On 7/6/22 00:48, Rob Clark wrote: > On Tue, Jul 5, 2022 at 4:51 AM Christian König <christian.koenig@xxxxxxx> wrote: >> >> Am 01.07.22 um 11:02 schrieb Dmitry Osipenko: >>> Drivers that use drm_gem_mmap() and drm_gem_mmap_obj() helpers don't >>> handle imported dma-bufs properly, which results in mapping of something >>> else than the imported dma-buf. On NVIDIA Tegra we get a hard lockup when >>> userspace writes to the memory mapping of a dma-buf that was imported into >>> Tegra's DRM GEM. >>> >>> Majority of DRM drivers prohibit mapping of the imported GEM objects. >>> Mapping of imported GEMs require special care from userspace since it >>> should sync dma-buf because mapping coherency of the exporter device may >>> not match the DRM device. Let's prohibit the mapping for all DRM drivers >>> for consistency. >>> >>> Suggested-by: Thomas Hellström <thomas.hellstrom@xxxxxxxxxxxxxxx> >>> Signed-off-by: Dmitry Osipenko <dmitry.osipenko@xxxxxxxxxxxxx> >> >> I'm pretty sure that this is the right approach, but it's certainly more >> than possible that somebody abused this already. > > I suspect that this is abused if you run deqp cts on android.. ie. all > winsys buffers are dma-buf imports from gralloc. And then when you > hit readpix... > > You might only hit this in scenarios with separate gpu and display (or > dGPU+iGPU) because self-imports are handled differently in > drm_gem_prime_import_dev().. and maybe not in cases where you end up > with a blit from tiled/compressed to linear.. maybe that narrows the > scope enough to just fix it in userspace? Given that that only drivers which use DRM-SHMEM potentially could've map imported dma-bufs (Panfrost, Lima) and they already don't allow to do that, I think we're good. -- Best regards, Dmitry
