Hi,
On 9/7/23 16:37, Christian König wrote:
Am 07.09.23 um 15:53 schrieb Thomas Hellström:
While trying to replicate a weird drm_exec lock alloc tracking warning
using the drm_exec kunit test, the warning was shadowed by a UAF warning
from KASAN due to a bug in the drm kunit helpers.
Patch 1 fixes that drm kunit UAF.
Patch 2 introduces a drm_exec kunit subtest that fails if the conditions
for the weird warning are met.
The series previously also had a patch with a drm_exec workaround for
the
warning but that patch has already been commited to drm_misc_next_fixes.
Thinking more about this what happens when somebody calls
drm_exec_unlock_obj() on the first locked object?
Essentially the same thing. I've been thinking of the best way to handle
that, but not sure what's the best one.
/Thomas
Christian.
v2:
- Rewording of commit messages
- Add some commit message tags
v3:
- Remove an already committed patch
- Rework the test to not require dmesg inspection (Maxime Ripard)
- Condition the test on CONFIG_LOCK_ALLOC
- Update code comments and commit messages (Maxime Ripard)
Cc: Maxime Ripard <mripard@xxxxxxxxxx>
Cc: Christian König <christian.koenig@xxxxxxx>
Thomas Hellström (2):
drm/tests: helpers: Avoid a driver uaf
drm/tests/drm_exec: Add a test for object freeing within
drm_exec_fini()
drivers/gpu/drm/tests/drm_exec_test.c | 82 +++++++++++++++++++++++++++
include/drm/drm_kunit_helpers.h | 4 +-
2 files changed, 85 insertions(+), 1 deletion(-)
