[PATCH v3 0/2] drm/tests: Fix for UAF and a test for drm_exec lock alloc tracking warning
Christian König
christian.koenig at amd.com
Thu Sep 7 14:49:39 UTC 2023
Am 07.09.23 um 16:47 schrieb Thomas Hellström:
> Hi,
>
> On 9/7/23 16:37, Christian König wrote:
>> Am 07.09.23 um 15:53 schrieb Thomas Hellström:
>>> While trying to replicate a weird drm_exec lock alloc tracking warning
>>> using the drm_exec kunit test, the warning was shadowed by a UAF
>>> warning
>>> from KASAN due to a bug in the drm kunit helpers.
>>>
>>> Patch 1 fixes that drm kunit UAF.
>>> Patch 2 introduces a drm_exec kunit subtest that fails if the
>>> conditions
>>> for the weird warning are met.
>>>
>>> The series previously also had a patch with a drm_exec workaround
>>> for the
>>> warning but that patch has already been commited to
>>> drm_misc_next_fixes.
>>
>> Thinking more about this what happens when somebody calls
>> drm_exec_unlock_obj() on the first locked object?
>>
> Essentially the same thing. I've been thinking of the best way to
> handle that, but not sure what's the best one.
Well what does lockdep store in that object in the first place? Could we
fix that somehow?
Christian.
>
> /Thomas
>
>
>> Christian.
>>
>>>
>>> v2:
>>> - Rewording of commit messages
>>> - Add some commit message tags
>>> v3:
>>> - Remove an already committed patch
>>> - Rework the test to not require dmesg inspection (Maxime Ripard)
>>> - Condition the test on CONFIG_LOCK_ALLOC
>>> - Update code comments and commit messages (Maxime Ripard)
>>>
>>> Cc: Maxime Ripard <mripard at kernel.org>
>>> Cc: Christian König <christian.koenig at amd.com>
>>>
>>> Thomas Hellström (2):
>>> drm/tests: helpers: Avoid a driver uaf
>>> drm/tests/drm_exec: Add a test for object freeing within
>>> drm_exec_fini()
>>>
>>> drivers/gpu/drm/tests/drm_exec_test.c | 82
>>> +++++++++++++++++++++++++++
>>> include/drm/drm_kunit_helpers.h | 4 +-
>>> 2 files changed, 85 insertions(+), 1 deletion(-)
>>>
>>
More information about the dri-devel
mailing list