Received: by 2002:a05:7412:f589:b0:e2:908c:2ebd with SMTP id eh9csp724230rdb; Wed, 1 Nov 2023 00:01:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFf+O7t+aZ4smtGq2H+jYXKNEe+JOx/ctbmetLNEIynXjVBEahKnApZg+0qAMNkGeLbzJXm X-Received: by 2002:a92:b712:0:b0:359:417c:6430 with SMTP id k18-20020a92b712000000b00359417c6430mr1420265ili.27.1698822060424; Wed, 01 Nov 2023 00:01:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698822060; cv=none; d=google.com; s=arc-20160816; b=XWNqpHoPdjiEfEXWwIlzp7WAg4Rfg9MInTaQ3LhnV9NoTHfEkWB03dyY3ww+z7joWJ Rz640eolnuSP/SvcUBYoA21UOCnVANieP4okblMYowPt/+E3qE0QLjZyGuYAi3w2OxXV V2WEhwJQQr7Di6q+O/tE+vOZriFtwRRtEknE4+BKm15jbxDoctyCQPUb5fyjcMDPBjf0 DsnBfHW/1pQ+6r/OrLubgkjEbKId9+igT/n1uFecL30p7YFGMZz1il3fpcy1Xvw85TGW GKaWdd+P0/IPbhlxi0omyNSCL/nLmhLFTruANmuc358t9Ujcj1hOLGDO1uy5/RROLF/u YEIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=OoRJsZQA0JRmj7+Zm7KWg2a0Vv+QGemQYHWSkunKRm8=; fh=lO6eLIfwK66pvzNlVwN6iM5diExdUsWqRot02+WvXr4=; b=jn4V8h6fmjM6WBGyXzQe8LtXWlSkas8bgqfT9CJP8ZvWSfb2YoYJCHcXoKdrZ9+1t/ +/WbrMEUJo0529nveC5BwQXuT2K9SeApfbIY3GCq4/XxCWJINYPY5dCW1fDKr3kEMwAG R0+JMsnF1z03zzJP1vcflWkU8ru+zW4kRwmbm3hO6RIo7XTepMzF6+MhoqVcxF9vVB6W Oe3pVqjUYUb4JVjMd7mbq/dHApfidwvX/G7IG7GaSNBF9gHOaovOXhgIoEjocQ1hoeE/ lJVEr+iENNwvlWhGd67O4jr4ZGNlhD7+WpQFP4DaCjS8pYLcON2jw2fDGF/LO5MQ3XhW qcLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="j5/2YLYe"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id s188-20020a635ec5000000b005b9a45633ffsi2349391pgb.446.2023.11.01.00.00.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 00:01:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="j5/2YLYe"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 2BB5B8079724; Wed, 1 Nov 2023 00:00:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343762AbjKAHAC (ORCPT + 99 others); Wed, 1 Nov 2023 03:00:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229705AbjKAHAB (ORCPT ); Wed, 1 Nov 2023 03:00:01 -0400 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83A47E4; Tue, 31 Oct 2023 23:59:54 -0700 (PDT) Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-9c603e235d1so1012945266b.3; Tue, 31 Oct 2023 23:59:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698821993; x=1699426793; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OoRJsZQA0JRmj7+Zm7KWg2a0Vv+QGemQYHWSkunKRm8=; b=j5/2YLYeYo2VVfUg3BpcwjWcCe4BlZTRDENHAHNUcCzV8j6iV8DW+PWURR/ptgqJhJ owsaBi6/QTWb0t4/K+mqwEs/VGYecdbrf0TsPgJc1LcG9ln8nlYfKxU3rL4j34tMoSM+ MYmm61J5Y05HCvNv2j1Qql/tNodBqF7cWuvExc3r8KYM4MjHCfnnGn7CikBYdXHN4F60 GnlzIVVsaXlMToQTmZ61X42bexiVFPDo1hxb1lr3jzz1QtG7pw4/Abu7eoDVHy6y1+ZA FITKjs1Nxa/ikUWqSs6d15bRSEMRE86QvCLlKbxRMgWOnPeYoH8ytWcG30GkvAAxJV2W vlnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698821993; x=1699426793; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OoRJsZQA0JRmj7+Zm7KWg2a0Vv+QGemQYHWSkunKRm8=; b=Gu2I2VDnKSTXwARyPKyOF2K6HJniXRyG0bQZOvl4VM59Pk7fmV1sWgztd6MNiE72Pf GoUXyn+2X68KQq6n4KUl6VgUWWuigjFokivW/cLlF6UYhZn7C97JTYM25x5SkwsUuucY /2hS/WmEvZR2bxLZ5X8yHf9lEsswbxA0ulZHw+hW2deIvyfi2QenRYP2CLBHITlbw9WM zByUzP8LdJnO9Iphij2X4MQSYg3utPxAAvRcAIZLQBLxKME6yfXvmXUjEgxSam4lu2YF O3oScgL8pGR7s5LWad+xRuvo0PwLa3LjTiG2uCMCF+5/rUtUbZjQ/JlqbCB4KTLYNL3r Sf1g== X-Gm-Message-State: AOJu0YxD5DHjsuqbdPoWvJkjEK8eZWOWrCDxV1/qlEpQFJowGAgmnm5P 3GOQo/euakyGgMHFfjAsmCrTIuh2AyUC0oADa5s= X-Received: by 2002:a17:907:36cd:b0:9be:5ab2:73c2 with SMTP id bj13-20020a17090736cd00b009be5ab273c2mr1135771ejc.58.1698821992749; Tue, 31 Oct 2023 23:59:52 -0700 (PDT) MIME-Version: 1.0 References: <9c0cff84-45b1-268f-bdad-38c16316dbc3@amd.com> <20230714-drm-sched-fixes-v1-0-c567249709f7@asahilina.net> <20230714-drm-sched-fixes-v1-2-c567249709f7@asahilina.net> <236422117088ca854a6717114de73d99b2b9ba2f@rosenzweig.io> <7b564e55-a9b7-0585-3cf1-d1f132f9a918@asahilina.net> <200e9d74-7191-b1ed-e5f3-775827550853@amd.com> In-Reply-To: <200e9d74-7191-b1ed-e5f3-775827550853@amd.com> From: Dave Airlie Date: Wed, 1 Nov 2023 16:59:40 +1000 Message-ID: Subject: Re: [PATCH 2/3] drm/scheduler: Fix UAF in drm_sched_fence_get_timeline_name To: =?UTF-8?Q?Christian_K=C3=B6nig?= Cc: Asahi Lina , Luben Tuikov , alyssa@rosenzweig.io, Daniel Vetter , Sumit Semwal , Faith Ekstrand , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, asahi@lists.linux.dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 01 Nov 2023 00:00:21 -0700 (PDT) > > Well, to make it clear once more: Signaling a dma_fence from the > destructor of a reference counted object is very problematic! This will > be rejected no matter if you do that in C or in Rust. > > What we can do is to make it safe in the sense that you don't access > freed up memory by using the scheduler fences even more as wrapper > around the hardware fence as we do now. But this quite a change and > requires a bit more than just hacking around > drm_sched_fence_get_timeline_name(). I really think this needs to be documented if nothing else out of this thread. Clearly nobody is going to get it right and hidden here in this thread, this info isn't useful. Can we have some sort of design document for the dma-fence/scheduler interactions written and we can try and refine it with solutions on the list, because I'm tired of people proposing things and NAK's getting thrown around without anything to point people at. The next NAK I see on the list will mean I block all patches from the sender until they write a documentation patch, because seriously this stuff is too hard for someone to just keep it in their head and expect everyone else to understand from reading the code. Dave.