Hi, On 2/20/2025 2:53 PM, Tvrtko Ursulin wrote: > > On 20/02/2025 13:14, Jacek Lawrynowicz wrote: >> Hi, >> >> On 2/19/2025 11:55 AM, Joonas Lahtinen wrote: >>> Quoting Jacek Lawrynowicz (2025-02-11 17:57:03) >>>> Hi, can I submit this to drm-misc or should someone commit this to >>>> drm-intel? >>> >>> Is the this happening in linux-next or is it still completely out-of-tree? >> The patch is not merged so it is happening everywhere. >> >>> Feels weird that the splat would not have happened in any hybrid GPU >>> systems in the past. Did you look what is the difference between your >>> driver and amdgpu/nouveau? >> >> It looks like imported buffers are just never mmaped. >> >> This is a call chain when mmapping imported buffer in amdgpu: >> drm_gem_mmap()->drm_gem_mmap_obj()->amdgpu_gem_object_mmap()->drm_gem_ttm_mmap()->ttm_bo_mmap_obj() >> >> And this is intel_vpu call chain: >> drm_gem_mmap()->drm_gem_mmap_obj()->drm_gem_shmem_object_mmap()->drm_gem_shmem_mmap()->dma_buf_mmap()->i915_gem_dmabuf_mmap() >> >> amdgpu does not check if the object is imported and just calls >> drm_gem_ttm_mmap() and dma_buf_mmap() is never called. >> Same with xe and nouveau. All drivers using drm_gem_shmem seems ok but >> besides them only couple small drivers check for import_attach in mmap. >> Looks like most drivers do not support mmapping imported buffers. >> Is this really possible? Do you have test coverage for this? > > Without going into details here, commenting just on the "mmaping imported > buffers" part. > > My understanding is that mmaping imported buffers should not be supported by > design. There was some discussion around this in > https://lore.kernel.org/dri-devel/bc7f7844-0aa3-4802-b203-69d58e8be...@linux.intel.com/ > (The thread is for a patch which added this ability to i915.).
If so, these drivers should return an error when mmaping imported buffer instead of happily proceed as if it was an ordinary buffer. In my opinion, every driver that doesn't check obj->import_attach in drm_gem_object_funcs->mmap has potential for security vulnerability. Thomas, Simona, shouldn't there be a clear policy regarding this for the all drivers? Jacek
