lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20181017063900.GF31561@phenom.ffwll.local>
Date:   Wed, 17 Oct 2018 08:39:00 +0200
From:   Daniel Vetter <daniel@...ll.ch>
To:     Lyude Paul <lyude@...hat.com>
Cc:     intel-gfx@...ts.freedesktop.org,
        Ville Syrjälä 
        <ville.syrjala@...ux.intel.com>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        Rodrigo Vivi <rodrigo.vivi@...el.com>, stable@...r.kernel.org,
        David Airlie <airlied@...ux.ie>,
        Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        Maxime Ripard <maxime.ripard@...tlin.com>,
        Sean Paul <sean@...rly.run>,
        Jani Nikula <jani.nikula@...ux.intel.com>,
        Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] drm/atomic_helper: Stop modesets on unregistered
 connectors harder

On Tue, Oct 16, 2018 at 04:39:46PM -0400, Lyude Paul wrote:
> Unfortunately, it appears our fix in:
> commit b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes
> for unregistered connectors")
> 
> Which attempted to work around the problems introduced by:
> commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on
> unregistered connectors")
> 
> Is still not the right solution, as modesets can still be triggered
> outside of drm_atomic_set_crtc_for_connector().
> 
> So in order to fix this, while still being careful that we don't break
> modesets that a driver may perform before being registered with
> userspace, we replace connector->registered with a tristate member,
> connector->registration_state. This allows us to keep track of whether
> or not a connector is still initializing and hasn't been exposed to
> userspace, is currently registered and exposed to userspace, or has been
> legitimately removed from the system after having once been present.
> 
> Using this info, we can prevent userspace from performing new modesets
> on unregistered connectors while still allowing the driver to perform
> modesets on unregistered connectors before the driver has finished being
> registered.
> 
> Changes since v1:
> - Fix WARN_ON() in drm_connector_cleanup() that CI caught with this
>   patchset in igt@..._module_reload@...ic-reload-inject and
>   igt@..._module_reload@...ic-reload by checking if the connector is
>   registered instead of unregistered, as calling drm_connector_cleanup()
>   on a connector that hasn't been registered with userspace yet should
>   stay valid.
> - Remove unregistered_connector_check(), and just go back to what we
>   were doing before in commit 4d80273976bf ("drm/atomic_helper: Disallow
>   new modesets on unregistered connectors") except replacing
>   READ_ONCE(connector->registered) with drm_connector_is_unregistered().
>   This gets rid of the behavior of allowing DPMS On<->Off, but that should
>   be fine as it's more consistent with the UAPI we had before - danvet
> - s/drm_connector_unregistered/drm_connector_is_unregistered/ - danvet
> - Update documentation, fix some typos.
> 
> Fixes: b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors")
> Cc: Ville Syrjälä <ville.syrjala@...ux.intel.com>
> Cc: Daniel Vetter <daniel.vetter@...ll.ch>
> Cc: Rodrigo Vivi <rodrigo.vivi@...el.com>
> Cc: stable@...r.kernel.org
> Cc: David Airlie <airlied@...ux.ie>
> Signed-off-by: Lyude Paul <lyude@...hat.com>

Reviewed-by: Daniel Vetter <daniel.vetter@...ll.ch>

> ---
>  drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++-
>  drivers/gpu/drm/drm_atomic_uapi.c   | 21 ---------
>  drivers/gpu/drm/drm_connector.c     | 11 +++--
>  drivers/gpu/drm/i915/intel_dp_mst.c |  8 ++--
>  include/drm/drm_connector.h         | 71 ++++++++++++++++++++++++++++-
>  5 files changed, 99 insertions(+), 33 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
> index 6f66777dca4b..ee6b2987a3c7 100644
> --- a/drivers/gpu/drm/drm_atomic_helper.c
> +++ b/drivers/gpu/drm/drm_atomic_helper.c
> @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state,
>  		return 0;
>  	}
>  
> +	crtc_state = drm_atomic_get_new_crtc_state(state,
> +						   new_connector_state->crtc);
> +	/*
> +	 * For compatibility with legacy users, we want to make sure that
> +	 * we allow DPMS On->Off modesets on unregistered connectors. Modesets
> +	 * which would result in anything else must be considered invalid, to
> +	 * avoid turning on new displays on dead connectors.
> +	 *
> +	 * Since the connector can be unregistered at any point during an
> +	 * atomic check or commit, this is racy. But that's OK: all we care
> +	 * about is ensuring that userspace can't do anything but shut off the
> +	 * display on a connector that was destroyed after its been notified,
> +	 * not before.
