux-kernel,
Tianlin Li
Right now several architectures allow their set_memory_*() family of
functions to fail, but callers may not be checking the return values.
If set_memory_*() returns with an error, call-site assumptions may be
infact wrong to assume that it would either succeed or not succeed at
all. Ideally, the failure of set_memory_*() should be passed up the
call stack, and callers should examine the failure and deal with it.
Need to fix the callers and add the __must_check attribute. They also
may not provide any level of atomicity, in the sense that the memory
protections may be left incomplete on failure. This issue likely has a
few steps on effects architectures:
1)Have all callers of set_memory_*() helpers check the return value.
2)Add __must_check to all set_memory_*() helpers so that new uses do
not ignore the return value.
3)Add atomicity to the calls so that the memory protections aren't left
in a partial state.
This series is part of step 1. Make drm/radeon check the return value of
set_memory_*().
Signed-off-by: Tianlin Li <tli@digitalocean.com>
---
v2:
The hardware is too old to be tested on and the code cannot be simply
removed from the kernel, so this is the solution for the short term.
- Just print an error when something goes wrong
- Remove patch 2.
v1:
https://lore.kernel.org/lkml/20200107192555.20606-1-tli@digitalocean.com/
---
drivers/gpu/drm/radeon/radeon_gart.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_gart.c b/drivers/gpu/drm/radeon/radeon_gart.c
index f178ba321715..a2cc864aa08d 100644
--- a/drivers/gpu/drm/radeon/radeon_gart.c
+++ b/drivers/gpu/drm/radeon/radeon_gart.c
@@ -80,8 +80,9 @@ int radeon_gart_table_ram_alloc(struct radeon_device *rdev)
#ifdef CONFIG_X86
if (rdev->family == CHIP_RS400 || rdev->family == CHIP_RS480 ||
rdev->family == CHIP_RS690 || rdev->family == CHIP_RS740) {
- set_memory_uc((unsigned long)ptr,
- rdev->gart.table_size >> PAGE_SHIFT);
+ if (set_memory_uc((unsigned long)ptr,
+ rdev->gart.table_size >> PAGE_SHIFT))
+ DRM_ERROR("set_memory_uc failed.\n");
}
#endif
rdev->gart.ptr = ptr;
@@ -106,8 +107,9 @@ void radeon_gart_table_ram_free(struct radeon_device *rdev)
#ifdef CONFIG_X86
if (rdev->family == CHIP_RS400 || rdev->family == CHIP_RS480 ||
rdev->family == CHIP_RS690 || rdev->family == CHIP_RS740) {
- set_memory_wb((unsigned long)rdev->gart.ptr,
- rdev->gart.table_size >> PAGE_SHIFT);
+ if (set_memory_wb((unsigned long)rdev->gart.ptr,
+ rdev->gart.table_size >> PAGE_SHIFT))
+ DRM_ERROR("set_memory_wb failed.\n");
}
#endif
pci_free_consistent(rdev->pdev, rdev->gart.table_size,
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] drm/radeon: have the callers of set_memory_*() check the return value
2020-02-03 16:18 [PATCH v2] drm/radeon: have the callers of set_memory_*() check the return value Tianlin Li
@ 2020-02-03 17:16 ` Christian König
2020-02-03 20:44 ` Tianlin Li
0 siblings, 1 reply; 3+ messages in thread
From: Christian König @ 2020-02-03 17:16 UTC (permalink / raw)
To: Tianlin Li, kernel-hardening
Cc: keescook, Alex Deucher, David1.Zhou, David Airlie, Daniel Vetter,
amd-gfx, dri-devel, linux-kernel
Am 03.02.20 um 17:18 schrieb Tianlin Li:
> Right now several architectures allow their set_memory_*() family of
> functions to fail,
Oh, that is a detail I previously didn't recognized. Which architectures
are that?
Cause the RS400/480, RS690 and RS740 which are affected by this are
integrated in the south-bridge.
> but callers may not be checking the return values.
> If set_memory_*() returns with an error, call-site assumptions may be
> infact wrong to assume that it would either succeed or not succeed at
> all. Ideally, the failure of set_memory_*() should be passed up the
> call stack, and callers should examine the failure and deal with it.
