Re: [PATCH v10 0/4] drm: update locking for modesetting

On 31/8/21 3:24 am, Desmond Cheong Zhi Xi wrote: Sorry for the noise, rebasing on top of drm-misc-next. Please ignore the v9 series. Hi, I updated the patch set with some suggestions by Daniel Vetter, and dropped the patches after patch 4 so that we can stick the landing for avoiding races

[PATCH v10 4/4] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 6 ++ 4 files changed, 49 inserti

[PATCH v10 3/4] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_ioctl.c | 21 - 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 9fc00e36c5d6..fe9c4c026

[PATCH v10 2/4] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu

[PATCH v10 1/4] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Fixes: 7eeaeb90a6a5 ("drm/file: Don't set master on in-kernel clien

[PATCH v10 0/4] drm: update locking for modesetting

ting a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (4): drm: fix null ptr dereference in drm_master_release drm: convert drm_device.master_mutex into a rwsem drm: lock drm_global_mutex earlier in the ioctl handler drm: avoid races with modesetting rights

[PATCH v9 4/4] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 6 ++ 4 files changed, 49 inserti

[PATCH v9 3/4] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_ioctl.c | 21 - 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index d25713b09b80..59c5aa850

[PATCH v9 2/4] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu

[PATCH v9 1/4] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Fixes: 7eeaeb90a6a5 ("drm/file: Don't set master on in-kernel clien

[PATCH v9 0/4] drm: update locking for modesetting

nise readers and writers. - Implement drm_master_flush with task_work so that flushes can be queued to run before returning to userspace without creating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (4): drm: fix null ptr dereference in drm_maste

Re: [PATCH v8 7/7] drm: remove drm_file.master_lookup_lock

On 26/8/21 9:21 pm, Daniel Vetter wrote: On Thu, Aug 26, 2021 at 10:01:22AM +0800, Desmond Cheong Zhi Xi wrote: Previously, master_lookup_lock was introduced in commit 0b0860a3cf5e ("drm: serialize drm_file.master with a new spinlock") to serialize accesses to drm_file.master. This th

Re: [PATCH v8 4/7] drm: avoid races with modesetting rights

On 26/8/21 8:59 pm, Daniel Vetter wrote: On Thu, Aug 26, 2021 at 10:01:19AM +0800, Desmond Cheong Zhi Xi wrote: In drm_client_modeset.c and drm_fb_helper.c, drm_master_internal_{acquire,release} are used to avoid races with DRM userspace. These functions hold onto drm_device.master_rwsem while

Re: [PATCH v8 3/7] drm: lock drm_global_mutex earlier in the ioctl handler

On 26/8/21 5:58 pm, Daniel Vetter wrote: On Thu, Aug 26, 2021 at 10:01:18AM +0800, Desmond Cheong Zhi Xi wrote: In a future patch, a read lock on drm_device.master_rwsem is held in the ioctl handler before the check for ioctl permissions. However, this inverts the lock hierarchy of

Re: [PATCH v8 1/7] drm: fix null ptr dereference in drm_master_release

On 26/8/21 5:53 pm, Daniel Vetter wrote: On Thu, Aug 26, 2021 at 10:01:16AM +0800, Desmond Cheong Zhi Xi wrote: drm_master_release can be called on a drm_file without a master, which results in a null ptr dereference of file_priv->master->magic_map. The three cases are: 1. Error p

[PATCH v8 7/7] drm: remove drm_file.master_lookup_lock

take this opportunity to clean up the locking design by replacing master_lookup_lock with drm_device.master_rwsem. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 19 +++ drivers/gpu/drm/drm_file.c | 1 - drivers/gpu/drm/drm_internal.h | 1 + dr

[PATCH v8 6/7] drm: avoid circular locks in drm_lease_held

inversion of the master_rwsem --> modeset_mutex lock hierarchy. To fix this, we create a new drm_lease_held_master helper function that enables us to avoid calling drm_file_get_master after locking master_rwsem or modeset_mutex. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_aut

