Re: [Freedreno] [PATCH 2/2] drm/msm: protect against faults from copy_from_user() in submit ioctl

On Sun, Aug 28, 2016 at 12:53 PM, Daniel Vetter wrote: > On Sun, Aug 28, 2016 at 12:43:46PM -0400, Rob Clark wrote: >> On Tue, Aug 23, 2016 at 2:03 AM, Daniel Vetter wrote: >> > On Mon, Aug 22, 2016 at 03:38:05PM -0400, Rob Clark wrote: >> >> An evil userspace could try to cause deadlock by passi

Re: [Freedreno] [PATCH 2/2] drm/msm: protect against faults from copy_from_user() in submit ioctl

On Sun, Aug 28, 2016 at 12:43:46PM -0400, Rob Clark wrote: > On Tue, Aug 23, 2016 at 2:03 AM, Daniel Vetter wrote: > > On Mon, Aug 22, 2016 at 03:38:05PM -0400, Rob Clark wrote: > >> An evil userspace could try to cause deadlock by passing an unfaulted-in > >> GEM bo as submit->bos (or submit->cmd

Re: [Freedreno] [PATCH 2/2] drm/msm: protect against faults from copy_from_user() in submit ioctl

On Tue, Aug 23, 2016 at 2:03 AM, Daniel Vetter wrote: > On Mon, Aug 22, 2016 at 03:38:05PM -0400, Rob Clark wrote: >> An evil userspace could try to cause deadlock by passing an unfaulted-in >> GEM bo as submit->bos (or submit->cmds) table. Which will trigger >> msm_gem_fault() while we already h

Re: [Freedreno] [PATCH 2/2] drm/msm: protect against faults from copy_from_user() in submit ioctl

On Mon, Aug 22, 2016 at 03:38:05PM -0400, Rob Clark wrote: > An evil userspace could try to cause deadlock by passing an unfaulted-in > GEM bo as submit->bos (or submit->cmds) table. Which will trigger > msm_gem_fault() while we already hold struct_mutex. See: > > https://github.com/freedreno/ms