On Tue, Feb 16, 2021 at 7:30 PM John Stultz <john.stultz@xxxxxxxxxx> wrote:
>
> On Wed, Jan 13, 2021 at 6:06 AM Daniel Vetter <daniel.vetter@xxxxxxxx> wrote:
> >
> > We have too many people abusing the struct page they can get at but
> > really shouldn't in importers. Aside from that the backing page might
> > simply not exist (for dynamic p2p mappings) looking at it and using it
> > e.g. for mmap can also wreak the page handling of the exporter
> > completely. Importers really must go through the proper interface like
> > dma_buf_mmap for everything.
> >
> > Just an RFC to see whether this idea has some stickiness. default y
> > for now to make sure intel-gfx-ci picks it up too.
> >
> > I'm semi-tempted to enforce this for dynamic importers since those
> > really have no excuse at all to break the rules.
> >
> > Unfortuantely we can't store the right pointers somewhere safe to make
> > sure we oops on something recognizable, so best is to just wrangle
> > them a bit by flipping all the bits. At least on x86 kernel addresses
> > have all their high bits sets and the struct page array is fairly low
> > in the kernel mapping, so flipping all the bits gives us a very high
> > pointer in userspace and hence excellent chances for an invalid
> > dereference.
> >
> > Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx>
> > Cc: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
> > Cc: "Christian König" <christian.koenig@xxxxxxx>
> > Cc: David Stevens <stevensd@xxxxxxxxxxxx>
> > Cc: linux-media@xxxxxxxxxxxxxxx
> > Cc: linaro-mm-sig@xxxxxxxxxxxxxxxx
> > ---
> > drivers/dma-buf/Kconfig | 8 +++++++
> > drivers/dma-buf/dma-buf.c | 49 +++++++++++++++++++++++++++++++++++----
> > 2 files changed, 53 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig
> > index 4f8224a6ac95..cddb549e5e59 100644
> > --- a/drivers/dma-buf/Kconfig
> > +++ b/drivers/dma-buf/Kconfig
> > @@ -50,6 +50,14 @@ config DMABUF_MOVE_NOTIFY
> > This is marked experimental because we don't yet have a consistent
> > execution context and memory management between drivers.
> >
> > +config DMABUF_DEBUG
> > + bool "DMA-BUF debug checks"
> > + default y
> > + help
> > + This option enables additional checks for DMA-BUF importers and
> > + exporters. Specifically it validates that importers do not peek at the
> > + underlying struct page when they import a buffer.
> > +
> > config DMABUF_SELFTESTS
> > tristate "Selftests for the dma-buf interfaces"
> > default n
> > diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
> > index 1c9bd51db110..6e4725f7dfde 100644
> > --- a/drivers/dma-buf/dma-buf.c
> > +++ b/drivers/dma-buf/dma-buf.c
> > @@ -666,6 +666,30 @@ void dma_buf_put(struct dma_buf *dmabuf)
> > }
> > EXPORT_SYMBOL_GPL(dma_buf_put);
> >
> > +static struct sg_table * __map_dma_buf(struct dma_buf_attachment *attach,
> > + enum dma_data_direction direction)
> > +{
> > + struct sg_table *sg_table;
> > +
> > + sg_table = attach->dmabuf->ops->map_dma_buf(attach, direction);
> > +
> > +#if CONFIG_DMABUF_DEBUG
>
>
> Hey Daniel,
> I just noticed a build warning in a tree I pulled this patch into.
> You probably want to use #ifdef here, as if its not defined we see:
> drivers/dma-buf/dma-buf.c:813:5: warning: "CONFIG_DMABUF_DEBUG" is not
> defined, evaluates to 0 [-Wundef]
>
Nevermind. I see its already fixed in drm-misc-next.
thanks
-john
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