[PATCH v8 5/7] drm: avoid circular locks in drm_mode_object_find

unlocked versions that call __drm_mode_object_find and drm_mode_object_find respectively. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_atomic_uapi.c| 7 ++--- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/drm_crtc.c | 5 ++-- dri

[PATCH v8 4/7] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 5 + 4 files changed, 48 insertions(+), 16 deletions(-) di

[PATCH v8 3/7] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index d25713b09b80..158629d88319 100644 --- a/drivers/gpu/

[PATCH v8 2/7] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu/drm/drm_ioctl.c | 10

[PATCH v8 1/7] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_file.c | 6 +

[PATCH v8 0/7] drm: update locking for modesetting

rk so that flushes can be queued to run before returning to userspace without creating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (7): drm: fix null ptr dereference in drm_master_release drm: convert drm_device.master_mutex into a rwsem drm: lock drm_global_m

[PATCH v7 7/7] drm: remove drm_file.master_lookup_lock

take this opportunity to clean up the locking design by replacing master_lookup_lock with drm_device.master_rwsem. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 19 +++ drivers/gpu/drm/drm_file.c | 1 - drivers/gpu/drm/drm_internal.h | 1 + dr

[PATCH v7 6/7] drm: avoid circular locks with modeset_mutex and master_rwsem

chy. To fix this, we create a new drm_lease_held_master helper function that enables us to avoid calling drm_file_get_master after locking modeset_mutex. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 3 +++ drivers/gpu/drm/drm_encoder.c | 7 ++- drivers/gpu/

[PATCH v7 5/7] drm: avoid circular locks in drm_mode_object_find

unlocked versions that call __drm_mode_object_find and drm_mode_object_find respectively. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_atomic_uapi.c| 7 ++--- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/drm_crtc.c | 5 ++-- dri

[PATCH v7 4/7] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 5 + 4 files changed, 48 insertions(+), 16 deletions(-) di

[PATCH v7 3/7] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index d25713b09b80..158629d88319 100644 --- a/drivers/gpu/

[PATCH v7 2/7] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu/drm/drm_ioctl.c | 10

[PATCH v7 1/7] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_file.c | 6 +

[PATCH v7 0/7] drm: update locking for modesetting

ace without creating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (7): drm: fix null ptr dereference in drm_master_release drm: convert drm_device.master_mutex into a rwsem drm: lock drm_global_mutex earlier in the ioctl handler drm: avoid races with modes

[PATCH v6 7/7] drm: remove drm_file.master_lookup_lock

take this opportunity to clean up the locking design by replacing master_lookup_lock with drm_device.master_rwsem. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 19 +++ drivers/gpu/drm/drm_file.c | 1 - drivers/gpu/drm/drm_internal.h | 1 + dr

[PATCH v6 6/7] drm: avoid circular locks with modeset_mutex and master_rwsem

chy. To fix this, we create a new drm_lease_held_master helper function that enables us to avoid calling drm_file_get_master after locking modeset_mutex. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 3 +++ drivers/gpu/drm/drm_encoder.c | 7 ++- drivers/gpu/

[PATCH v6 5/7] drm: avoid circular locks in drm_mode_object_find

unlocked versions that call __drm_mode_object_find and drm_mode_object_find respectively. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_atomic_uapi.c| 7 +++--- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/drm_crtc.c | 5 +++--

[PATCH v6 4/7] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 5 + 4 files changed, 48 insertions(+), 16 deletions(-) di

[PATCH v6 3/7] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index d25713b09b80..158629d88319 100644 --- a/drivers/gpu/

[PATCH v6 2/7] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu/drm/drm_ioctl.c | 10

[PATCH v6 1/7] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_file.c | 6 +

[PATCH v6 0/7] drm: update locking for modesetting

o userspace without creating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (7): drm: fix null ptr dereference in drm_master_release drm: convert drm_device.master_mutex into a rwsem drm: lock drm_global_mutex earlier in the ioctl handler drm: avoid races with

[PATCH v5 6/6] drm: remove drm_file.master_lookup_lock

revious patch fixed other remaining inversions involving master_rwsem and modeset_mutex. Hence, we can take this opportunity to clean up the locking design by replacing master_lookup_lock with drm_device.master_rwsem. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gp

