Received: by 2002:a05:7412:f589:b0:e2:908c:2ebd with SMTP id eh9csp752608rdb; Wed, 1 Nov 2023 01:14:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEN5ptTW0MMZLkQq+T9qQwYwL5vYgX7qdsxoCoOJi/DbtpxYcrVww2wqKx9YpxQlaUd79Yg X-Received: by 2002:a17:90a:b388:b0:280:2b48:f264 with SMTP id e8-20020a17090ab38800b002802b48f264mr6548231pjr.0.1698826449985; Wed, 01 Nov 2023 01:14:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698826449; cv=none; d=google.com; s=arc-20160816; b=W7uvRMpXdYzbb/gtUdSeXqDWw9QPnzUYdnDoidE8U1uNAqbrYJ/HOYwYynGu96PUZh L1NVL2B94iWwUgIJ6MFEvb5zMeDHvcu5hZt+d3papaDUxi71MsysqwDrvTOt+8rC0CeR 34nC4lhSebIns5iAn+3QKHWoyGuahXsTV/1X3msP1d+cslLR6JtdbAwoe7/xv8SFkRDz s+9BWcFG46OEsf7ojtidU3/ilzD5b8cmbioV/IQMxElRQHJTHNxxg+p5Jm7kM88qdB+Z JZEPrkFnT3RLujVO/xEJ4yfBtnalB5Ek3thvyUVNrjoQVVyYp0AuUj67r1i7sfQVtHfu U1Vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=iTrJrLiBbNpY45EDAaoUQiZijsCyasehzQFvLcrvRfE=; fh=1i5wlhhtoWV83iCQxlJsN1C4NR+6nDPMbrDMxfwm+AM=; b=fGvrHM3ucvCOnOeJlSZXj/+NP/d10wbrkz9AAAnCFgloVVwakz+C5la3cvHaV7SpVY 9suHRGt8lxzrrHeA78v42S+PYbRcoasHYc6n37l3qiohmDKlc1YJNRAYMqV7i7UnsGat BFSfP78gJdwrcAHen7Y9+dxBrVAoBAChzQBEtYavH1TQCzXdKOQdfTuE+oXkded80IwU iKQpFqXu0GRXqiQ5wjN8+lV9UEbzGwvc3aISdnJ+dHJ8GpVmNYdJM2klF4+lgZP9xeNJ fCUdH926Kp+8mahAsnnfPsl4vckWNUMMB7gOO/BZDsZRCjcSlnMBVMVfBHzxr8rmMzC8 QIeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=N0moWa0e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id kk12-20020a17090b4a0c00b002801dcb4761si353053pjb.136.2023.11.01.01.14.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 01:14:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=N0moWa0e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 8D398802E5C1; Wed, 1 Nov 2023 01:14:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231251AbjKAINu (ORCPT + 99 others); Wed, 1 Nov 2023 04:13:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229590AbjKAINt (ORCPT ); Wed, 1 Nov 2023 04:13:49 -0400 Received: from mail-oa1-x2f.google.com (mail-oa1-x2f.google.com [IPv6:2001:4860:4864:20::2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5740103 for ; Wed, 1 Nov 2023 01:13:41 -0700 (PDT) Received: by mail-oa1-x2f.google.com with SMTP id 586e51a60fabf-1d542f05b9aso1331113fac.1 for ; Wed, 01 Nov 2023 01:13:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; t=1698826421; x=1699431221; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=iTrJrLiBbNpY45EDAaoUQiZijsCyasehzQFvLcrvRfE=; b=N0moWa0eDlX8w1Yncve6lzhrU1h5IVjW49chOqf2+DG5Yf6ZxrJgr5n2XXs0NgQ2fW GLFtSOgeDRa7Yp0bFVP6u+CNWQjnPs4wUVvZspG6dHwey9RHzUW5wNRNVbXA2LH20/ow ioS/BD+djVaTSPAYosa/40PWugcreRm4O+rSw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698826421; x=1699431221; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iTrJrLiBbNpY45EDAaoUQiZijsCyasehzQFvLcrvRfE=; b=rDw00OeDHTHyi8js32D40Ci/HNR94WXMuKS8XF0QD70iXtqzZrLWjlXHMOgOfqDh/m kV5ibIyt6CVQTERsjH2whUqUPTPFFQDPiDYLbordagvDC8piSoIyhuEDKfePQMLzgCTS OptFQlhW7ej9SQNLuISzcv0YO8wKWjfs8HeAB15K/rSMB9//ISYM+hPliqgmFyBbjFZS VyQEe9PW83XbcCdfrWMCFFRWmuKfKTEhFgEVDWCVysl3zkshttUyKB0Rr9qHWgqRzocr foG6ssvtXgq9IcsyxxV8IMN8dqJc+x/Ek9mJFNYESU773l66aljoyZG35H2PWngFrV47 rSFw== X-Gm-Message-State: AOJu0YzXG1lZWjJO10PJm1Q0BpsjWlWOyiLsqpVR7cBs7qgwm2lkNRRz 