>
> Need to fix the callers and add the __must_check attribute. They also
> may not provide any level of atomicity, in the sense that the memory
> protections may be left incomplete on failure. This issue likely has a
> few steps on effects architectures:
> 1)Have all callers of set_memory_*() helpers check the return value.
> 2)Add __must_check to all set_memory_*() helpers so that new uses do
> not ignore the return value.
> 3)Add atomicity to the calls so that the memory protections aren't left
> in a partial state.
>
> This series is part of step 1. Make drm/radeon check the return value of
> set_memory_*().
>
> Signed-off-by: Tianlin Li <tli@digitalocean.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
> ---
> v2:
> The hardware is too old to be tested on and the code cannot be simply
> removed from the kernel, so this is the solution for the short term.
> - Just print an error when something goes wrong
> - Remove patch 2.
> v1:
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flkml%2F20200107192555.20606-1-tli%40digitalocean.com%2F&data=02%7C01%7Cchristian.koenig%40amd.com%7Cba2176d2ca834214e6b108d7a8c4bb1d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637163435227030235&sdata=mDhUEi3vmxahjsdrZOr83OEIWNBHefO8lkXST%2FW32CE%3D&reserved=0
> ---
> drivers/gpu/drm/radeon/radeon_gart.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_gart.c b/drivers/gpu/drm/radeon/radeon_gart.c
> index f178ba321715..a2cc864aa08d 100644
> --- a/drivers/gpu/drm/radeon/radeon_gart.c
> +++ b/drivers/gpu/drm/radeon/radeon_gart.c
> @@ -80,8 +80,9 @@ int radeon_gart_table_ram_alloc(struct radeon_device *rdev)
> #ifdef CONFIG_X86
> if (rdev->family == CHIP_RS400 || rdev->family == CHIP_RS480 ||
> rdev->family == CHIP_RS690 || rdev->family == CHIP_RS740) {
> - set_memory_uc((unsigned long)ptr,
> - rdev->gart.table_size >> PAGE_SHIFT);
> + if (set_memory_uc((unsigned long)ptr,
> + rdev->gart.table_size >> PAGE_SHIFT))
> + DRM_ERROR("set_memory_uc failed.\n");
> }
> #endif
> rdev->gart.ptr = ptr;
> @@ -106,8 +107,9 @@ void radeon_gart_table_ram_free(struct radeon_device *rdev)
> #ifdef CONFIG_X86
> if (rdev->family == CHIP_RS400 || rdev->family == CHIP_RS480 ||
> rdev->family == CHIP_RS690 || rdev->family == CHIP_RS740) {
> - set_memory_wb((unsigned long)rdev->gart.ptr,
> - rdev->gart.table_size >> PAGE_SHIFT);
> + if (set_memory_wb((unsigned long)rdev->gart.ptr,
> + rdev->gart.table_size >> PAGE_SHIFT))
> + DRM_ERROR("set_memory_wb failed.\n");
> }
> #endif
> pci_free_consistent(rdev->pdev, rdev->gart.table_size,
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] drm/radeon: have the callers of set_memory_*() check the return value
2020-02-03 17:16 ` Christian König
@ 2020-02-03 20:44 ` Tianlin Li
0 siblings, 0 replies; 3+ messages in thread
From: Tianlin Li @ 2020-02-03 20:44 UTC (permalink / raw)
To: Christian König
Cc: kernel-hardening, Kees Cook, Alex Deucher, David1.Zhou,
David Airlie, Daniel Vetter, amd-gfx, dri-devel, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 4216 bytes --]
> On Feb 3, 2020, at 11:16 AM, Christian König <christian.koenig@amd.com> wrote:
>
> Am 03.02.20 um 17:18 schrieb Tianlin Li:
>> Right now several architectures allow their set_memory_*() family of
>> functions to fail,
>
> Oh, that is a detail I previously didn't recognized. Which architectures are that?
>
> Cause the RS400/480, RS690 and RS740 which are affected by this are integrated in the south-bridge.
At least x86 is.
Some details: https://lore.kernel.org/netdev/20180628213459.28631-4-daniel@iogearbox.net/ <https://lore.kernel.org/netdev/20180628213459.28631-4-daniel@iogearbox.net/>
>> but callers may not be checking the return values.
