Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1608934ybf; Thu, 27 Feb 2020 14:26:57 -0800 (PST) X-Google-Smtp-Source: APXvYqw2SYUdhYahOaGWQo1ReL5lWRml4fov8Jtr8fS0DuTVGAEixExqIoCNj+DFDrQPBzi/kQal X-Received: by 2002:aca:f40a:: with SMTP id s10mr983094oih.61.1582842417089; Thu, 27 Feb 2020 14:26:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582842417; cv=none; d=google.com; s=arc-20160816; b=cVcFwE2IS3YqjuHhN1paQTJ7IZFqGRvLi4qEUGFPKRoKQaznBVhk51zqUOm/yhdvzT jW92bIUCIxu3s1BX6rMhppyd1bELZxtUCTNzWbJUm1s4hpMp1kHRtuTHDLXcSFGAUQi+ BNHSlEzOHhD6iJv3D+VN/Ar1NUkr7Ul4BWycUEab8T6zDk53M+MYV0uwlky1mba2teg+ mK5DstmqXIiwsjp486AFFBcxURsUQL1846dbzCBnxutZUSWCblOZED9+OAbKZ1RsqAsu ZYDPoY/BBp16smOKlDqm0RF9PgszIFlo3yagiivOXuEL+MFmJeqkIk8zK8h/9evvcOxG OtHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:date:subject:user-agent:message-id :references:cc:in-reply-to:from:to:content-transfer-encoding :mime-version; bh=cPRA9m1XW0KoUSjMxGsgZYgoPAF6G0qNq1HZeJAaB3A=; b=CYli96NJ08pZ+c52aP/JoGaqF6CkSqAmRidIQDeq/KbdSRchjA9wswX+MPtgico793 dnpbN8KW2QPAc4NhvqLLTtsnw4X3E2BfdMv78qjuL/GWIHZuniJZijDfHbJ8TRAFVZz0 SdHqlCZ9QRnzr26lQu7oon1WRJfR4wloVAyVBfpGhQgeHD/E09WqsOU7wyVs6VeBQpNx KmtqvPbukqyVtie+NRpBRSBhIE+qFhyokklpfAJW+UtM0RSzzir5XW5NXhCyGWlBIzhE Rwxr0fyhsxI+gO8CHcETe+9NTMAR0IdlYvZzZ43DnFAphZJ8kCYPN0iEcS1z/9R2gRYw Fiug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w4si363835otl.214.2020.02.27.14.26.45; Thu, 27 Feb 2020 14:26:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729969AbgB0W0a convert rfc822-to-8bit (ORCPT + 99 others); Thu, 27 Feb 2020 17:26:30 -0500 Received: from mail.fireflyinternet.com ([109.228.58.192]:52637 "EHLO fireflyinternet.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729718AbgB0W0a (ORCPT ); Thu, 27 Feb 2020 17:26:30 -0500 X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=78.156.65.138; Received: from localhost (unverified [78.156.65.138]) by fireflyinternet.com (Firefly Internet (M1)) with ESMTP (TLS) id 20377596-1500050 for multiple; Thu, 27 Feb 2020 22:26:02 +0000 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT To: Josh Poimboeuf From: Chris Wilson In-Reply-To: Cc: linux-kernel@vger.kernel.org, Randy Dunlap , Peter Zijlstra , intel-gfx@lists.freedesktop.org References: Message-ID: <158284236096.19174.6917853940060252533@skylake-alporthouse-com> User-Agent: alot/0.6 Subject: Re: [PATCH] drm/i915: Minimize uaccess exposure in i915_gem_execbuffer2_ioctl() Date: Thu, 27 Feb 2020 22:26:00 +0000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Josh Poimboeuf (2020-02-27 22:08:26) > With CONFIG_CC_OPTIMIZE_FOR_SIZE, objtool reports: > > drivers/gpu/drm/i915/gem/i915_gem_execbuffer.o: warning: objtool: i915_gem_execbuffer2_ioctl()+0x5b7: call to gen8_canonical_addr() with UACCESS enabled > > This means i915_gem_execbuffer2_ioctl() is calling gen8_canonical_addr() > -- and indirectly, sign_extend64() -- from the user_access_begin/end > critical region (i.e, with SMAP disabled). > > While it's probably harmless in this case, in general we like to avoid > extra function calls in SMAP-disabled regions because it can open up > inadvertent security holes. > > Fix it by moving the gen8_canonical_addr() conversion to a separate loop > before user_access_begin() is called. > > Note that gen8_canonical_addr() is now called *before* masking off the > PIN_OFFSET_MASK bits. That should be ok because it just does a sign > extension and ignores the masked lower bits anyway. > > Reported-by: Randy Dunlap > Signed-off-by: Josh Poimboeuf > --- > drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > index d5a0f5ae4a8b..183cab13e028 100644 > --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > @@ -2947,6 +2947,13 @@ i915_gem_execbuffer2_ioctl(struct drm_device *dev, void *data, > u64_to_user_ptr(args->buffers_ptr); > unsigned int i; > > + /* > + * Do the call to gen8_canonical_addr() outside the > + * uaccess-enabled region to minimize uaccess exposure. > + */ > + for (i = 0; i < args->buffer_count; i++) > + exec2_list[i].offset = gen8_canonical_addr(exec2_list[i].offset); Another loop over all the objects, where we intentionally try and skip unmodified entries? To save 2 instructions from inside the second loop? Colour me skeptical. -Chris