From patchwork Sun Nov 6 15:47:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dawei Li X-Patchwork-Id: 13033491 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 40E81C4332F for ; Sun, 6 Nov 2022 15:48:05 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id A92FF10E00F; Sun, 6 Nov 2022 15:48:03 +0000 (UTC) Received: from JPN01-TYC-obe.outbound.protection.outlook.com (mail-tycjpn01olkn2099.outbound.protection.outlook.com [40.92.99.99]) by gabe.freedesktop.org (Postfix) with ESMTPS id ADB8510E00F for ; Sun, 6 Nov 2022 15:48:01 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L+MnsyrCAcDdgWwBWDnlSIKtN8N4nh6TQLSjfAlNv5+4mFXEZHqufN9KxesZgTz7UpPiSoR/w8FmDVSSUlVf5UnGVhSFRqfKZ/30PI8d5ZY3rmJd083y6rD3iPyhg+YFrqvDIbXryBnXra5dkcgClofK/Bo6j2c31UWDhmkmjnt7fV5VM5gm9zLeM9/HKYiSuiEpf/BC5VqFw8+g+1o95WgbfX6yFLovGUtaa+8e2LNr/wZgJHAGQSWeoe7CWWEpJOCddSlA3GrStGvSAn5FEj9pg7qOrKpq1uTwBiDGvqLdH41vIU2E2G4pDyJ1TaljuHlsUKRIUg+1qEMIYQPIpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QRTDjs2u8sLTTR48R70oqietJp96ueeU5YjoPlA97Hk=; b=DAe5hgiil74FgzNQVlYx32BGy9xoNKoYqVgJsyDxANGVIlfYDNpLwg35o+NgrZEzRo4LoyFvlkxtnerMxGvf+pBMslabWuJch+ei6HddxrfR8PxBnlUy/qvuzHMf03Yh0ghD0DIjKN7jF8PzVWGKI5uexILdSj409aPS4Z5ypT5EjEey2J/7zzWGRCkGoCWxp5wEfn6z/67xBRBlkGAuZs+M2wbFuh6XGRq0WcxXj4Ydi5HUUkw0y3S02TbG/Q8OLxEHTVNm9VJT6kcNGW4Z7brxOPx0ABuG7KDxOx7pE3tzmDUtwimu3J+Xgf5usuL20mIKkbjN5hlo8xq9xGBtCA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QRTDjs2u8sLTTR48R70oqietJp96ueeU5YjoPlA97Hk=; b=WE6UbkJ6PSVEtTIuMV1JPV7O2uyEvw9EiIIEo6iuzKMP2PfcACsAGDWNhgkl67th9pZkpq7hzlEe3pgZuRi/kQ9DTyJktvrtmSVKpa3GbJnPNKze8s5v5G7c2J0lgFEiiQK0DNEMYD3uwfYa+jozfAgyWg+6fZDFA1iZeKKsqI2PIsRJ394jcKyrfKxmwztcctJL6MEbeFhmv899fD9GVArG6H5h6dXsrF5YY8LzZJQ1zFaVle6MMPm9T6Wpcv9o5T91AiNVCCKdInqjBgud8LVzhCkYYsklQ6hJigoxyMiT49y1At0ZqS9HLzunu9v88t1A/L1O+3csfK2sLyLspg== Received: from TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:152::9) by TYCP286MB2416.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:17d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.25; Sun, 6 Nov 2022 15:47:58 +0000 Received: from TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM ([fe80::c90e:cbf3:c23d:43a5]) by TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM ([fe80::c90e:cbf3:c23d:43a5%9]) with mapi id 15.20.5791.025; Sun, 6 Nov 2022 15:47:58 +0000 From: Dawei Li To: zackr@vmware.com, airlied@gmail.com, daniel@ffwll.ch Subject: [PATCH v2] drm/vmwgfx: Protect pin_user_pages with mmap_lock Date: Sun, 6 Nov 2022 23:47:36 +0800 Message-ID: X-Mailer: git-send-email 2.25.1 X-TMN: [VGGibGjGkpg7UT7/c+36S57z9jitl/mJ] X-ClientProxiedBy: SG2PR06CA0200.apcprd06.prod.outlook.com (2603:1096:4:1::32) To TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:152::9) X-Microsoft-Original-Message-ID: <20221106154736.2531922-1-set_pte_at@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TYCP286MB2323:EE_|TYCP286MB2416:EE_ X-MS-Office365-Filtering-Correlation-Id: b0807d59-c6f6-4d80-ccec-08dac00e473a X-MS-Exchange-SLBlob-MailProps: