[Intel-gfx] [PATCH 1/2] drm/i915: Don't clobber the addfb2 ioctl params
Jani Nikula
jani.nikula at linux.intel.com
Tue Nov 17 06:45:31 PST 2015
On Tue, 17 Nov 2015, Ville Syrjälä <ville.syrjala at linux.intel.com> wrote:
> On Tue, Nov 17, 2015 at 01:04:21PM +0200, Ville Syrjälä wrote:
>> On Tue, Nov 17, 2015 at 10:47:06AM +0100, Daniel Vetter wrote:
>> > On Wed, Nov 11, 2015 at 07:11:28PM +0200, ville.syrjala at linux.intel.com wrote:
>> > > From: Ville Syrjälä <ville.syrjala at linux.intel.com>
>> > >
>> > > We try to convert the old way of of specifying fb tiling (obj->tiling)
>> > > into the new fb modifiers. We store the result in the passed in mode_cmd
>> > > structure. But that structure comes directly from the addfb2 ioctl, and
>> > > gets copied back out to userspace, which means we're clobbering the
>> > > modifiers that the user provided (all 0 since the DRM_MODE_FB_MODIFIERS
>> > > flag wasn't even set by the user). Hence if the user reuses the struct
>> > > for another addfb2, the ioctl will be rejected since it's now asking for
>> > > some modifiers w/o the flag set.
>> > >
>> > > Fix the problem by making a copy of the user provided structure. We can
>> > > play any games we want with the copy.
>> > >
>> > > Cc: stable at vger.kernel.org
>> > > Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
>> > > Cc: Tvrtko Ursulin <tvrtko.ursulin at intel.com>
>> > > Fixes: 2a80eada326f ("drm/i915: Add fb format modifier support")
>> > > Testcase: igt/kms_addfb_basic/clobbered-modifier
>> > > Signed-off-by: Ville Syrjälä <ville.syrjala at linux.intel.com>
>> >
>> > Out of curiosity: Where does this blow up? That should be added to the
>> > commit message (so that people affected can match it up with this fix).
>>
>> I don't know that it affects any actual users. The way I caught this was
>> running kms_addfb_basic. One of the subtests failed when I ran the full
>> test, but if I ran only the specific subtest it was fine. So the
>> modifiers got clobbered by the previous subtest. I already forgot which
>> subtest it was, but it's easy enough to track it down again.
>
> # ./tests/kms_addfb_basic
> IGT-Version: 1.12-git (x86_64) (Linux: 4.4.0-rc1-stereo+ x86_64)
> ...
> Subtest basic-X-tiled: SUCCESS (0.001s)
> Test assertion failure function pitch_tests, file kms_addfb_basic.c:167:
> Failed assertion: drmIoctl(fd, DRM_IOCTL_MODE_ADDFB2, &f) == 0
> Last errno: 22, Invalid argument
> Stack trace:
> #0 [__igt_fail_assert+0x101]
> #1 [pitch_tests+0x619]
> #2 [__real_main426+0x2f]
> #3 [main+0x23]
> #4 [__libc_start_main+0xf0]
> #5 [_start+0x29]
> #6 [<unknown>+0x29]
> Subtest framebuffer-vs-set-tiling failed.
> **** DEBUG ****
> Test assertion failure function pitch_tests, file kms_addfb_basic.c:167:
> Failed assertion: drmIoctl(fd, DRM_IOCTL_MODE_ADDFB2, &f) == 0
> Last errno: 22, Invalid argument
> **** END ****
> Subtest framebuffer-vs-set-tiling: FAIL (0.003s)
> ...
>
> # ./tests/kms_addfb_basic --r framebuffer-vs-set-tiling
> IGT-Version: 1.12-git (x86_64) (Linux: 4.4.0-rc1-stereo+ x86_64)
> Subtest framebuffer-vs-set-tiling: SUCCESS (0.000s)
>
>>
>> > With that:
>> >
>> > Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
Pushed to drm-intel-fixes, thanks for the patch and review.
I had to do a trivial rebase, and resolve conflicts for nightly. Ville,
please check the commit in -fixes and yell if it's not right.
BR,
Jani.
--
Jani Nikula, Intel Open Source Technology Center
More information about the Intel-gfx
mailing list