As we now knew allowing userspace control over dma_fence synchronization is fundamentally broken and can cause deadlocks inside the kernel memory management. Because of this harden the wording for CONFIG_SW_SYNC and taint the kernel as soon as it is used. Signed-off-by: Christian König <christian.koenig@xxxxxxx> --- drivers/dma-buf/Kconfig | 5 +++-- drivers/dma-buf/sw_sync.c | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig index 9561e3d2d428..61e0f3c5ba8b 100644 --- a/drivers/dma-buf/Kconfig +++ b/drivers/dma-buf/Kconfig @@ -27,8 +27,9 @@ config SW_SYNC synchronization. Useful when there is no hardware primitive backing the synchronization. - WARNING: improper use of this can result in deadlocking kernel - drivers from userspace. Intended for test and debug only. + WARNING: improper use of this can result in deadlocking the kernel + memory management from userspace. Intended for test and debug only. + Use at your own risk. config UDMABUF bool "userspace dmabuf misc driver" diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c index 348b3a9170fa..c2bcb9062f51 100644 --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -286,7 +286,8 @@ static struct sync_pt *sync_pt_create(struct sync_timeline *obj, /* * *WARNING* * - * improper use of this can result in deadlocking kernel drivers from userspace. + * improper use of this can result in deadlocking kernel memory management + * from userspace. */ /* opening sw_sync create a new sync obj */ @@ -295,6 +296,8 @@ static int sw_sync_debugfs_open(struct inode *inode, struct file *file) struct sync_timeline *obj; char task_comm[TASK_COMM_LEN]; + add_taint(TAINT_SOFTLOCKUP, LOCKDEP_STILL_OK); + get_task_comm(task_comm, current); obj = sync_timeline_create(task_comm); -- 2.25.1