ymJijV9pwJmAfsszP5iRwe6T3KVknaQSMQ/5HCy0tWeLtYQ/FAV0bsqm26PUCGTrg5MaePZEvxSJygGKnizJDAxR07jfRaomqefxxic1QTwDrxvyIjAVTC9jYglpaCpi8G+5EPc3Ehzc4RbLbCEMA27EAQmJYH1XTS9061tF5rLMzucsw3huK/auQ6h44BgG8EXteJkildAMJPJAonzxHBgABaE/rGGd66xREj6UQMc8+bVrEUYnKpfKnRHihGJ7migZ0sHyy6ha9qYXCkQvudHDnEPP0UXalZJE7Fr9Z+9HCSc6XlyHIvGEIWb5ZYktp3TdkxDKrVGCaTZtjfaTBvStBU2K7RMHdaZFO1mugg4vTX2ExU73ZoLgMWA+5T3esoq1wBrHuQ+QxKgi1Talaj76XtROdP9PyCLaREX8aHVZM72Arp9+CH40P2rTfRJKxR6TM/Ilww2E9RfyRUx+twPPeX2cZ0UtmJUgm6oun0/kuGCEp2xiD986KwJo0PO7nhrroF4q4uVJrMGggImc0WPdLMse53b0y1fdvWAAF+ux8m8m+vFaxFF7SFqhwDLaircCQhdZEqa+me/YJuZh2e14uQR0VMSz3pe//+eah4vSdK+/x6eNoCQ7bItUePu1d486cadLCCPYGQ1rbQjep21qPxUkarlz/DL71vmOjb7yZtc0z+5s31HcnFEsEhJmC1Lm9YL2TUCPrmfzQ30XP4ytdiBYnGYgS8fKJ5sVgkAdR4vP7UBGSm5JA3HXVz+rF26p8ahTWjCxXjDQuikbtIdzX0uAb5rzNWzw/Dnti1Ga9u8eh5hgL6puJVPxuCPO X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vXUuBCXeBxWJoG2+UVXqst7OkfW7nYq3/NDYWdRK7T1RPPmfCvnyI5yx/FBs1CsXdpG8FK0D8rVB1cf2JfTjPH1adt7wOdY5oi+01M80xs37TqHKeYzaGAY9tObn36cn5Sfuqxq5h/cb297TZW82O6Bc0CrFzafsuHgGPm4VjV4a4amnFl98vpV1WFyL58CFSmnKSMRMhFy0476iM8DxzWNZQP0jy8vw4gqWqsnzB+DU0T3w9DhVrtgyfQ+RrJPGf3s6bDTXkl/eq/7yfnjkZPqBjPI+z4ZxwduLAIRR5UQH0IFKa2GIlZD/M+qaJXFxz8KvVbtoTelpZQmUOwDgtuycaLWBAQW0ntDTCu5Augbompau+CTUCwxzZEBp+ArWD0iasYv7rHKTDl/2f7C3iJQoTE89ZuIkUbN+z71ZZ9y1sFgYBuhqrmpkezN08rWYdaf6ExsV7bmFf/jCkoPe7aeBjNCeR93XqfAtJMdpVsI5AAgkF5C9laAlsOlHOiA02hO2LbiSbvQjPmjY/ytA0mkv/CjD+ThZ4AtlAtN6tj947B0TLhmas+6kHMObif1BEAUM4pkSWYSprAKraRnwLWDTgbBDRnCkUxMxbol0g1RV7LXi/ZR+0vcs80H86zcgzDRnD6tL3SrBBAf/s2Aq+LAs/f8RhcRjss1xuRVnTm42govBry55EZDszfgJXdRb X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: RiJ1uBxVxUOIk105UrdW4t/k/P7yCo0dz5o4OzI6uyx+R7s0/7oecaPqMDjWxVbmaNH6D1ShshW/nXNQfz3K2jpk21hD/QNKzIKF8oH4X/p8DJdQ0YOQ0spKsosOcUbcBohvTf6lwMpjULM6irn0WI9TC6u94ESyYuf8PZ/2h5wJQdoaFDSmBmS1/Pa477ejNPLHkya76u+qR8uAbBAUZzxawAXF1LmbS60RPFfxORtOu/oAPe9elNeeldoUaUzxpwoY5tcDY+nX6ORc3y6qx5nmQtV4xCKOwJYzrkjjznuokgNz4Id/U+o3IlbM75KhMOO1j9QUG2mzNs4HyU43AjnZNSDV/J/rWTyHDKVqzRyMs93fT2kFlvfb+GUrkByZos8gWVk1ch6xEPDy2pMNsmOI4DgD3YstlOtYRlHMlGXHY8iK197IrWNFJRb8IYYKeIw+H8UV+UhBqJDKrdvO4JN9RviXa1X8wtF2at9VKnOWGRASi3FKxCRL20ArGFiTXG1soNfXf2/pnlj6ROQUdVimeHFdNU1StpnFms91j/7om8PtScUsh28Rcaep7RXbLO2LIuInAYQZ1b92BOPmUmA52XEM1Ua++bdU5Agh3U0yGZnd/UVyZ05hLJeMboestvGEOEH6RVDhaOI7obKbkg2z+0OL5qL+gThryaIx0nLRisaeBdzGGZyP6z0wAGL5tbCAf9TMBZDEQx7uURVsZ6hJYHFM9oRNHexXczTAhuA4n9dzOfaFKrUqNiOoQ2VTgjEDv/FPBtCCmbuFtimSKHFEvivTgcG5RJJPnxBrqvCmLQKNwsR0ncPhu+hp+HfCz/wD/4Pk4ohYO882UU9MjVSp6KB1Dks3/9vOe2xiBT23piq7drxzBXIYuDfqazDS96FWF5SbTeKvCJfQawvfvhG0hlMf7LkJmOGFOEotQCVRigaS55fTQjkvxm/EN6NOWh0/VFrEun7llmF8Zb2sod/ILnEC79SMRFWBWOLlVko3hbkhQI1OBGFet0bkNGjRZ86F7hfIDH7/goWPSNu9sJsS3ZF50/8/cSRCMxbQJ9oJskbDa+tMLYa7WWhfukX3LdahZqNnJnaXXz/bj0FBQ1y0U+nWyD1vJX44GMVj4uH5mWQ80/sBk3LMDX+HsK/GWCemdRGDdSdB6tf4+8SH4UYLLKvJl2e5eslfrVGfrD0nIwcq/loaphtcbmAYL4uNLZnNB27Fj9SeahY31paFv6BFJX15ehfTvsJrhvgWhXMLSbqtanhRhZ7rJ+VbQYV+srvovcQqoyMGK28jzHHGIA== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0807d59-c6f6-4d80-ccec-08dac00e473a X-MS-Exchange-CrossTenant-AuthSource: TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2022 15:47:58.6102 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYCP286MB2416 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: krastevm@vmware.com, Dawei Li , linux-graphics-maintainer@vmware.com, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" This patch includes changes below: 1) pin_user_pages() is unsafe without protection of mmap_lock, fix it by calling mmap_read_lock() & mmap_read_unlock(). 