lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jan 2020 11:21:56 +0100 From: Lucas Stach <l.stach@...gutronix.de> To: Arnd Bergmann <arnd@...db.de> Cc: Guido Günther <agx@...xcpu.org>, Philipp Zabel <p.zabel@...gutronix.de>, y2038 Mailman List <y2038@...ts.linaro.org>, The etnaviv authors <etnaviv@...ts.freedesktop.org>, dri-devel <dri-devel@...ts.freedesktop.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, David Airlie <airlied@...ux.ie>, Christian Gmeiner <christian.gmeiner@...il.com>, Daniel Vetter <daniel@...ll.ch>, Russell King <linux+etnaviv@...linux.org.uk>, Emil Velikov <emil.velikov@...labora.com>, Sam Ravnborg <sam@...nborg.org> Subject: Re: [PATCH v2 13/24] drm/etnaviv: reject timeouts with tv_nsec >= NSEC_PER_SEC On Mo, 2020-01-20 at 19:47 +0100, Arnd Bergmann wrote: > On Mon, Jan 20, 2020 at 6:48 PM Lucas Stach <l.stach@...gutronix.de> wrote: > > On Fr, 2020-01-17 at 16:47 +0100, Guido Günther wrote: > > > This breaks rendering here on arm64/gc7000 due to > > > > > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) > > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 > > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) > > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 > > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_PREP or DRM_IOCTL_MSM_GEM_CPU_PREP, 0xfffff7888680) = -1 EINVAL (Invalid argument) > > > ioctl(6, DRM_IOCTL_ETNAVIV_GEM_CPU_FINI or DRM_IOCTL_QXL_CLIENTCAP, 0xfffff78885e0) = 0 > > > > > > This is due to > > > > > > get_abs_timeout(&req.timeout, 5000000000); > > > > > > in etna_bo_cpu_prep which can exceed NSEC_PER_SEC. > > > > > > Should i send a patch to revert that change since it breaks existing userspace? > > > > No need to revert. This patch has not been applied to the etnaviv tree > > yet, I guess it's just in one of Arnds branches feeding into -next. > > > > That part of userspace is pretty dumb, as it misses to renormalize > > tv_nsec when it overflows the second boundary. So if what I see is > > correct it should be enough to allow 2 * NSEC_PER_SEC, which should > > both reject broken large timeout and keep existing userspace working. > > Ah, so it's never more than 2 billion nanoseconds in known user space? > I can definitely change my patch (actually add one on top) to allow that > and handle it as before, or alternatively accept any 64-bit nanosecond value > as arm64 already did, but make it less inefficient to handle. So the broken userspace code looks like this: static inline void get_abs_timeout(struct drm_etnaviv_timespec *tv, uint64_t ns) { struct timespec t; uint32_t s = ns / 1000000000; clock_gettime(CLOCK_MONOTONIC, &t); tv->tv_sec = t.tv_sec + s; tv->tv_nsec = t.tv_nsec + ns - (s * 1000000000); } Which means it _tries_ to do the right thing by putting the billion part into the tv_sec member and only the remaining ns part is added to tv_nsec, but then it fails to propagate a tv_nsec overflow over NSEC_PER_SEC into tv_sec. Which means the tv_nsec should never be more than 2 * NSEC_PER_SEC in known userspace. I would prefer if we could make the interface as strict as possible (i.e. no arbitrary large numbers in tv_nsec), while keeping this specific corner case working. Regards, Lucas
Powered by blists - more mailing lists