[Intel-gfx] [PATCH 01/13] video: fb_defio: preserve user fb_ops

Daniel Vetter daniel at ffwll.ch
Thu Nov 28 10:05:57 UTC 2019 

On Thu, Nov 28, 2019 at 11:09:46AM +0200, Jani Nikula wrote:
> On Wed, 27 Nov 2019, Daniel Vetter <daniel at ffwll.ch> wrote:
> > On Wed, Nov 27, 2019 at 07:17:41PM +0100, Daniel Vetter wrote:
> >> On Wed, Nov 27, 2019 at 06:31:57PM +0200, Jani Nikula wrote:
> >> > Modifying fb_ops directly to override fb_mmap with fb_deferred_io_mmap
> >> > and then resetting it to NULL afterwards causes problems all over the
> >> > place. First, it prevents making the fbops member of struct fb_info a
> >> > const pointer, which means we can't make struct fb_ops const
> >> > anywhere. Second, a few places have to go out of their way to restore
> >> > the original fb_mmap pointer that gets reset to NULL.
> >> > 
> >> > Preserve the passed in fb_ops by making a copy of it and modifying that
> >> > instead. Add a deferred_io_private member to struct fb_info to store the
> >> > pointer to the old fb_ops, and restore that at cleanup.
> >> > 
> >> > Cc: Jaya Kumar <jayalk at intworks.biz>
> >> > Cc: linux-fbdev at vger.kernel.org
> >> > Signed-off-by: Jani Nikula <jani.nikula at intel.com>
> >> > 
> >> > ---
> >> > 
> >> > Note: If the approach is acceptable, we'll also need to handle the error
> >> > returns on memory allocation failures at fb_deferred_io_init() call
> >> > sites. There are 13.
> >> 
> >> it's fbdev defio, I think we can do worse with less effort. Just embed a
> >> copy of fb_ops into fb_info, and use that, and tada! no memory allocation
> >> needed :-)
> >> 
> >> I'd totally r-b that patch.
> >> 
> >> Or do what Ville suggested, add an fb_info->fbdefio.enabled, set that in
> >> the _init function and in fb_mmap call fb_deferred_io_mmap for that case
> >> instead of the driver's fb_ops->fb_mmap. There's only one caller of that
> >> in the entire tree, in fbmem.c. Also, we could/should nuke the
> >> EXPORT_SYMBOL(fb_deferred_io_mmap) I think.
> >
> > I just realized that fb_info->fbdefio is a pointer, so this would be
> > really simple to pull off I think.
> 
> Heh, having a
> 
> 	int (*fb_deferred_io_mmap)(struct fb_info *, struct vm_area_struct *);
> 
> member in struct fb_info, and using that in fbmem.c if non-NULL, was
> actually my first idea. I didn't think it was particularly pretty, but
> if we don't care about aesthetics...
> 
> Would you like that instead of the patch at hand?


diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
index 82c20c6047b0..9275c6bd71da 100644
--- a/drivers/video/fbdev/core/fb_defio.c
+++ b/drivers/video/fbdev/core/fb_defio.c
@@ -206,13 +206,11 @@ void fb_deferred_io_init(struct fb_info *info)
 
 	BUG_ON(!fbdefio);
 	mutex_init(&fbdefio->lock);
-	info->fbops->fb_mmap = fb_deferred_io_mmap;
 	INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work);
 	INIT_LIST_HEAD(&fbdefio->pagelist);
 	if (fbdefio->delay == 0) /* set a default of 1 s */
 		fbdefio->delay = HZ;
 }
-EXPORT_SYMBOL_GPL(fb_deferred_io_init);
 
 void fb_deferred_io_open(struct fb_info *info,
 			 struct inode *inode,
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 86b06a599f96..6af627f281c3 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -1341,7 +1341,16 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
 		return -ENODEV;
 	fb = info->fbops;
 	mutex_lock(&info->mm_lock);
-	if (fb->fb_mmap) {
+	if (fb->fbdefio) {
+		/*
+		 * The framebuffer needs to be accessed decrypted, be sure
+		 * SME protection is removed ahead of the call
+		 */
+		vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot);
+		res = fb_deferred_io_mmap(info, vma);
+		mutex_unlock(&info->mm_lock);
+		return res;
+	} else if (fb->fb_mmap) {
 		int res;
 
 		/*

Is what I was thinking off as the pretty solution. Add an explicit
fb_info->fbdefio_enabled boolean if you don't feel like auditing all the
drivers for whether they really call defio_init() every time they assign
something to that pointer. A quick scan brought some nasties to light in
that area.

