From patchwork Wed Oct 19 10:11:41 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chris Wilson X-Patchwork-Id: 9383793 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 470C360487 for ; Wed, 19 Oct 2016 10:12:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A07629903 for ; Wed, 19 Oct 2016 10:12:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2F17D29909; Wed, 19 Oct 2016 10:12:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E615229903 for ; Wed, 19 Oct 2016 10:12:18 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id A59386E8B9; Wed, 19 Oct 2016 10:12:08 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mail-wm0-x241.google.com (mail-wm0-x241.google.com [IPv6:2a00:1450:400c:c09::241]) by gabe.freedesktop.org (Postfix) with ESMTPS id 2EC7C6E8A7 for ; Wed, 19 Oct 2016 10:12:01 +0000 (UTC) Received: by mail-wm0-x241.google.com with SMTP id f193so3210096wmg.0 for ; Wed, 19 Oct 2016 03:12:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=kMiadMmk9p45PCzI+XxMS579bkGccsceca83No/1ltQ=; b=p2OpdOe2hiWgogkBao05VA8kESpCFIX+M+6pPSiocs+WI1KlrVHLHpHjWFDRvosMoc NKUf5dXigzZ9Qbudp4ry/0Jr2HAtqCpgxfgkAhFn0TLv+TPgazZzDZgoAN+FFjQjH7tp /YKKdekZL5yNP8QV7BY4IM1ru0BDZ0mARKJrgYRxu3vAes+tcNHyQH79ecTpeXygdcG/ 65TavLSCphbUhyVmvCRb12Fps9RaQ8JZgKg8Yk/Pv2s4iAR+lheGRZelRsKKQn9be2LS CZo8mI2DTKrZ2R2BwzTahbgMAr5gkKeokvEA3kolWt3eqKQ1Vh1i6jRCpUSi6RQYC9uD QoiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=kMiadMmk9p45PCzI+XxMS579bkGccsceca83No/1ltQ=; b=VeXiOwxpuQKxb0vL9PmZjwjMqyqM2f3uM4lOPT9AFnXtancwE6mXgNtGde38whwP0D Lw6Tv3g8MDotiY+N1Ku1hy0I/zPDyGGzm0sYH2ULyUU6UPyN6C67N0EmYlpcrsk06BiP IaoFvwAqXZt7ztqbM+3jj9RRxtZ57bGs+eYmpmwy203A3qfcl6xuV0U4vflHlYnX6uEQ XncCpsAAB5Bzt80isPBiHtBo61dGPO0pbRxtxpytX87QGqWxdZ6CtsYgSRVnOk+clcUS GaRICLva7k6FJ1Vv7s32cUi4r8U+4aBbTHyxCGk9Z5UQ92sur03h27Mqrv9LzmS0a9HB djtw== X-Gm-Message-State: AA6/9Rn6faoi6X52VTnaFwgSO/dZFNVGB4o6oNpka4imGmIbTv21X4jHD2CeNxjOBWIOhA== X-Received: by 10.28.19.131 with SMTP id 125mr4401810wmt.133.1476871919396; Wed, 19 Oct 2016 03:11:59 -0700 (PDT) Received: from haswell.alporthouse.com ([78.156.65.138]) by smtp.gmail.com with ESMTPSA id hb5sm67691158wjc.5.2016.10.19.03.11.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Oct 2016 03:11:58 -0700 (PDT) From: Chris Wilson To: intel-gfx@lists.freedesktop.org Date: Wed, 19 Oct 2016 11:11:41 +0100 Message-Id: <20161019101147.17342-7-chris@chris-wilson.co.uk> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20161019101147.17342-1-chris@chris-wilson.co.uk> References: <20161019101147.17342-1-chris@chris-wilson.co.uk> Subject: [Intel-gfx] [PATCH 06/12] drm/i915/gvt: Remove dangerous unpin of backing storage of bound GPU object X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP Unpinning the pages prior to the object being release from the GPU may allow the GPU to read and write into system pages (i.e. use after free by the hw). Signed-off-by: Chris Wilson --- drivers/gpu/drm/i915/gvt/execlist.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/execlist.c b/drivers/gpu/drm/i915/gvt/execlist.c index cfdd3ae13fb0..b79d148a4e32 100644 --- a/drivers/gpu/drm/i915/gvt/execlist.c +++ b/drivers/gpu/drm/i915/gvt/execlist.c @@ -404,7 +404,11 @@ static void prepare_shadow_batch_buffer(struct intel_vgpu_workload *workload) gvt_err("Cannot pin\n"); return; } - i915_gem_object_unpin_pages(entry_obj->obj); + + /* FIXME: we are not tracking our pinned VMA leaving it + * up to the core to fix up the stray pin_count upon + * free. + */ /* update the relocate gma with shadow batch buffer*/ set_gma_to_bb_cmd(entry_obj, @@ -454,7 +458,11 @@ static void prepare_shadow_wa_ctx(struct intel_shadow_wa_ctx *wa_ctx) gvt_err("Cannot pin indirect ctx obj\n"); return; } - i915_gem_object_unpin_pages(wa_ctx->indirect_ctx.obj); + + /* FIXME: we are not tracking our pinned VMA leaving it + * up to the core to fix up the stray pin_count upon + * free. + */ wa_ctx->indirect_ctx.shadow_gma = i915_ggtt_offset(vma);