> +	 */
> +	if (drm_connector_is_unregistered(connector) && crtc_state->active) {
> +		DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n",
> +				 connector->base.id, connector->name);
> +		return -EINVAL;
> +	}
> +
>  	funcs = connector->helper_private;
>  
>  	if (funcs->atomic_best_encoder)
> @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state,
>  
>  	set_best_encoder(state, new_connector_state, new_encoder);
>  
> -	crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc);
>  	crtc_state->connectors_changed = true;
>  
>  	DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n",
> diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c
> index a22d6f269b07..d5b7f315098c 100644
> --- a/drivers/gpu/drm/drm_atomic_uapi.c
> +++ b/drivers/gpu/drm/drm_atomic_uapi.c
> @@ -299,27 +299,6 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state,
>  	struct drm_connector *connector = conn_state->connector;
>  	struct drm_crtc_state *crtc_state;
>  
> -	/*
> -	 * For compatibility with legacy users, we want to make sure that
> -	 * we allow DPMS On<->Off modesets on unregistered connectors, since
> -	 * legacy modesetting users will not be expecting these to fail. We do
> -	 * not however, want to allow legacy users to assign a connector
> -	 * that's been unregistered from sysfs to another CRTC, since doing
> -	 * this with a now non-existent connector could potentially leave us
> -	 * in an invalid state.
> -	 *
> -	 * Since the connector can be unregistered at any point during an
> -	 * atomic check or commit, this is racy. But that's OK: all we care
> -	 * about is ensuring that userspace can't use this connector for new
> -	 * configurations after it's been notified that the connector is no
> -	 * longer present.
> -	 */
> -	if (!READ_ONCE(connector->registered) && crtc) {
> -		DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n",
> -				 connector->base.id, connector->name);
> -		return -EINVAL;
> -	}
> -
>  	if (conn_state->crtc == crtc)
>  		return 0;
>  
> diff --git a/drivers/gpu/drm/drm_connector.c b/drivers/gpu/drm/drm_connector.c
> index 5d01414ec9f7..891f9458d29e 100644
> --- a/drivers/gpu/drm/drm_connector.c
> +++ b/drivers/gpu/drm/drm_connector.c
> @@ -396,7 +396,8 @@ void drm_connector_cleanup(struct drm_connector *connector)
>  	/* The connector should have been removed from userspace long before
>  	 * it is finally destroyed.
>  	 */
> -	if (WARN_ON(connector->registered))
> +	if (WARN_ON(connector->registration_state ==
> +		    DRM_CONNECTOR_REGISTERED))
>  		drm_connector_unregister(connector);
>  
>  	if (connector->tile_group) {
> @@ -453,7 +454,7 @@ int drm_connector_register(struct drm_connector *connector)
>  		return 0;
>  
>  	mutex_lock(&connector->mutex);
> -	if (connector->registered)
> +	if (connector->registration_state != DRM_CONNECTOR_INITIALIZING)
>  		goto unlock;
>  
>  	ret = drm_sysfs_connector_add(connector);
> @@ -473,7 +474,7 @@ int drm_connector_register(struct drm_connector *connector)
>  
>  	drm_mode_object_register(connector->dev, &connector->base);
>  
> -	connector->registered = true;
> +	connector->registration_state = DRM_CONNECTOR_REGISTERED;
>  	goto unlock;
>  
>  err_debugfs:
> @@ -495,7 +496,7 @@ EXPORT_SYMBOL(drm_connector_register);
>  void drm_connector_unregister(struct drm_connector *connector)
>  {
>  	mutex_lock(&connector->mutex);
> -	if (!connector->registered) {
> +	if (connector->registration_state != DRM_CONNECTOR_REGISTERED) {
>  		mutex_unlock(&connector->mutex);
>  		return;
>  	}
> @@ -506,7 +507,7 @@ void drm_connector_unregister(struct drm_connector *connector)
>  	drm_sysfs_connector_remove(connector);
>  	drm_debugfs_connector_remove(connector);
>  
> -	connector->registered = false;
> +	connector->registration_state = DRM_CONNECTOR_UNREGISTERED;
>  	mutex_unlock(&connector->mutex);
>  }
>  EXPORT_SYMBOL(drm_connector_unregister);
> diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c
> index b268bdd71bd3..8b71d64ebd9d 100644
> --- a/drivers/gpu/drm/i915/intel_dp_mst.c
> +++ b/drivers/gpu/drm/i915/intel_dp_mst.c
> @@ -78,7 +78,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder,
>  	pipe_config->pbn = mst_pbn;
>  
>  	/* Zombie connectors can't have VCPI slots */
> -	if (READ_ONCE(connector->registered)) {
> +	if (!drm_connector_is_unregistered(connector)) {
>  		slots = drm_dp_atomic_find_vcpi_slots(state,
>  						      &intel_dp->mst_mgr,
>  						      port,
> @@ -314,7 +314,7 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector)
>  	struct edid *edid;
>  	int ret;
>  
> -	if (!READ_ONCE(connector->registered))
> +	if (drm_connector_is_unregistered(connector))
>  		return intel_connector_update_modes(connector, NULL);
>  
>  	edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port);
> @@ -330,7 +330,7 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force)
>  	struct intel_connector *intel_connector = to_intel_connector(connector);
>  	struct intel_dp *intel_dp = intel_connector->mst_port;
>  
> -	if (!READ_ONCE(connector->registered))
> +	if (drm_connector_is_unregistered(connector))
>  		return connector_status_disconnected;
>  	return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr,
>  				      intel_connector->port);
> @@ -361,7 +361,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector,
>  	int bpp = 24; /* MST uses fixed bpp */
>  	int max_rate, mode_rate, max_lanes, max_link_clock;
>  
> -	if (!READ_ONCE(connector->registered))
> +	if (drm_connector_is_unregistered(connector))
>  		return MODE_ERROR;
>  
>  	if (mode->flags & DRM_MODE_FLAG_DBLSCAN)
> diff --git a/include/drm/drm_connector.h b/include/drm/drm_connector.h
> index 5b3cf909fd5e..dd0552cb7472 100644
> --- a/include/drm/drm_connector.h
> +++ b/include/drm/drm_connector.h
> @@ -82,6 +82,53 @@ enum drm_connector_status {
>  	connector_status_unknown = 3,
>  };
>  
> +/**
> + * enum drm_connector_registration_status - userspace registration status for
> + * a &drm_connector
> + *
> + * This enum is used to track the status of initializing a connector and
> + * registering it with userspace, so that DRM can prevent bogus modesets on
> + * connectors that no longer exist.
