Re: [PATCH] drm: Add the mutex protection in drm_do_vm_fault.
On Sat, Oct 12, 2013 at 1:47 AM, Jun Chen wrote: > > There are no mutex protection for the dev->map_hash while calling > the drm_ht_find_item in the function drm_do_vm_fault. So try to > mutex firstly and then find the list for using to avoid this race > condition. Can I ask how or why you found this? from what I can see we really shouldn't be executing this code on modern drivers. this is the sort of thing I'd really like to have tested on real hw, which means someone booting it on AGP using UMS drivers I think. Dave. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] drm: Add the mutex protection in drm_do_vm_fault.
On Sat, Oct 12, 2013 at 1:47 AM, Jun Chen jun.d.c...@intel.com wrote: There are no mutex protection for the dev-map_hash while calling the drm_ht_find_item in the function drm_do_vm_fault. So try to mutex firstly and then find the list for using to avoid this race condition. Can I ask how or why you found this? from what I can see we really shouldn't be executing this code on modern drivers. this is the sort of thing I'd really like to have tested on real hw, which means someone booting it on AGP using UMS drivers I think. Dave. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] drm: Add the mutex protection in drm_do_vm_fault.
There are no mutex protection for the dev->map_hash while calling
the drm_ht_find_item in the function drm_do_vm_fault. So try to
mutex firstly and then find the list for using to avoid this race
condition.
Signed-off-by: Chen Jun
---
drivers/gpu/drm/drm_vm.c | 11 +--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_vm.c b/drivers/gpu/drm/drm_vm.c
index b5c5af7..1d95221 100644
--- a/drivers/gpu/drm/drm_vm.c
+++ b/drivers/gpu/drm/drm_vm.c
@@ -107,8 +107,11 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
if (!dev->agp || !dev->agp->cant_use_aperture)
goto vm_fault_error;
- if (drm_ht_find_item(>map_hash, vma->vm_pgoff, ))
+ mutex_lock(>struct_mutex);
+ if (drm_ht_find_item(>map_hash, vma->vm_pgoff, )) {
+ mutex_unlock(>struct_mutex);
goto vm_fault_error;
+ }
r_list = drm_hash_entry(hash, struct drm_map_list, hash);
map = r_list->map;
@@ -140,8 +143,10 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
break;
}
- if (>head == >agp->memory)
+ if (>head == >agp->memory) {
+ mutex_unlock(>struct_mutex);
goto vm_fault_error;
+ }
/*
* Get the page, inc the use count, and return it
@@ -151,6 +156,7 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
get_page(page);
vmf->page = page;
+ mutex_unlock(>struct_mutex);
DRM_DEBUG
("baddr = 0x%llx page = 0x%p, offset = 0x%llx, count=%d\n",
(unsigned long long)baddr,
@@ -159,6 +165,7 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
page_count(page));
return 0;
}
+ mutex_unlock(>struct_mutex);
vm_fault_error:
return VM_FAULT_SIGBUS; /* Disallow mremap */
}
--
1.7.4.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] drm: Add the mutex protection in drm_do_vm_fault.
There are no mutex protection for the dev-map_hash while calling
the drm_ht_find_item in the function drm_do_vm_fault. So try to
mutex firstly and then find the list for using to avoid this race
condition.
Signed-off-by: Chen Jun jun.d.c...@intel.com
---
drivers/gpu/drm/drm_vm.c | 11 +--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_vm.c b/drivers/gpu/drm/drm_vm.c
index b5c5af7..1d95221 100644
--- a/drivers/gpu/drm/drm_vm.c
+++ b/drivers/gpu/drm/drm_vm.c
@@ -107,8 +107,11 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
if (!dev-agp || !dev-agp-cant_use_aperture)
goto vm_fault_error;
- if (drm_ht_find_item(dev-map_hash, vma-vm_pgoff, hash))
+ mutex_lock(dev-struct_mutex);
+ if (drm_ht_find_item(dev-map_hash, vma-vm_pgoff, hash)) {
+ mutex_unlock(dev-struct_mutex);
goto vm_fault_error;
+ }
r_list = drm_hash_entry(hash, struct drm_map_list, hash);
map = r_list-map;
@@ -140,8 +143,10 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
break;
}
- if (agpmem-head == dev-agp-memory)
+ if (agpmem-head == dev-agp-memory) {
+ mutex_unlock(dev-struct_mutex);
goto vm_fault_error;
+ }
/*
* Get the page, inc the use count, and return it
@@ -151,6 +156,7 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
get_page(page);
vmf-page = page;
+ mutex_unlock(dev-struct_mutex);
DRM_DEBUG
(baddr = 0x%llx page = 0x%p, offset = 0x%llx, count=%d\n,
(unsigned long long)baddr,
@@ -159,6 +165,7 @@ static int drm_do_vm_fault(struct vm_area_struct *vma,
struct vm_fault *vmf)
page_count(page));
return 0;
}
+ mutex_unlock(dev-struct_mutex);
vm_fault_error:
return VM_FAULT_SIGBUS; /* Disallow mremap */
}
--
1.7.4.1
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