[PATCH v5 5/6] drm: avoid circular locks with modeset_mutex and master_rwsem

Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_atomic_uapi.c | 4 +++- drivers/gpu/drm/drm_auth.c| 3 +++ drivers/gpu/drm/drm_encoder.c | 7 ++- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/drm_lease.c | 34 --- drivers

[PATCH v5 4/6] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 5 + 4 files changed, 48 insertions(+), 16 deletions(-) di

[PATCH v5 3/6] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index d25713b09b80..158629d88319 100644 --- a/drivers/gpu/

[PATCH v5 2/6] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu/drm/drm_ioctl.c | 10

[PATCH v5 1/6] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_file.c | 6 +

[PATCH v5 0/6] drm: update locking for modesetting

ers. - Implement drm_master_flush with task_work so that flushes can be queued to run before returning to userspace without creating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (6): drm: fix null ptr dereference in drm_master_release drm: convert drm_device.mas

[PATCH v4 5/5] drm: remove drm_file.master_lookup_lock

ter_rwsem while holding onto mode_config.idr_mutex), then remove master_lookup_lock. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 19 ++-- drivers/gpu/drm/drm_file.c| 1 - drivers/gpu/drm/drm_internal.h| 1 + drivers/gpu/drm/drm_ioctl.c

[PATCH v4 4/5] drm: avoid races with modesetting rights

ned-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 4 drivers/gpu/drm/drm_ioctl.c | 20 +++- drivers/gpu/drm/drm_lease.c | 35 --- include/drm/drm_device.h| 5 + 4 files changed, 48 insertions(+), 16 deletions(-) di

[PATCH v4 3/5] drm: lock drm_global_mutex earlier in the ioctl handler

ctl permissions. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index d25713b09b80..158629d88319 100644 --- a/drivers/gpu/

[PATCH v4 2/5] drm: convert drm_device.master_mutex into a rwsem

, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 35 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu/drm/drm_ioctl.c | 10

[PATCH v4 1/5] drm: fix null ptr dereference in drm_master_release

s set up in drm_open_helper through the call to drm_master_open, so we mirror it with a call to drm_master_release in drm_close_helper, and remove drm_master_release from drm_file_free to avoid the null ptr dereference. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_file.c | 6 +

[PATCH v4 0/5] drm: update locking for modesetting

reating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (5): drm: fix null ptr dereference in drm_master_release drm: convert drm_device.master_mutex into a rwsem drm: lock drm_global_mutex earlier in the ioctl handler drm: avoid races with modesetting rig

Re: [PATCH v3 7/9] drm: update global mutex lock in the ioctl handler

On 18/8/21 7:02 pm, Daniel Vetter wrote: On Wed, Aug 18, 2021 at 03:38:22PM +0800, Desmond Cheong Zhi Xi wrote: In a future patch, a read lock on drm_device.master_rwsem is held in the ioctl handler before the check for ioctl permissions. However, this produces the following lockdep splat

Re: [PATCH v3 8/9] kernel: export task_work_add

On 19/8/21 5:26 pm, Christoph Hellwig wrote: On Wed, Aug 18, 2021 at 03:38:23PM +0800, Desmond Cheong Zhi Xi wrote: +EXPORT_SYMBOL(task_work_add); EXPORT_SYMBOL_GPL for this kinds of functionality, please. Thanks, I wasn't aware of the GPL-only export. I'll update this in a fut

Re: [Intel-gfx] [PATCH v3 4/9] drm: fix potential null ptr dereferences in drm_{auth, ioctl}

On 19/8/21 12:33 am, Daniel Vetter wrote: On Wed, Aug 18, 2021 at 5:37 PM Desmond Cheong Zhi Xi wrote: On 18/8/21 6:11 pm, Daniel Vetter wrote: On Wed, Aug 18, 2021 at 03:38:19PM +0800, Desmond Cheong Zhi Xi wrote: There are three areas where we dereference struct drm_master without