> + */
> +enum drm_connector_registration_state {
> +	/**
> +	 * @DRM_CONNECTOR_INITIALIZING: The connector has just been created,
> +	 * but has yet to be exposed to userspace. There should be no
> +	 * additional restrictions to how the state of this connector may be
> +	 * modified.
> +	 */
> +	DRM_CONNECTOR_INITIALIZING = 0,
> +
> +	/**
> +	 * @DRM_CONNECTOR_REGISTERED: The connector has been fully initialized
> +	 * and registered with sysfs, as such it has been exposed to
> +	 * userspace. There should be no additional restrictions to how the
> +	 * state of this connector may be modified.
> +	 */
> +	DRM_CONNECTOR_REGISTERED = 1,
> +
> +	/**
> +	 * @DRM_CONNECTOR_UNREGISTERED: The connector has either been exposed
> +	 * to userspace and has since been unregistered and removed from
> +	 * userspace, or the connector was unregistered before it had a chance
> +	 * to be exposed to userspace (e.g. still in the
> +	 * @DRM_CONNECTOR_INITIALIZING state). When a connector is
> +	 * unregistered, there are additional restrictions to how its state
> +	 * may be modified:
> +	 *
> +	 * - An unregistered connector may only have its DPMS changed from
> +	 *   On->Off. Once DPMS is changed to Off, it may not be switched back
> +	 *   to On.
> +	 * - Modesets are not allowed on unregistered connectors, unless they
> +	 *   would result in disabling its assigned CRTCs. This means
> +	 *   disabling a CRTC on an unregistered connector is OK, but enabling
> +	 *   one is not.
> +	 * - Removing a CRTC from an unregistered connector is OK, but new
> +	 *   CRTCs may never be assigned to an unregistered connector.
> +	 */
> +	DRM_CONNECTOR_UNREGISTERED = 2,
> +};
> +
>  enum subpixel_order {
>  	SubPixelUnknown = 0,
>  	SubPixelHorizontalRGB,
> @@ -853,10 +900,12 @@ struct drm_connector {
>  	bool ycbcr_420_allowed;
>  
>  	/**
> -	 * @registered: Is this connector exposed (registered) with userspace?
> +	 * @registration_state: Is this connector initializing, exposed
> +	 * (registered) with userspace, or unregistered?
> +	 *
>  	 * Protected by @mutex.
>  	 */
> -	bool registered;
> +	enum drm_connector_registration_state registration_state;
>  
>  	/**
>  	 * @modes:
> @@ -1167,6 +1216,24 @@ static inline void drm_connector_unreference(struct drm_connector *connector)
>  	drm_connector_put(connector);
>  }
>  
> +/**
> + * drm_connector_is_unregistered - has the connector been unregistered from
> + * userspace?
> + * @connector: DRM connector
> + *
> + * Checks whether or not @connector has been unregistered from userspace.
> + *
> + * Returns:
> + * True if the connector was unregistered, false if the connector is
> + * registered or has not yet been registered with userspace.
> + */
> +static inline bool
> +drm_connector_is_unregistered(struct drm_connector *connector)
> +{
> +	return READ_ONCE(connector->registration_state) ==
> +		DRM_CONNECTOR_UNREGISTERED;
> +}
> +
>  const char *drm_get_connector_status_name(enum drm_connector_status status);
>  const char *drm_get_subpixel_order_name(enum subpixel_order order);
>  const char *drm_get_dpms_name(int val);
> -- 
> 2.17.2
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