[2/2] dma-buf: taint the kernel on sw_sync use

Message ID	20210818105443.1578-2-christian.koenig@amd.com
State	New
Headers	show Return-Path: <linux-media-owner@kernel.org> From: "=?UTF-8?q?Christian=20K=C3=B6nig?=" <ckoenig.leichtzumerken@gmail.com> To: hridya@google.com, john.stultz@linaro.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, gustavo@padovan.org, linux-media@vger.kernel.org, adelva@google.com, sspatil@google.com, daniel@ffwll.ch Subject: [PATCH 2/2] dma-buf: taint the kernel on sw_sync use Date: Wed, 18 Aug 2021 12:54:43 +0200 Message-Id: <20210818105443.1578-2-christian.koenig@amd.com> In-Reply-To: <20210818105443.1578-1-christian.koenig@amd.com> References: <20210818105443.1578-1-christian.koenig@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [2/2] dma-buf: taint the kernel on sw_sync use

Message ID

20210818105443.1578-2-christian.koenig@amd.com

State

New

Headers

From: "=?UTF-8?q?Christian=20K=C3=B6nig?=" 
	<ckoenig.leichtzumerken@gmail.com>
To: hridya@google.com, john.stultz@linaro.org,
	dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
	gustavo@padovan.org, linux-media@vger.kernel.org,
	adelva@google.com, sspatil@google.com, daniel@ffwll.ch
Subject: [PATCH 2/2] dma-buf: taint the kernel on sw_sync use
Date: Wed, 18 Aug 2021 12:54:43 +0200
Message-Id: <20210818105443.1578-2-christian.koenig@amd.com>
In-Reply-To: <20210818105443.1578-1-christian.koenig@amd.com>
References: <20210818105443.1578-1-christian.koenig@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

None | expand

Commit Message

Christian König Aug. 18, 2021, 10:54 a.m. UTC

As we now knew allowing userspace control over dma_fence synchronization
is fundamentally broken and can cause deadlocks inside the kernel memory
management.

Because of this harden the wording for CONFIG_SW_SYNC and taint the kernel
as soon as it is used.

Signed-off-by: Christian König <christian.koenig@amd.com>
---
 drivers/dma-buf/Kconfig   | 5 +++--
 drivers/dma-buf/sw_sync.c | 5 ++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/dma-buf/Kconfig b/drivers/dma-buf/Kconfig
index 9561e3d2d428..61e0f3c5ba8b 100644
--- a/drivers/dma-buf/Kconfig
+++ b/drivers/dma-buf/Kconfig
@@ -27,8 +27,9 @@  config SW_SYNC
 	  synchronization.  Useful when there is no hardware primitive backing
 	  the synchronization.
 
-	  WARNING: improper use of this can result in deadlocking kernel
-	  drivers from userspace. Intended for test and debug only.
+	  WARNING: improper use of this can result in deadlocking the kernel
+	  memory management from userspace. Intended for test and debug only.
+	  Use at your own risk.
 
 config UDMABUF
 	bool "userspace dmabuf misc driver"
diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c
index 348b3a9170fa..c2bcb9062f51 100644
--- a/drivers/dma-buf/sw_sync.c
+++ b/drivers/dma-buf/sw_sync.c
@@ -286,7 +286,8 @@  static struct sync_pt *sync_pt_create(struct sync_timeline *obj,
 /*
  * *WARNING*
  *
- * improper use of this can result in deadlocking kernel drivers from userspace.
+ * improper use of this can result in deadlocking kernel memory management
+ * from userspace.
  */
 
 /* opening sw_sync create a new sync obj */
@@ -295,6 +296,8 @@  static int sw_sync_debugfs_open(struct inode *inode, struct file *file)
 	struct sync_timeline *obj;
 	char task_comm[TASK_COMM_LEN];
 
+	add_taint(TAINT_SOFTLOCKUP, LOCKDEP_STILL_OK);
+
 	get_task_comm(task_comm, current);
 
 	obj = sync_timeline_create(task_comm);

[2/2] dma-buf: taint the kernel on sw_sync use

Commit Message

Patch