>> If set_memory_*() returns with an error, call-site assumptions may be
>> infact wrong to assume that it would either succeed or not succeed at
>> all. Ideally, the failure of set_memory_*() should be passed up the
>> call stack, and callers should examine the failure and deal with it.
>>
>> Need to fix the callers and add the __must_check attribute. They also
>> may not provide any level of atomicity, in the sense that the memory
>> protections may be left incomplete on failure. This issue likely has a
>> few steps on effects architectures:
>> 1)Have all callers of set_memory_*() helpers check the return value.
>> 2)Add __must_check to all set_memory_*() helpers so that new uses do
>> not ignore the return value.
>> 3)Add atomicity to the calls so that the memory protections aren't left
>> in a partial state.
>>
>> This series is part of step 1. Make drm/radeon check the return value of
>> set_memory_*().
>>
>> Signed-off-by: Tianlin Li <tli@digitalocean.com>
>
> Reviewed-by: Christian König <christian.koenig@amd.com <mailto:christian.koenig@amd.com>>
>
>> ---
>> v2:
>> The hardware is too old to be tested on and the code cannot be simply
>> removed from the kernel, so this is the solution for the short term.
>> - Just print an error when something goes wrong
>> - Remove patch 2.
>> v1:
>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flkml%2F20200107192555.20606-1-tli%40digitalocean.com%2F&data=02%7C01%7Cchristian.koenig%40amd.com%7Cba2176d2ca834214e6b108d7a8c4bb1d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637163435227030235&sdata=mDhUEi3vmxahjsdrZOr83OEIWNBHefO8lkXST%2FW32CE%3D&reserved=0 <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flkml%2F20200107192555.20606-1-tli%40digitalocean.com%2F&data=02%7C01%7Cchristian.koenig%40amd.com%7Cba2176d2ca834214e6b108d7a8c4bb1d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637163435227030235&sdata=mDhUEi3vmxahjsdrZOr83OEIWNBHefO8lkXST%2FW32CE%3D&reserved=0>
>> ---
>> drivers/gpu/drm/radeon/radeon_gart.c | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/radeon/radeon_gart.c b/drivers/gpu/drm/radeon/radeon_gart.c
>> index f178ba321715..a2cc864aa08d 100644
>> --- a/drivers/gpu/drm/radeon/radeon_gart.c
>> +++ b/drivers/gpu/drm/radeon/radeon_gart.c
>> @@ -80,8 +80,9 @@ int radeon_gart_table_ram_alloc(struct radeon_device *rdev)
>> #ifdef CONFIG_X86
>> if (rdev->family == CHIP_RS400 || rdev->family == CHIP_RS480 ||
>> rdev->family == CHIP_RS690 || rdev->family == CHIP_RS740) {
>> - set_memory_uc((unsigned long)ptr,
>> - rdev->gart.table_size >> PAGE_SHIFT);
>> + if (set_memory_uc((unsigned long)ptr,
>> + rdev->gart.table_size >> PAGE_SHIFT))
>> + DRM_ERROR("set_memory_uc failed.\n");
>> }
>> #endif
>> rdev->gart.ptr = ptr;
>> @@ -106,8 +107,9 @@ void radeon_gart_table_ram_free(struct radeon_device *rdev)
>> #ifdef CONFIG_X86
>> if (rdev->family == CHIP_RS400 || rdev->family == CHIP_RS480 ||
>> rdev->family == CHIP_RS690 || rdev->family == CHIP_RS740) {
>> - set_memory_wb((unsigned long)rdev->gart.ptr,
>> - rdev->gart.table_size >> PAGE_SHIFT);
>> + if (set_memory_wb((unsigned long)rdev->gart.ptr,
>> + rdev->gart.table_size >> PAGE_SHIFT))
>> + DRM_ERROR("set_memory_wb failed.\n");
>> }
>> #endif
>> pci_free_consistent(rdev->pdev, rdev->gart.table_size,
[-- Attachment #2: Type: text/html, Size: 14177 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-02-03 20:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-03 16:18 [PATCH v2] drm/radeon: have the callers of set_memory_*() check the return value Tianlin Li
2020-02-03 17:16 ` Christian König
2020-02-03 20:44 ` Tianlin Li
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).