lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1234303201.32506.8.camel@gaiman>
Date:	Tue, 10 Feb 2009 14:00:01 -0800
From:	Eric Anholt <eric@...olt.net>
To:	Jesse Barnes <jbarnes@...tuousgeek.org>
Cc:	Thomas Hellström <thomas@...pmail.org>,
	DRI <dri-devel@...ts.sourceforge.net>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: Gem GTT mmaps..

On Fri, 2009-02-06 at 14:24 -0800, Jesse Barnes wrote:
> On Friday, February 6, 2009 1:35 pm Thomas Hellström wrote:
> > Jesse Barnes wrote:
> > > On Thursday, February 5, 2009 10:37 am Jesse Barnes wrote:
> > >> So if we leave the lookup reference around from the GTT mapping ioctl,
> > >> that would take care of new mappings.  And if we added/removed
> > >> references at VM open/close time, we should be covered for fork.  But is
> > >> it ok to add a new unref in the finish ioctl for GTT mapped objects?  I
> > >> don't think so, because we don't know for sure if the caller was the one
> > >> that created the new fake offset (which would be one way of detecting
> > >> whether it was GTT mapped). Seems like we need a new unmap ioctl?  Or we
> > >> could put the mapping ref/unref in libdrm, where it would be tracked on
> > >> a per-process basis...
> > >
> > > Ah but maybe we should just tear down the fake offset at unmap time; then
> > > we'd be able to use it as an existence test for the mapping and get the
> > > refcounting right.  The last thing I thought of was whether we'd be ok in
> > > a map_gtt -> crash case.  I *think* the vm_close code will deal with
> > > that, if we do a deref there?
> >
> > Yes, an mmap() is always paired with a vm_close(), and the vm_close()
> > also happens in a crash situation.
> 
> This one should cover the cases you found.
>   - ref at map time will keep the object around so fault shouldn't fail
>   - additional threads will take their refs in vm_open/close
>   - unmap will unref and remove mmap_offset allowing object to be freed

sw_finish doesn't mean unmap (note that it doesn't actually unmap).

If you want to actually unmap, that should be done with munmap.

-- 
Eric Anholt
eric@...olt.net                         eric.anholt@...el.com



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