lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 10 Feb 2009 14:58:00 -0800
From:	Jesse Barnes <jbarnes@...tuousgeek.org>
To:	Eric Anholt <eric@...olt.net>
Cc:	Thomas Hellström <thomas@...pmail.org>,
	DRI <dri-devel@...ts.sourceforge.net>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: Gem GTT mmaps..

On Tuesday, February 10, 2009 2:00 pm Eric Anholt wrote:
> On Fri, 2009-02-06 at 14:24 -0800, Jesse Barnes wrote:
> > On Friday, February 6, 2009 1:35 pm Thomas Hellström wrote:
> > > Jesse Barnes wrote:
> > > > On Thursday, February 5, 2009 10:37 am Jesse Barnes wrote:
> > > >> So if we leave the lookup reference around from the GTT mapping
> > > >> ioctl, that would take care of new mappings.  And if we
> > > >> added/removed references at VM open/close time, we should be covered
> > > >> for fork.  But is it ok to add a new unref in the finish ioctl for
> > > >> GTT mapped objects?  I don't think so, because we don't know for
> > > >> sure if the caller was the one that created the new fake offset
> > > >> (which would be one way of detecting whether it was GTT mapped).
> > > >> Seems like we need a new unmap ioctl?  Or we could put the mapping
> > > >> ref/unref in libdrm, where it would be tracked on a per-process
> > > >> basis...
> > > >
> > > > Ah but maybe we should just tear down the fake offset at unmap time;
> > > > then we'd be able to use it as an existence test for the mapping and
> > > > get the refcounting right.  The last thing I thought of was whether
> > > > we'd be ok in a map_gtt -> crash case.  I *think* the vm_close code
> > > > will deal with that, if we do a deref there?
> > >
> > > Yes, an mmap() is always paired with a vm_close(), and the vm_close()
> > > also happens in a crash situation.
> >
> > This one should cover the cases you found.
> >   - ref at map time will keep the object around so fault shouldn't fail
> >   - additional threads will take their refs in vm_open/close
> >   - unmap will unref and remove mmap_offset allowing object to be freed
>
> sw_finish doesn't mean unmap (note that it doesn't actually unmap).
>
> If you want to actually unmap, that should be done with munmap.

Yeah, but it does get called at dri_bo_unmap time... I haven't traced the 
munmap code to see if it would do what we want... if it ends up in vm_close 
too then it would be fine (ref at gtt ioctl time, unref at vm_close time, as 
long as there's not a stray vm_open in there).

Jesse
-- 
Jesse Barnes, Intel Open Source Technology Center
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