| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200904020313.1810988-1-jcrouse@codeaurora.org>
Date: Thu, 3 Sep 2020 20:03:09 -0600
From: Jordan Crouse <jcrouse@...eaurora.org>
To: linux-arm-msm@...r.kernel.org
Cc: Akhil P Oommen <akhilpo@...eaurora.org>,
AngeloGioacchino Del Regno <kholk11@...il.com>,
Ben Dooks <ben.dooks@...ethink.co.uk>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Brian Masney <masneyb@...tation.org>,
Daniel Vetter <daniel@...ll.ch>,
David Airlie <airlied@...ux.ie>,
Emil Velikov <emil.velikov@...labora.com>,
Eric Anholt <eric@...olt.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jonathan Marek <jonathan@...ek.ca>,
Rob Clark <robdclark@...il.com>,
Sam Ravnborg <sam@...nborg.org>, Sean Paul <sean@...rly.run>,
Sharat Masetty <smasetty@...eaurora.org>,
Shawn Guo <shawn.guo@...aro.org>,
Wambui Karuga <wambui.karugax@...il.com>,
dri-devel@...ts.freedesktop.org, freedreno@...ts.freedesktop.org,
linux-kernel@...r.kernel.org
Subject: [PATCH 0/4] drm/msm: Protect the RPTR shadow
On Adreno GPUs there is an option to shadow the RPTR register in GPU accessible
memory. The shadow memory allows the kernel driver to query the value of the
RPTR for each ringbuffer even if it is preempted out or if the GPU is turned off
during aggressive power management.
There are risks to using the RPTR shadow. If it is in GPU accessible memory it
could be read or written by any GPU operation. All versions of the GPU hardware
except A650 requires the shadow to be in unprivileged memory which opens it
to risk.
This series does two things. First, it marks as many buffers as possible as
privileged. For a5xx these are some preemption buffers and on a650 this includes
all global buffers (such as the ringbuffer and memstore). I've sent these
patches before but they tie in well with this series so I've included them.
Then we disable the RPTR shadow across all targets. For all targets except for
a5xx the RPTR shadow isn't needed so there isn't a loss of functionality. a5xx
does need it for preemption so that has to be temporarily disabled.
Later changes will re-enable the shadow for those targets that can safely
mitigate the risks.
Jordan Crouse (4):
drm/msm: Split the a5xx preemption record
drm/msm: Enable expanded apriv support for a650
drm/msm: Disable premption on all 5xx targets
drm/msm: Disable the RPTR shadow
drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 5 +++++
drivers/gpu/drm/msm/adreno/a3xx_gpu.c | 10 +++++++++
drivers/gpu/drm/msm/adreno/a4xx_gpu.c | 10 +++++++++
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 14 +++++++++---
drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 1 +
drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 25 ++++++++++++++++-----
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 13 ++++++++++-
drivers/gpu/drm/msm/adreno/adreno_gpu.c | 27 ++---------------------
drivers/gpu/drm/msm/msm_gpu.c | 2 +-
drivers/gpu/drm/msm/msm_gpu.h | 11 +++++++++
drivers/gpu/drm/msm/msm_ringbuffer.c | 4 ++--
11 files changed, 85 insertions(+), 37 deletions(-)
--
2.25.1
Powered by blists - more mailing lists