Hi DRM Devs,
In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB. I have a static checker warning for this and most of the warnings are from DRM ioctls.
drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:120 amdgpu_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
These ioctls can all trigger the stack dump. The line numbers are from linux next (next-20211214).
I feel like ideally if this could be fixed in a central way, but if not then hopefully I've added the relevant lists to the CC.
regards, dan carpenter
+ Boris
On 16/12/2021 12:08, Dan Carpenter wrote:
Hi DRM Devs,
In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB. I have a static checker warning for this and most of the warnings are from DRM ioctls.
drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN
I believe this one in Panfrost would be fixed by Boris's series reworking the submit ioctl[1].
Boris: are you planning on submitting that series soon - or is it worth cherry picking the rework in patch 5 to fix this issue?
[1] https://lore.kernel.org/all/20210930190954.1525933-1-boris.brezillon@collabo...
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c:120 amdgpu_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN
These ioctls can all trigger the stack dump. The line numbers are from linux next (next-20211214).
I feel like ideally if this could be fixed in a central way, but if not then hopefully I've added the relevant lists to the CC.
I've only looked at Panfrost, but at least here we're simply allowing user space to allocate an arbitrary amount of kernel memory in one go - which is always going to be a good way of triggering the OOM killer if nothing else. Boris's series includes a change that means instead trying to copy an (attacker controller) sized array into the kernel to process, we copy each each element of the array in turn.
So I don't really see how this could be fixed in a central way (but some of the other cases might be different).
Thanks,
Steve
regards, dan carpenter
Hi Steve,
On Thu, 16 Dec 2021 14:02:25 +0000 Steven Price steven.price@arm.com wrote:
- Boris
On 16/12/2021 12:08, Dan Carpenter wrote:
Hi DRM Devs,
In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB. I have a static checker warning for this and most of the warnings are from DRM ioctls.
drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN
I believe this one in Panfrost would be fixed by Boris's series reworking the submit ioctl[1].
Boris: are you planning on submitting that series soon - or is it worth cherry picking the rework in patch 5 to fix this issue?
Don't know when I'll get back to it, so I'd recommend cherry-picking what you need.
Regards,
Boris
On 16/12/2021 14:15, Boris Brezillon wrote:
Hi Steve,
On Thu, 16 Dec 2021 14:02:25 +0000 Steven Price steven.price@arm.com wrote:
- Boris
On 16/12/2021 12:08, Dan Carpenter wrote:
Hi DRM Devs,
In commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") from July, Linus added a WARN_ONCE() for "crazy" allocations over 2GB. I have a static checker warning for this and most of the warnings are from DRM ioctls.
drivers/gpu/drm/lima/lima_drv.c:124 lima_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/radeon/radeon_cs.c:291 radeon_cs_parser_init() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:311 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:319 v3d_lookup_bos() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/v3d/v3d_gem.c:601 v3d_get_multisync_post_deps() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:476 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:477 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:478 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c:479 etnaviv_ioctl_gem_submit() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/virtio/virtgpu_ioctl.c:186 virtio_gpu_execbuffer_ioctl() warn: uncapped user size for kvmalloc() will WARN drivers/gpu/drm/panfrost/panfrost_drv.c:198 panfrost_copy_in_sync() warn: uncapped user size for kvmalloc() will WARN
I believe this one in Panfrost would be fixed by Boris's series reworking the submit ioctl[1].
Boris: are you planning on submitting that series soon - or is it worth cherry picking the rework in patch 5 to fix this issue?
Don't know when I'll get back to it, so I'd recommend cherry-picking what you need.
Thanks, no problem - it was mostly when I looked at the code I had the feeling that "surely this has already been fixed", then discovered your series was never merged ;)
I'll hammer out a patch for this one issue.
Thanks,
Steve
dri-devel@lists.freedesktop.org
-
Boris Brezillon -
Dan Carpenter -
Steven Price