lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180219161544.GY22199@phenom.ffwll.local>
Date:   Mon, 19 Feb 2018 17:15:44 +0100
From:   Daniel Vetter <daniel@...ll.ch>
To:     christian.koenig@....com
Cc:     dri-devel@...ts.freedesktop.org, amd-gfx@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] locking/ww_mutex: cleanup lock->ctx usage in amdgpu

On Mon, Feb 19, 2018 at 04:41:55PM +0100, Christian König wrote:
> Am 19.02.2018 um 16:24 schrieb Daniel Vetter:
> > On Thu, Feb 15, 2018 at 03:19:42PM +0100, Christian König wrote:
> > > amdgpu needs to verify if userspace sends us valid addresses and the simplest
> > > way of doing this is to check if the buffer object is locked with the ticket
> > > of the current submission.
> > > 
> > > Clean up the access to the ww_mutex internals by providing a function
> > > for this and extend the check to the thread owning the underlying mutex.
> > > 
> > > Signed-off-by: Christian König <christian.koenig@....com>
> > > ---
> > >   drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c |  3 ++-
> > >   include/linux/ww_mutex.h               | 17 +++++++++++++++++
> > >   2 files changed, 19 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> > > index eaa3cb0c3ad1..4c04b560e358 100644
> > > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> > > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> > > @@ -1594,7 +1594,8 @@ int amdgpu_cs_find_mapping(struct amdgpu_cs_parser *parser,
> > >   	*map = mapping;
> > >   	/* Double check that the BO is reserved by this CS */
> > > -	if (READ_ONCE((*bo)->tbo.resv->lock.ctx) != &parser->ticket)
> > > +	if (!ww_mutex_is_owned_by(&(*bo)->tbo.resv->lock, current,
> > > +				  &parser->ticket))
> > >   		return -EINVAL;
> > >   	if (!((*bo)->flags & AMDGPU_GEM_CREATE_VRAM_CONTIGUOUS)) {
> > > diff --git a/include/linux/ww_mutex.h b/include/linux/ww_mutex.h
> > > index 39fda195bf78..dd580db289e8 100644
> > > --- a/include/linux/ww_mutex.h
> > > +++ b/include/linux/ww_mutex.h
> > > @@ -358,4 +358,21 @@ static inline bool ww_mutex_is_locked(struct ww_mutex *lock)
> > >   	return mutex_is_locked(&lock->base);
> > >   }
> > > +/**
> > > + * ww_mutex_is_owned_by - is the w/w mutex locked by this task in that context
> > > + * @lock: the mutex to be queried
> > > + * @task: the task structure to check
> > > + * @ctx: the w/w acquire context to test
> > > + *
> > > + * Returns true if the mutex is locked in the context by the given task, false
> > > + * otherwise.
> > > + */
> > > +static inline bool ww_mutex_is_owned_by(struct ww_mutex *lock,
> > > +					struct task_struct *task,
> > > +					struct ww_acquire_ctx *ctx)
> > > +{
> > > +	return likely(__mutex_owner(&lock->base) == task) &&
> > > +		READ_ONCE(lock->ctx) == ctx;
> > Just comparing the context should be good enough. If you ever pass a
> > ww_acquire_ctx which does not belong to your own thread your seriously
> > wreaking things much worse already (and if we do catch that, should
> > probably lock the ctx to a given task when ww-mutex debugging is enabled).
> > 
> > That also simplifies the function signature.
> > 
> > Of course that means if you don't have a ctx, you can't test ownership of
> > a ww_mute, but I think that's not a really valid use-case.
> 
> Well exactly that is the use case in TTM, see patch #3 in this series.
> 
> In TTM the evicted BOs are trylocked and so we need a way of testing for
> ownership without a context.

I don't think your final patch to keep ww_mutex locked until the end
works. You can't really nest ww_mutex_trylock with ww_mutex at will (since
trylock bypasses the entire deadlock avoidance).

If this is really what you want to do, then we need a
ww_mutex_trylock_ctx, which also fills out the ctx value (so that other
threads can correctly resolve deadlocks when you hold that lock while
trying to grab additional locks). In which case you really don't need the
task pointer.

Yes it's a disappointment that lockdep doesn't correctly track trylocks,
it just does basic sanity checks, but then drops them on the floor wrt
depency tracking. Just in case you wonder why you're not getting a
lockdeps splat for this. Unfortunately I don't understand lockdep enough
to be able to fix this gap.
-Daniel

> 
> Christian.
> 
> >   And not needed
> > for cmd submission, where you need the ctx anyway.
> > 
> > Besides this interface nit looks all good. With the task check&parameter
> > removed:
> > 
> > Reviewed-by: Daniel Vetter <daniel.vetter@...ll.ch>
> > 
> > -Daniel
> > 
> > > +}
> > > +
> > >   #endif
> > > -- 
> > > 2.14.1
> > > 
> > > _______________________________________________
> > > dri-devel mailing list
> > > dri-devel@...ts.freedesktop.org
> > > https://lists.freedesktop.org/mailman/listinfo/dri-devel
> 
> _______________________________________________
> dri-devel mailing list
> dri-devel@...ts.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