[PATCH] dma-buf: Give dma-fence-array distinct lockclasses

Chris Wilson chris at chris-wilson.co.uk
Sat Aug 24 19:12:38 UTC 2019


Quoting Koenig, Christian (2019-08-24 20:04:43)
> Am 24.08.19 um 15:58 schrieb Chris Wilson:
> > In order to allow dma-fence-array as a generic container for fences, we
> > need to allow for it to contain other dma-fence-arrays. By giving each
> > dma-fence-array construction their own lockclass, we allow different
> > types of dma-fence-array to nest, but still do not allow on class of
> > dma-fence-array to contain itself (even though they have distinct
> > locks).
> >
> > In practice, this means that each subsystem gets its own dma-fence-array
> > class and we can freely use dma-fence-arrays as containers within the
> > dmabuf core without angering lockdep.
> 
> I've considered this for as well. E.g. to use the dma_fence_array 
> implementation instead of coming up with the dma_fence_chain container.
> 
> But as it turned out when userspace can control nesting, it is trivial 
> to chain enough dma_fence_arrays together to cause an in kernel stack 
> overflow. Which in turn creates a really nice attack vector.
> 
> So as long as userspace has control over dma_fence_array nesting this is 
> a clear NAK and actually extremely dangerous.

You are proposing to use recursive dma_fence_array containers for
dma_resv...

> It actually took me quite a while to get the dma_fence_chain container 
> recursion less to avoid stuff like this.

Sure, we've been avoiding recursion for years.
-Chris


More information about the dri-devel mailing list