[PATCH 2/2] dma-buf: taint the kernel on sw_sync use
Christian König
ckoenig.leichtzumerken at gmail.com
Wed Aug 18 10:54:43 UTC 2021
As we now knew allowing userspace control over dma_fence synchronization
is fundamentally broken and can cause deadlocks inside the kernel memory
management.
Because of this harden the wording for CONFIG_SW_SYNC and taint the kernel
as soon as it is used.
Signed-off-by: Christian König <christian.koenig at amd.com>
---
drivers/dma-buf/Kconfig | 5 +++--
drivers/dma-buf/sw_sync.c | 5 ++++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig
index 9561e3d2d428..61e0f3c5ba8b 100644
--- a/drivers/dma-buf/Kconfig
+++ b/drivers/dma-buf/Kconfig
@@ -27,8 +27,9 @@ config SW_SYNC
synchronization. Useful when there is no hardware primitive backing
the synchronization.
- WARNING: improper use of this can result in deadlocking kernel
- drivers from userspace. Intended for test and debug only.
+ WARNING: improper use of this can result in deadlocking the kernel
+ memory management from userspace. Intended for test and debug only.
+ Use at your own risk.
config UDMABUF
bool "userspace dmabuf misc driver"
diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c
index 348b3a9170fa..c2bcb9062f51 100644
--- a/drivers/dma-buf/sw_sync.c
+++ b/drivers/dma-buf/sw_sync.c
@@ -286,7 +286,8 @@ static struct sync_pt *sync_pt_create(struct sync_timeline *obj,
/*
* *WARNING*
*
- * improper use of this can result in deadlocking kernel drivers from userspace.
+ * improper use of this can result in deadlocking kernel memory management
+ * from userspace.
*/
/* opening sw_sync create a new sync obj */
@@ -295,6 +296,8 @@ static int sw_sync_debugfs_open(struct inode *inode, struct file *file)
struct sync_timeline *obj;
char task_comm[TASK_COMM_LEN];
+ add_taint(TAINT_SOFTLOCKUP, LOCKDEP_STILL_OK);
+
get_task_comm(task_comm, current);
obj = sync_timeline_create(task_comm);
--
2.25.1
More information about the dri-devel
mailing list