| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Oct 2018 09:55:57 +0200
From: Christian König <easy2remember.chk@...glemail.com>
To: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Julia Lawall <julia.lawall@...6.fr>,
Chunming Zhou <david1.zhou@....com>
Cc: kbuild-all@...org, intel-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org,
Gustavo Padovan <gustavo@...ovan.org>,
Sean Paul <sean@...rly.run>, David Airlie <airlied@...ux.ie>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drm: fix call_kern.cocci warnings (fwd)
Am 25.10.18 um 09:50 schrieb Maarten Lankhorst:
> Op 24-10-18 om 20:57 schreef Julia Lawall:
>> The containing function is called with a spin_lock held, so GFP_KERNEL
>> can't be used.
>>
>> julia
>>
>> ---------- Forwarded message ----------
>> Date: Tue, 23 Oct 2018 17:14:25 +0800
>> From: kbuild test robot <lkp@...el.com>
>> To: kbuild@...org
>> Cc: Julia Lawall <julia.lawall@...6.fr>
>> Subject: [PATCH] drm: fix call_kern.cocci warnings
>>
>> CC: kbuild-all@...org
>> CC: intel-gfx@...ts.freedesktop.org
>> CC: dri-devel@...ts.freedesktop.org
>> TO: Chunming Zhou <david1.zhou@....com>
>> CC: "Christian König" <easy2remember.chk@...glemail.com>
>> CC: Gustavo Padovan <gustavo@...ovan.org>
>> CC: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>
>> CC: Sean Paul <sean@...rly.run>
>> CC: David Airlie <airlied@...ux.ie>
>> CC: dri-devel@...ts.freedesktop.org
>> CC: linux-kernel@...r.kernel.org
>>
>> From: kbuild test robot <fengguang.wu@...el.com>
>>
>> drivers/gpu/drm/drm_syncobj.c:202:4-14: ERROR: function drm_syncobj_find_signal_pt_for_point called on line 390 inside lock on line 389 but uses GFP_KERNEL
>>
>> Find functions that refer to GFP_KERNEL but are called with locks held.
>>
>> Semantic patch information:
>> The proposed change of converting the GFP_KERNEL is not necessarily the
>> correct one. It may be desired to unlock the lock, or to not call the
>> function under the lock in the first place.
>>
>> Generated by: scripts/coccinelle/locks/call_kern.cocci
>>
>> Fixes: 48197bc564c7 ("drm: add syncobj timeline support v9")
>> CC: Chunming Zhou <david1.zhou@....com>
>> Signed-off-by: kbuild test robot <fengguang.wu@...el.com>
> The issue appears to be real and the patch looks sane. Chunming Zhou, do you want to fix it like this, or preallocate
> a fence obj? If former, just ack. :)
Well, wait a second with that advise1
The problem here is that userspace (indirectly) controls when this
allocation is made. So what you could do is to construct some code to
force the kernel into doing a *lot* of GFP_ATOMIC allocations.
And when the kernel runs out of GFP_ATOMIC space, then well bad things
start to happen :)
Christian.
>
> ~Maarten
>> tree: git://anongit.freedesktop.org/drm/drm-tip drm-tip
>> head: 8d7ffd2298c607c3e1a16f94d51450d7940fd6a7
>> commit: 48197bc564c7a1888c86024a1ba4f956e0ec2300 [1968/2033] drm: add syncobj timeline support v9
>> :::::: branch date: 4 hours ago
>> :::::: commit date: 5 days ago
>>
>> Please take the patch only if it's a positive warning. Thanks!
>>
>> drm_syncobj.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> --- a/drivers/gpu/drm/drm_syncobj.c
>> +++ b/drivers/gpu/drm/drm_syncobj.c
>> @@ -199,7 +199,7 @@ static struct dma_fence
>> (point <= syncobj->timeline)) {
>> struct drm_syncobj_stub_fence *fence =
>> kzalloc(sizeof(struct drm_syncobj_stub_fence),
>> - GFP_KERNEL);
>> + GFP_ATOMIC);
>>
>> if (!fence)
>> return NULL;
>
Powered by blists - more mailing lists