Re: [PATCH v3 4/9] drm: fix potential null ptr dereferences in drm_{auth,ioctl}

On 18/8/21 6:11 pm, Daniel Vetter wrote: On Wed, Aug 18, 2021 at 03:38:19PM +0800, Desmond Cheong Zhi Xi wrote: There are three areas where we dereference struct drm_master without checking if the pointer is non-NULL. 1. drm_getmagic is called from the ioctl_handler. Since DRM_IOCTL_GET_MAGIC

Re: [PATCH v3 2/9] drm: hold master_lookup_lock when releasing a drm_file's master

On 18/8/21 6:05 pm, Daniel Vetter wrote: On Wed, Aug 18, 2021 at 03:38:17PM +0800, Desmond Cheong Zhi Xi wrote: When drm_file.master changes value, the corresponding drm_device.master_lookup_lock should be held. In drm_master_release, a call to drm_master_put sets the file_priv->master to N

[PATCH v3 9/9] drm: avoid races with modesetting rights

sem: users that perform modesetting should hold a read lock on the new drm_device.master_rwsem, and users that change these permissions should either hold a write lock, or should flush readers before returning to userspace. Reported-by: Daniel Vetter Signed-off-by: Desmond Cheong Zhi Xi --- drive

[PATCH v3 8/9] kernel: export task_work_add

: ERROR: modpost: "task_work_add" [drivers/gpu/drm/drm.ko] undefined! Reported-by: kernel test robot Signed-off-by: Desmond Cheong Zhi Xi --- kernel/task_work.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/task_work.c b/kernel/task_work.c index 1698fbe6f0e1..9404af2b 10

[PATCH v3 7/9] drm: update global mutex lock in the ioctl handler

At the same time, we update the check for the global mutex to use the drm_dev_needs_global_mutex helper function. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.

[PATCH v3 6/9] drm: convert drm_device.master_mutex into a rwsem

. Hence, convert master_mutex into a rwsem to enable concurrent readers. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c| 27 ++- drivers/gpu/drm/drm_debugfs.c | 4 ++-- drivers/gpu/drm/drm_drv.c | 3 +-- drivers/gpu/drm/drm_ioctl.c | 4

[PATCH v3 5/9] drm: protect magic_map, unique{_len} with master_lookup_lock

serialize access to drm_master.magic_map and drm_master.unique{_len} using drm_device.master_lookup_lock which is an inner lock. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 12 +++- drivers/gpu/drm/drm_ioctl.c | 10 ++ include/drm/drm_auth.h | 6

[PATCH v3 3/9] drm: check for null master in drm_is_current_master_locked

is non-NULl to guard against this scenario. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c index 8c0e0dba1611..f9267b21556e 100644 --- a/drivers/gpu/

[PATCH v3 4/9] drm: fix potential null ptr dereferences in drm_{auth, ioctl}

cking if the master pointers are NULL before use. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 16 ++-- drivers/gpu/drm/drm_ioctl.c | 5 + 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_

[PATCH v3 2/9] drm: hold master_lookup_lock when releasing a drm_file's master

When drm_file.master changes value, the corresponding drm_device.master_lookup_lock should be held. In drm_master_release, a call to drm_master_put sets the file_priv->master to NULL, so we protect this section with drm_device.master_lookup_lock. Signed-off-by: Desmond Cheong Zhi

[PATCH v3 1/9] drm: move master_lookup_lock into drm_device

drm_device allows us to use it for structures that are accessed by multiple drm_files, such as drm_master.magic_map. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 18 +- drivers/gpu/drm/drm_drv.c | 1 + drivers/gpu/drm/drm_file.c | 1 - include/drm

[PATCH v3 0/9] drm, kernel: update locking for DRM

nt drm_master_flush with task_work so that flushes can be queued to run before returning to userspace without creating a new DRM_MASTER_FLUSH ioctl flag. Best wishes, Desmond Desmond Cheong Zhi Xi (9): drm: move master_lookup_lock into drm_device drm: hold master_lookup_lock when releasing a drm_file&#

Re: [PATCH v2] drm: avoid races with modesetting rights

On 16/8/21 9:59 pm, Daniel Vetter wrote: On Mon, Aug 16, 2021 at 12:31 PM Desmond Cheong Zhi Xi wrote: On 16/8/21 5:04 pm, Daniel Vetter wrote: On Mon, Aug 16, 2021 at 10:53 AM Desmond Cheong Zhi Xi wrote: On 16/8/21 2:47 am, kernel test robot wrote: Hi Desmond, Thank you for the patch

Re: [PATCH v2] drm: avoid races with modesetting rights

On 16/8/21 5:04 pm, Daniel Vetter wrote: On Mon, Aug 16, 2021 at 10:53 AM Desmond Cheong Zhi Xi wrote: On 16/8/21 2:47 am, kernel test robot wrote: Hi Desmond, Thank you for the patch! Yet something to improve: [auto build test ERROR on next-20210813] [also build test ERROR on v5.14-rc5

Re: [PATCH v2] drm: avoid races with modesetting rights

, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Desmond-Cheong-Zhi-Xi/drm-avoid-races-with-modesetting-rights/20210815-2

Re: [PATCH v2] drm: avoid races with modesetting rights

git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Desmond-Cheong-Zhi-Xi/drm-avoid-races-with-modesetting-rights/20210815-2

[PATCH v2] drm: avoid races with modesetting rights

by: Daniel Vetter Signed-off-by: Desmond Cheong Zhi Xi --- Hi, I opted to leave the drm_master_unlock_and_flush helper out of this patch, but happy to add it in if it'd be useful. Imo, when comparing it with a mutex_unlock followed by drm_master_flush, it didn't add clarity. And since we d

Re: [PATCH 1/2] drm: avoid races with modesetting rights

On 13/8/21 11:49 pm, Daniel Vetter wrote: On Fri, Aug 13, 2021 at 04:54:49PM +0800, Desmond Cheong Zhi Xi wrote: In drm_client_modeset.c and drm_fb_helper.c, drm_master_internal_{acquire,release} are used to avoid races with DRM userspace. These functions hold onto drm_device.master_mutex while

[PATCH 0/2] drm: update the ioctl handler

() Thoughts and comments would be very appreciated. Link: https://lore.kernel.org/lkml/YN9kAFcfGoB13x7f@phenom.ffwll.local/ [1] Best wishes, Desmond Desmond Cheong Zhi Xi (2): drm: avoid races with modesetting rights drm: unexport drm_ioctl_permit drivers/gpu/drm/drm_auth.c | 17

[PATCH 2/2] drm: unexport drm_ioctl_permit

Since the last user of drm_ioctl_permit was removed, and it's now only used in drm_ioctl.c, unexport the symbol. Reported-by: Daniel Vetter Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_ioctl.c | 15 +-- include/drm/drm_ioctl.h | 1 - 2 files chang

[PATCH 1/2] drm: avoid races with modesetting rights

return to userspace. Reported-by: Daniel Vetter Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 17 ++--- drivers/gpu/drm/drm_client_modeset.c | 10 ++ drivers/gpu/drm/drm_drv.c| 2 ++ drivers/gpu/drm/drm_fb_helper.c

[RESEND PATCH v2 2/2] drm: add lockdep assert to drm_is_current_master_locked

ion is now convenient. So we add in the assertion and explain this lock design in the kerneldoc. Signed-off-by: Desmond Cheong Zhi Xi Acked-by: Boqun Feng Acked-by: Waiman Long Acked-by: Peter Zijlstra (Intel) --- drivers/gpu/drm/drm_auth.c | 6 +++--- include/drm/drm_file.h | 4 +++

[RESEND PATCH v2 1/2] locking/lockdep: Provide lockdep_assert{, _once}() helpers

Zijlstra (Intel) Signed-off-by: Desmond Cheong Zhi Xi Acked-by: Boqun Feng Acked-by: Waiman Long Acked-by: Peter Zijlstra (Intel) --- include/linux/lockdep.h | 41 + 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/include/linux/lockdep.h b

[RESEND PATCH v2 0/2] locking/lockdep, drm: apply new lockdep assert in drm_auth.c

in the use of lockdep_assert(). As suggested by Boqun Feng. Link: https://lore.kernel.org/lkml/20210722092929.244629-2-desmondcheon...@gmail.com/ [1] Best wishes, Desmond Desmond Cheong Zhi Xi (1): drm: add lockdep assert to drm_is_current_master_locked Peter Zijlstra (1): locking/lockdep: Provide l

Re: [PATCH v2 0/2] locking/lockdep, drm: apply new lockdep assert in drm_auth.c

On 2/8/21 4:26 pm, Daniel Vetter wrote: On Sat, Jul 31, 2021 at 04:24:56PM +0800, Desmond Cheong Zhi Xi wrote: Hi, Following a discussion on the patch ("drm: use the lookup lock in drm_is_current_master") [1], Peter Zijlstra proposed new lockdep_assert helpers to make it convenient

[PATCH v2 2/2] drm: add lockdep assert to drm_is_current_master_locked

ion is now convenient. So we add in the assertion and explain this lock design in the kerneldoc. Signed-off-by: Desmond Cheong Zhi Xi Acked-by: Boqun Feng Acked-by: Waiman Long --- drivers/gpu/drm/drm_auth.c | 6 +++--- include/drm/drm_file.h | 4 2 files changed, 7 insertions(+), 3

[PATCH v2 1/2] locking/lockdep: Provide lockdep_assert{, _once}() helpers

Zijlstra (Intel) Signed-off-by: Desmond Cheong Zhi Xi Acked-by: Boqun Feng Acked-by: Waiman Long --- include/linux/lockdep.h | 41 + 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 5cf3

[PATCH v2 0/2] locking/lockdep, drm: apply new lockdep assert in drm_auth.c

-desmondcheon...@gmail.com/ [1] Best wishes, Desmond Desmond Cheong Zhi Xi (1): drm: add lockdep assert to drm_is_current_master_locked Peter Zijlstra (1): locking/lockdep: Provide lockdep_assert{,_once}() helpers drivers/gpu/drm/drm_auth.c | 6 +++--- include/drm/drm_file.h | 4

Re: [PATCH 2/2] drm: add lockdep assert to drm_is_current_master_locked

On 30/7/21 2:08 pm, Boqun Feng wrote: On Fri, Jul 30, 2021 at 12:15:15PM +0800, Desmond Cheong Zhi Xi wrote: In drm_is_current_master_locked, accessing drm_file.master should be protected by either drm_file.master_lookup_lock or drm_device.master_mutex. This was previously awkward to assert

[PATCH] drm: clean up unused kerneldoc in drm_lease.c

summary retained to clarify that it's the leased objects that are returned, not the lease structure. drm_mode_revoke_lease_ioctl: Kerneldoc removed, but useful function details retained. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_lease.c | 131 +++---

[PATCH 2/2] drm: add lockdep assert to drm_is_current_master_locked

ion is now convenient so we add it in. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/drm_auth.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c index 9c24b8cc8e36..6f4d7ff23c80 100644 --- a/drive

[PATCH 1/2] locking/lockdep: Provide lockdep_assert{, _once}() helpers

Zijlstra (Intel) Signed-off-by: Desmond Cheong Zhi Xi --- include/linux/lockdep.h | 41 + 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 5cf387813754..9fe165beb0f9 100644 --- a/inclu

[PATCH 0/2] locking/lockdep, drm: apply new lockdep assert in drm_auth.c

n utilizes these helpers in drm_is_current_master_locked in the following patch. Link: https://lore.kernel.org/lkml/20210722092929.244629-2-desmondcheon...@gmail.com/ [1] Best wishes, Desmond Desmond Cheong Zhi Xi (1): drm: add lockdep assert to drm_is_current_master_locked Peter Zijlstra (1):

Re: [PATCH 1/3] drm: use the lookup lock in drm_is_current_master

On 29/7/21 3:00 pm, Daniel Vetter wrote: On Tue, Jul 27, 2021 at 04:37:22PM +0200, Peter Zijlstra wrote: On Thu, Jul 22, 2021 at 12:38:10PM +0200, Daniel Vetter wrote: On Thu, Jul 22, 2021 at 05:29:27PM +0800, Desmond Cheong Zhi Xi wrote: Inside drm_is_current_master, using the outer

[PATCH v3] drm: clarify usage of drm leases

g, and explains how leases work and why they're used. Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- v2 -> v3 (suggestions from Daniel Vetter): - Clarified that device owners are changed through SETMASTER or DROPMASTER IOCTL. - Removed unneccessary includes for d

Re: [PATCH v2 2/3] drm: clarify usage of drm leases

On 27/7/21 9:04 pm, Daniel Vetter wrote: On Sat, Jul 24, 2021 at 07:18:23PM +0800, Desmond Cheong Zhi Xi wrote: We make the following changes to the documentation of drm leases to make it easier to reason about their usage. In particular, we clarify the lifetime and locking rules of lease

[PATCH v2 3/3] drm/vmwgfx: fix potential UAF in vmwgfx_surface.c

ing drm_master_get with drm_file_get_master. Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter Reviewed-by: Zack Rusin --- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/

[PATCH v2 2/3] drm: clarify usage of drm leases

g, and explains how leases work and why they're used. 4. Clean up function documentation in drm_lease.c to use kernel-doc formatting. Signed-off-by: Desmond Cheong Zhi Xi --- Hi, After I updated the formatting for comments in drm_lease.c, I noticed that none of these were driver interfaces

[PATCH v2 1/3] drm: use the lookup lock in drm_is_current_master

Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_auth.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c index f00354bec3fb..9c24b8cc8e36 100644 --- a/drivers/gpu/drm

[PATCH v2 0/3] drm, drm/vmwgfx: fixes and updates related to drm_master

in drm_master with suggestions from Daniel Vetter. - Added an overview DOC: section for drm leases in drm-uapi.rst. - Cleaned up function documentation in drm_lease.c to use kernel-doc formatting. Best wishes, Desmond Desmond Cheong Zhi Xi (3): drm: use the lookup lock in drm_is_current_master

Re: [PATCH 3/3] drm/vmwgfx: fix potential UAF in vmwgfx_surface.c

On 23/7/21 3:17 am, Zack Rusin wrote: On 7/22/21 5:29 AM, Desmond Cheong Zhi Xi wrote: drm_file.master should be protected by either drm_device.master_mutex or drm_file.master_lookup_lock when being dereferenced. However, drm_master_get is called on unprotected file_priv->master pointers

Re: [PATCH 2/3] drm: clarify lifetime/locking for drm_master's lease fields

On 22/7/21 6:35 pm, Daniel Vetter wrote: On Thu, Jul 22, 2021 at 05:29:28PM +0800, Desmond Cheong Zhi Xi wrote: In particular, we make it clear that &drm_device.mode_config.idr_mutex protects the lease idr and list structures for drm_master. The lessor field itself doesn't need to be

Re: [PATCH v8 0/5] drm: address potential UAF bugs with drm_master ptrs

On 21/7/21 9:23 pm, Daniel Vetter wrote: On Wed, Jul 21, 2021 at 2:44 PM Desmond Cheong Zhi Xi wrote: On 21/7/21 6:29 pm, Daniel Vetter wrote: On Wed, Jul 21, 2021 at 6:12 AM Desmond Cheong Zhi Xi wrote: On 21/7/21 2:24 am, Daniel Vetter wrote: On Mon, Jul 12, 2021 at 12:35:03PM +0800

[PATCH 3/3] drm/vmwgfx: fix potential UAF in vmwgfx_surface.c

ing drm_master_get with drm_file_get_master. Signed-off-by: Desmond Cheong Zhi Xi --- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index 0eba47762

[PATCH 2/3] drm: clarify lifetime/locking for drm_master's lease fields

for the lifetime of lessors and leases to make it easier to reason about them. Signed-off-by: Desmond Cheong Zhi Xi --- include/drm/drm_auth.h | 62 ++ 1 file changed, 51 insertions(+), 11 deletions(-) diff --git a/include/drm/drm_auth.h b/include/d

  1   2   >