I think a function pointer here is pointless because we clearly don't need
it, and with all the panic around function pointers a direct call feels
much better :-)
-Daniel

> 
> BR,
> Jani.
> 
> 
> > -Daniel
> >
> >> 
> >> That version would also get my r-b stamp. So up to you what you prefer.
> >> -Daniel
> >> 
> >> > ---
> >> >  drivers/video/fbdev/core/fb_defio.c | 25 ++++++++++++++++++++++---
> >> >  include/linux/fb.h                  |  3 ++-
> >> >  2 files changed, 24 insertions(+), 4 deletions(-)
> >> > 
> >> > diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
> >> > index 82c20c6047b0..36697844c1e0 100644
> >> > --- a/drivers/video/fbdev/core/fb_defio.c
> >> > +++ b/drivers/video/fbdev/core/fb_defio.c
> >> > @@ -200,13 +200,23 @@ static void fb_deferred_io_work(struct work_struct *work)
> >> >  	mutex_unlock(&fbdefio->lock);
> >> >  }
> >> >  
> >> > -void fb_deferred_io_init(struct fb_info *info)
> >> > +int fb_deferred_io_init(struct fb_info *info)
> >> >  {
> >> >  	struct fb_deferred_io *fbdefio = info->fbdefio;
> >> > +	struct fb_ops *fbops;
> >> >  
> >> >  	BUG_ON(!fbdefio);
> >> > +
> >> > +	fbops = kmemdup(info->fbops, sizeof(*fbops), GFP_KERNEL);
> >> > +	if (!fbops)
> >> > +		return -ENOMEM;
> >> > +
> >> > +	fbops->fb_mmap = fb_deferred_io_mmap;
> >> > +	info->deferred_io_private = info->fbops;
> >> > +	info->fbops = fbops;
> >> > +
> >> >  	mutex_init(&fbdefio->lock);
> >> > -	info->fbops->fb_mmap = fb_deferred_io_mmap;
> >> > +
> >> >  	INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work);
> >> >  	INIT_LIST_HEAD(&fbdefio->pagelist);
> >> >  	if (fbdefio->delay == 0) /* set a default of 1 s */
> >> > @@ -229,6 +239,12 @@ void fb_deferred_io_cleanup(struct fb_info *info)
> >> >  	int i;
> >> >  
> >> >  	BUG_ON(!fbdefio);
> >> > +
> >> > +	/* sanity check against misuse */
> >> > +	if (WARN_ON(!info->deferred_io_private ||
> >> > +		    info->fbops->fb_mmap != fb_deferred_io_mmap))
> >> > +		return;
> >> > +
> >> >  	cancel_delayed_work_sync(&info->deferred_work);
> >> >  
> >> >  	/* clear out the mapping that we setup */
> >> > @@ -237,7 +253,10 @@ void fb_deferred_io_cleanup(struct fb_info *info)
> >> >  		page->mapping = NULL;
> >> >  	}
> >> >  
> >> > -	info->fbops->fb_mmap = NULL;
> >> > +	kfree(info->fbops);
> >> > +	info->fbops = info->deferred_io_private;
> >> > +	info->deferred_io_private = NULL;
> >> > +
> >> >  	mutex_destroy(&fbdefio->lock);
> >> >  }
> >> >  EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup);
> >> > diff --git a/include/linux/fb.h b/include/linux/fb.h
> >> > index a6ad528990de..65f2abd47745 100644
> >> > --- a/include/linux/fb.h
> >> > +++ b/include/linux/fb.h
> >> > @@ -470,6 +470,7 @@ struct fb_info {
> >> >  #ifdef CONFIG_FB_DEFERRED_IO
> >> >  	struct delayed_work deferred_work;
> >> >  	struct fb_deferred_io *fbdefio;
> >> > +	void *deferred_io_private;
> >> >  #endif
> >> >  
> >> >  	struct fb_ops *fbops;
> >> > @@ -658,7 +659,7 @@ static inline void __fb_pad_aligned_buffer(u8 *dst, u32 d_pitch,
> >> >  
> >> >  /* drivers/video/fb_defio.c */
> >> >  int fb_deferred_io_mmap(struct fb_info *info, struct vm_area_struct *vma);
> >> > -extern void fb_deferred_io_init(struct fb_info *info);
> >> > +extern int fb_deferred_io_init(struct fb_info *info);
> >> >  extern void fb_deferred_io_open(struct fb_info *info,
> >> >  				struct inode *inode,
> >> >  				struct file *file);
> >> > -- 
> >> > 2.20.1
> >> > 
> >> > _______________________________________________
> >> > Intel-gfx mailing list
> >> > Intel-gfx at lists.freedesktop.org
> >> > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
> >> 
> >> -- 
> >> Daniel Vetter
> >> Software Engineer, Intel Corporation
> >> http://blog.ffwll.ch
> 
> -- 
> Jani Nikula, Intel Open Source Graphics Center

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

More information about the Intel-gfx mailing list