Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Wed, 4 Sep 2024 12:03:24 +0200 Simona Vetter wrote: > On Wed, Sep 04, 2024 at 11:46:54AM +0200, Simona Vetter wrote: > > On Wed, Sep 04, 2024 at 09:40:36AM +0200, Christian König wrote: > > > Am 03.09.24 um 10:13 schrieb Simona Vetter: > > > > [SNIP] > > > > > > So I think the issue is m

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Wed, 4 Sep 2024 11:46:54 +0200 Simona Vetter wrote: > On Wed, Sep 04, 2024 at 09:40:36AM +0200, Christian König wrote: > > Am 03.09.24 um 10:13 schrieb Simona Vetter: > > > [SNIP] > > > > > So I think the issue is much, much bigger, and there's more. And the > > > > > issue is I think a fu

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Wed, Sep 04, 2024 at 11:46:54AM +0200, Simona Vetter wrote: > On Wed, Sep 04, 2024 at 09:40:36AM +0200, Christian König wrote: > > Am 03.09.24 um 10:13 schrieb Simona Vetter: > > > [SNIP] > > > > > So I think the issue is much, much bigger, and there's more. And the > > > > > issue is I think a

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Wed, Sep 04, 2024 at 09:40:36AM +0200, Christian König wrote: > Am 03.09.24 um 10:13 schrieb Simona Vetter: > > [SNIP] > > > > So I think the issue is much, much bigger, and there's more. And the > > > > issue is I think a fundamental design issue of dma_fence itself, not > > > > individual user

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

Am 03.09.24 um 10:13 schrieb Simona Vetter: [SNIP] So I think the issue is much, much bigger, and there's more. And the issue is I think a fundamental design issue of dma_fence itself, not individual users. IIRC both Alex and me pointed out this issue on the very first dma_fence code and nobody

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Mon, Sep 02, 2024 at 04:18:33PM +0200, Christian König wrote: > Am 02.09.24 um 15:23 schrieb Daniel Vetter: > > On Mon, Sep 02, 2024 at 12:43:45PM +0200, Christian König wrote: > > > Am 30.08.24 um 23:43 schrieb Matthew Brost: > > > > On Fri, Aug 30, 2024 at 10:14:18AM +0200, Christian König wro

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

Am 02.09.24 um 15:23 schrieb Daniel Vetter: On Mon, Sep 02, 2024 at 12:43:45PM +0200, Christian König wrote: Am 30.08.24 um 23:43 schrieb Matthew Brost: On Fri, Aug 30, 2024 at 10:14:18AM +0200, Christian König wrote: Am 29.08.24 um 19:12 schrieb Boris Brezillon: dma_fence objects created by

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Mon, Sep 02, 2024 at 12:43:45PM +0200, Christian König wrote: > Am 30.08.24 um 23:43 schrieb Matthew Brost: > > On Fri, Aug 30, 2024 at 10:14:18AM +0200, Christian König wrote: > > > Am 29.08.24 um 19:12 schrieb Boris Brezillon: > > > > dma_fence objects created by an entity might outlive the >

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

Am 30.08.24 um 23:43 schrieb Matthew Brost: On Fri, Aug 30, 2024 at 10:14:18AM +0200, Christian König wrote: Am 29.08.24 um 19:12 schrieb Boris Brezillon: dma_fence objects created by an entity might outlive the drm_gpu_scheduler this entity was bound to if those fences are retained by other ot

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Fri, 30 Aug 2024 21:43:44 + Matthew Brost wrote: > On Fri, Aug 30, 2024 at 10:14:18AM +0200, Christian König wrote: > > Am 29.08.24 um 19:12 schrieb Boris Brezillon: > > > dma_fence objects created by an entity might outlive the > > > drm_gpu_scheduler this entity was bound to if those f

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Fri, Aug 30, 2024 at 10:14:18AM +0200, Christian König wrote: > Am 29.08.24 um 19:12 schrieb Boris Brezillon: > > dma_fence objects created by an entity might outlive the > > drm_gpu_scheduler this entity was bound to if those fences are retained > > by other other objects, like a dma_buf resv.

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

Am 30.08.24 um 11:37 schrieb Boris Brezillon: Hi Christian, On Fri, 30 Aug 2024 10:14:18 +0200 Christian König wrote: Am 29.08.24 um 19:12 schrieb Boris Brezillon: dma_fence objects created by an entity might outlive the drm_gpu_scheduler this entity was bound to if those fences are retained

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

On Fri, 30 Aug 2024 11:37:21 +0200 Boris Brezillon wrote: > > > With the introduction of a new model where each entity has its own > > > drm_gpu_scheduler instance, this situation is likely to happen every time > > > a GPU context is destroyed and some of its fences remain attached to > > > dma_b

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

Hi Christian, On Fri, 30 Aug 2024 10:14:18 +0200 Christian König wrote: > Am 29.08.24 um 19:12 schrieb Boris Brezillon: > > dma_fence objects created by an entity might outlive the > > drm_gpu_scheduler this entity was bound to if those fences are retained > > by other other objects, like a dma_

Re: [RFC PATCH] drm/sched: Fix a UAF on drm_sched_fence::sched

Am 29.08.24 um 19:12 schrieb Boris Brezillon: dma_fence objects created by an entity might outlive the drm_gpu_scheduler this entity was bound to if those fences are retained by other other objects, like a dma_buf resv. This means that drm_sched_fence::sched might be invalid when the resv is walk