7riMXlmZkQEJ+Pg+iqakiCA3/XCvofvy8sinrd7X6w== X-Received: by 2002:a05:6870:af44:b0:1e9:8ab9:11ca with SMTP id uy4-20020a056870af4400b001e98ab911camr19772936oab.3.1698826421144; Wed, 01 Nov 2023 01:13:41 -0700 (PDT) MIME-Version: 1.0 References: <9c0cff84-45b1-268f-bdad-38c16316dbc3@amd.com> <20230714-drm-sched-fixes-v1-0-c567249709f7@asahilina.net> <20230714-drm-sched-fixes-v1-2-c567249709f7@asahilina.net> <236422117088ca854a6717114de73d99b2b9ba2f@rosenzweig.io> <7b564e55-a9b7-0585-3cf1-d1f132f9a918@asahilina.net> <200e9d74-7191-b1ed-e5f3-775827550853@amd.com> In-Reply-To: From: Daniel Vetter Date: Wed, 1 Nov 2023 09:13:29 +0100 Message-ID: Subject: Re: [PATCH 2/3] drm/scheduler: Fix UAF in drm_sched_fence_get_timeline_name To: Dave Airlie Cc: =?UTF-8?Q?Christian_K=C3=B6nig?= , Asahi Lina , Luben Tuikov , alyssa@rosenzweig.io, Sumit Semwal , Faith Ekstrand , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, asahi@lists.linux.dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 01 Nov 2023 01:14:08 -0700 (PDT) On Wed, 1 Nov 2023 at 07:59, Dave Airlie wrote: > > > > > Well, to make it clear once more: Signaling a dma_fence from the > > destructor of a reference counted object is very problematic! This will > > be rejected no matter if you do that in C or in Rust. > > > > What we can do is to make it safe in the sense that you don't access > > freed up memory by using the scheduler fences even more as wrapper > > around the hardware fence as we do now. But this quite a change and > > requires a bit more than just hacking around > > drm_sched_fence_get_timeline_name(). > > I really think this needs to be documented if nothing else out of this thread. > > Clearly nobody is going to get it right and hidden here in this > thread, this info isn't useful. > > Can we have some sort of design document for the dma-fence/scheduler > interactions written and we can try and refine it with solutions on > the list, because I'm tired of people proposing things and NAK's > getting thrown around without anything to point people at. > > The next NAK I see on the list will mean I block all patches from the > sender until they write a documentation patch, because seriously this > stuff is too hard for someone to just keep it in their head and expect > everyone else to understand from reading the code. I very much like the idea that NAK replies are counted as "you've just volunteered yourself for some documentation patches so that next time around you can reply with a link to the docs instead of just a NAK". I don't think we'll get out of these discussions otherwise, since currently we have undocumented, but very tricky semantics of the drm/sched codebase for ringbuffer scheduling which is extended to fw scheduling in also very tricky ways, with not entirely clear impacts on semantics of all the drm/sched things. And as a result we just pile up enormous amounts of threads where I think the only thing assured is that people talk past each another. Converting NAKs into doc patches should at least eventually get rid of the worst confusions we're dealing with here. Cheers, Sima -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch