On Mon, Jun 24, 2019 at 04:32:54PM +0200, Andrey Konovalov wrote: > This patch is a part of a series that extends kernel ABI to allow to pass > tagged user pointers (with the top byte set to something else other than > 0x00) as syscall arguments. > > In amdgpu_gem_userptr_ioctl() and amdgpu_amdkfd_gpuvm.c/init_user_pages() > an MMU notifier is set up with a (tagged) userspace pointer. The untagged > address should be used so that MMU notifiers for the untagged address get > correctly matched up with the right BO. This patch untag user pointers in > amdgpu_gem_userptr_ioctl() for the GEM case and in amdgpu_amdkfd_gpuvm_ > alloc_memory_of_gpu() for the KFD case. This also makes sure that an > untagged pointer is passed to amdgpu_ttm_tt_get_user_pages(), which uses > it for vma lookups. > > Suggested-by: Felix Kuehling <Felix.Kuehling@xxxxxxx> > Acked-by: Felix Kuehling <Felix.Kuehling@xxxxxxx> > Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 2 +- > drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 2 ++ > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > index a6e5184d436c..5d476e9bbc43 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > @@ -1108,7 +1108,7 @@ int amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu( > alloc_flags = 0; > if (!offset || !*offset) > return -EINVAL; > - user_addr = *offset; > + user_addr = untagged_addr(*offset); > } else if (flags & ALLOC_MEM_FLAGS_DOORBELL) { > domain = AMDGPU_GEM_DOMAIN_GTT; > alloc_domain = AMDGPU_GEM_DOMAIN_CPU; > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c > index d4fcf5475464..e91df1407618 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c > @@ -287,6 +287,8 @@ int amdgpu_gem_userptr_ioctl(struct drm_device *dev, void *data, > uint32_t handle; > int r; > > + args->addr = untagged_addr(args->addr); > + > if (offset_in_page(args->addr | args->size)) > return -EINVAL; > > -- > 2.22.0.410.gd8fdbe21b5-goog > -- Kees Cook