2) fix & refactor the incorrect exception handling procedure in vmw_mksstat_add_ioctl(). Fixes: 7a7a933edd6c ("drm/vmwgfx: Introduce VMware mks-guest-stats") Signed-off-by: Dawei Li --- v1: https://lore.kernel.org/all/TYCP286MB23235C9A9FCF85C045F95EA7CA4F9@TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM/ v1->v2: Rebased to latest vmwgfx/drm-misc-fixes --- drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c index 089046fa21be..ec40a3364e0a 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c @@ -1020,9 +1020,9 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data, const size_t num_pages_info = PFN_UP(arg->info_len); const size_t num_pages_strs = PFN_UP(arg->strs_len); long desc_len; - long nr_pinned_stat; - long nr_pinned_info; - long nr_pinned_strs; + long nr_pinned_stat = 0; + long nr_pinned_info = 0; + long nr_pinned_strs = 0; struct page *pages_stat[ARRAY_SIZE(pdesc->statPPNs)]; struct page *pages_info[ARRAY_SIZE(pdesc->infoPPNs)]; struct page *pages_strs[ARRAY_SIZE(pdesc->strsPPNs)]; @@ -1084,28 +1084,33 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data, reset_ppn_array(pdesc->infoPPNs, ARRAY_SIZE(pdesc->infoPPNs)); reset_ppn_array(pdesc->strsPPNs, ARRAY_SIZE(pdesc->strsPPNs)); + /* pin_user_pages() needs protection of mmap_lock */ + mmap_read_lock(current->mm); + /* Pin mksGuestStat user pages and store those in the instance descriptor */ nr_pinned_stat = pin_user_pages(arg->stat, num_pages_stat, FOLL_LONGTERM, pages_stat, NULL); if (num_pages_stat != nr_pinned_stat) - goto err_pin_stat; + goto __err_pin_pages; for (i = 0; i < num_pages_stat; ++i) pdesc->statPPNs[i] = page_to_pfn(pages_stat[i]); nr_pinned_info = pin_user_pages(arg->info, num_pages_info, FOLL_LONGTERM, pages_info, NULL); if (num_pages_info != nr_pinned_info) - goto err_pin_info; + goto __err_pin_pages; for (i = 0; i < num_pages_info; ++i) pdesc->infoPPNs[i] = page_to_pfn(pages_info[i]); nr_pinned_strs = pin_user_pages(arg->strs, num_pages_strs, FOLL_LONGTERM, pages_strs, NULL); if (num_pages_strs != nr_pinned_strs) - goto err_pin_strs; + goto __err_pin_pages; for (i = 0; i < num_pages_strs; ++i) pdesc->strsPPNs[i] = page_to_pfn(pages_strs[i]); + mmap_read_unlock(current->mm); + /* Send the descriptor to the host via a hypervisor call. The mksGuestStat pages will remain in use until the user requests a matching remove stats or a stats reset occurs. */ @@ -1120,15 +1125,15 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data, return 0; -err_pin_strs: +__err_pin_pages: + mmap_read_unlock(current->mm); + if (nr_pinned_strs > 0) unpin_user_pages(pages_strs, nr_pinned_strs); -err_pin_info: if (nr_pinned_info > 0) unpin_user_pages(pages_info, nr_pinned_info); -err_pin_stat: if (nr_pinned_stat > 0) unpin_user_pages(pages_stat, nr_pinned_stat);