Re: [RFC] drm/radeon: userfence IOCTL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Given that the userspace wait fence ioctl has not way to know which command buffer it is really waiting after then kernel has no knowledge of if this user fence will signal at all.
We could pass BO handle as  parameter in the "fence ioctl" to rely on it so kernel will know which BO  it is waiting.


> So a malicious user space (we always have to assume this thing exist) could create a big VRAM BO and effectively pin it in VRAM leading to a GPU DOS (denial of service).
This problem  always exists. Malicious user space could allocate big BO and then submit shader running in loop which read/write from this BO.  It could also spawn processes which will do the same thing. IMHO the only way to improve situation is  to have GPU Scheduler to allow "unloading" such application.

Sincerely yours,
Serguei Sagalovitch

On 15-04-13 11:39 AM, Jerome Glisse wrote:
On Mon, Apr 13, 2015 at 11:25:30AM -0400, Serguei Sagalovitch wrote:

the BO to be kept in the same place while it is mapped inside the kernel

page table
...

So this requires that we pin down the BO for the duration of the wait

IOCTL.

But my understanding is that it should be not duration of "wait" IOCTL but
"duration" of command buffer execution.

BTW: I would assume that this is not the new scenario.

 This is scenario:
    - User allocate BO
    - User get CPU address for BO
    - User submit command buffer to write to BO
    - User could "poll" / "read" or "write" BO data by CPU

So when  TTM needs  to move BO to another location it should also update CPU
"mapping" correctly so user will always read / write the correct data.

Did I miss anything?

No this is how things works. But we want to avoid pinning buffer.
One use case for this userspace fence is i assume same BO same
user fence use accross several command buffer. Given that the
userspace wait fence ioctl has not way to know which command
buffer it is really waiting after then kernel has no knowledge
of if this user fence will signal at all. So a malicious user
space (we always have to assume this thing exist) could create
a big VRAM BO and effectively pin it in VRAM leading to a GPU
DOS (denial of service).

By the way Christian, i would add a timeout to this ioctl and
return eagain to userspace on timeout so that userspace can
resumit. That way a malicious userspace will just keep exhausting
its cpu timeslot.

Cheers,
Jérôme


_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux