[PATCH 16/22] gpu: host1x: Forbid unrelated SETCLASS opcode in the firewall

Erik Faye-Lund kusmabite at gmail.com
Tue May 23 00:39:33 UTC 2017 

On Tue, May 23, 2017 at 2:14 AM, Dmitry Osipenko <digetx at gmail.com> wrote:
> Several channels could be made to write the same unit concurrently via the
> SETCLASS opcode, trusting userspace is a bad idea. It should be possible to
> drop the per-client channel reservation and add a per-unit locking by
> inserting MLOCK's to the command stream to re-allow the SETCLASS opcode, but
> it will be much more work. Let's forbid the unit-unrelated class changes for
> now.
>
> Signed-off-by: Dmitry Osipenko <digetx at gmail.com>
> ---
>  drivers/gpu/drm/tegra/drm.c  |  1 +
>  drivers/gpu/drm/tegra/drm.h  |  1 +
>  drivers/gpu/drm/tegra/gr2d.c | 12 ++++++++++++
>  drivers/gpu/host1x/job.c     | 24 ++++++++++++++++++++----
>  include/linux/host1x.h       |  5 ++++-
>  5 files changed, 38 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/tegra/drm.c b/drivers/gpu/drm/tegra/drm.c
> index cdb05d6efde4..17416e1c219a 100644
> --- a/drivers/gpu/drm/tegra/drm.c
> +++ b/drivers/gpu/drm/tegra/drm.c
> @@ -531,6 +531,7 @@ int tegra_drm_submit(struct tegra_drm_context *context,
>         }
>
>         job->is_addr_reg = context->client->ops->is_addr_reg;
> +       job->is_valid_class = context->client->ops->is_valid_class;
>         job->syncpt_incrs = syncpt.incrs;
>         job->syncpt_id = syncpt.id;
>         job->timeout = 10000;
> diff --git a/drivers/gpu/drm/tegra/drm.h b/drivers/gpu/drm/tegra/drm.h
> index 85aa2e3d9d4e..6d6da01282f3 100644
> --- a/drivers/gpu/drm/tegra/drm.h
> +++ b/drivers/gpu/drm/tegra/drm.h
> @@ -83,6 +83,7 @@ struct tegra_drm_client_ops {
>                             struct tegra_drm_context *context);
>         void (*close_channel)(struct tegra_drm_context *context);
>         int (*is_addr_reg)(struct device *dev, u32 class, u32 offset);
> +       int (*is_valid_class)(u32 class);
>         int (*submit)(struct tegra_drm_context *context,
>                       struct drm_tegra_submit *args, struct drm_device *drm,
>                       struct drm_file *file);
> diff --git a/drivers/gpu/drm/tegra/gr2d.c b/drivers/gpu/drm/tegra/gr2d.c
> index 02cd3e37a6ec..782231c41a1a 100644
> --- a/drivers/gpu/drm/tegra/gr2d.c
> +++ b/drivers/gpu/drm/tegra/gr2d.c
> @@ -109,10 +109,22 @@ static int gr2d_is_addr_reg(struct device *dev, u32 class, u32 offset)
>         return 0;
>  }
>
> +static int gr2d_is_valid_class(u32 class)
> +{
> +       switch (class) {
> +       case HOST1X_CLASS_GR2D:
> +       case HOST1X_CLASS_GR2D_SB:
> +               return 1;
> +       }
> +
> +       return 0;
> +}
> +
>  static const struct tegra_drm_client_ops gr2d_ops = {
>         .open_channel = gr2d_open_channel,
>         .close_channel = gr2d_close_channel,
>         .is_addr_reg = gr2d_is_addr_reg,
> +       .is_valid_class = gr2d_is_valid_class,
>         .submit = tegra_drm_submit,
>  };
>
> diff --git a/drivers/gpu/host1x/job.c b/drivers/gpu/host1x/job.c
> index cf335c5979e2..65e12219405a 100644
> --- a/drivers/gpu/host1x/job.c
> +++ b/drivers/gpu/host1x/job.c
> @@ -358,6 +358,9 @@ struct host1x_firewall {
>
>  static int check_register(struct host1x_firewall *fw, unsigned long offset)
>  {
> +       if (!fw->job->is_addr_reg)
> +               return 0;
> +
>         if (fw->job->is_addr_reg(fw->dev, fw->class, offset)) {
>                 if (!fw->num_relocs)
>                         return -EINVAL;
> @@ -372,6 +375,19 @@ static int check_register(struct host1x_firewall *fw, unsigned long offset)
>         return 0;
>  }
>
> +static int check_class(struct host1x_firewall *fw, u32 class)
> +{
> +       if (!fw->job->is_valid_class) {
> +               if (fw->class != class)
> +                       return -EINVAL;
> +       } else {
> +               if (!fw->job->is_valid_class(fw->class))
> +                       return -EINVAL;
> +       }
> +
> +       return 0;
> +}
> +
>  static int check_mask(struct host1x_firewall *fw)
>  {
>         u32 mask = fw->mask;
> @@ -445,11 +461,9 @@ static int validate(struct host1x_firewall *fw, struct host1x_job_gather *g)
>  {
>         u32 *cmdbuf_base = (u32 *)fw->job->gather_copy_mapped +
>                 (g->offset / sizeof(u32));
> +       u32 job_class = fw->class;
>         int err = 0;
>
> -       if (!fw->job->is_addr_reg)
> -               return 0;
> -
>         fw->words = g->words;
>         fw->cmdbuf = g->bo;
>         fw->offset = 0;
> @@ -469,7 +483,9 @@ static int validate(struct host1x_firewall *fw, struct host1x_job_gather *g)
>                         fw->class = word >> 6 & 0x3ff;
>                         fw->mask = word & 0x3f;
>                         fw->reg = word >> 16 & 0xfff;
> -                       err = check_mask(fw);
> +                       err = check_class(fw, job_class);
> +                       if (!err)
> +                               err = check_mask(fw);
>                         if (err)
>                                 goto out;
>                         break;
> diff --git a/include/linux/host1x.h b/include/linux/host1x.h
> index aa323e43ae4e..561d6bb6580d 100644
> --- a/include/linux/host1x.h
> +++ b/include/linux/host1x.h
> @@ -233,7 +233,10 @@ struct host1x_job {
>         u8 *gather_copy_mapped;
>
>         /* Check if register is marked as an address reg */
> -       int (*is_addr_reg)(struct device *dev, u32 reg, u32 class);
> +       int (*is_addr_reg)(struct device *dev, u32 class, u32 reg);

This seems like an unrelated fix, you might want to mention it in the
commit message at least.

> +
> +       /* Check if class belongs to the unit */
> +       int (*is_valid_class)(u32 class);
>
>         /* Request a SETCLASS to this class */
>         u32 class;
> --
> 2.13.0
>

Reviewed-by: Erik Faye-Lund <kusmabite at gmail.com>

More information about the dri-devel mailing list