From patchwork Fri Oct 28 02:14:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robert Bragg X-Patchwork-Id: 9400819 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1F678600BA for ; Fri, 28 Oct 2016 02:14:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0EAFC2A45E for ; Fri, 28 Oct 2016 02:14:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0209E2A460; Fri, 28 Oct 2016 02:14:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AE86F2A45E for ; Fri, 28 Oct 2016 02:14:42 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 911DF6EB0B; Fri, 28 Oct 2016 02:14:39 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mail-wm0-x244.google.com (mail-wm0-x244.google.com [IPv6:2a00:1450:400c:c09::244]) by gabe.freedesktop.org (Postfix) with ESMTPS id E86576EB07; Fri, 28 Oct 2016 02:14:37 +0000 (UTC) Received: by mail-wm0-x244.google.com with SMTP id b80so5248276wme.2; Thu, 27 Oct 2016 19:14:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=GL9nzMQWIDL33BTql2jn0pe9nHT6wPmf/SJUrr19zK8=; b=GDqlUvDw3VLf+DWRINFCV8P/IGEJXJllECMjKz8VK/3s4Vt+FV8aFmrUY9nj+wPC4M rnT9ipO22vQBd1xxqML4CchTAcg3OcfnghEwAytqImJP0s0iXNNAeU1otH3L0XPAs8Co 8CJysECVq+7gAFj6SgQy18Aaxs8nJUvDjKVIXQCjN4FLBewtZp0zOeQe0tBhPG8OimBv AumMyCw/5oiRLBdQfNtbl3+Cix5osyELECmkWpxxcKkpoJ/FM8BSFlAslud1TdFvUge2 DQ6TaAmGw/pLFOI7yifhXyik3J/5McpQ/DVRnkoEOaxXl1lcrTOdpFXcOJSeJ/Ex+5qV sWQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=GL9nzMQWIDL33BTql2jn0pe9nHT6wPmf/SJUrr19zK8=; b=LQIDoyiHGO4ihOrDCYsZX0Y4aTG3mkZURCl18xuKyxYmpkdllxG0n02840wbaSEYJ7 MUAHRx0IcM3O1peueZ1V15qHgwWGzTqKCEovwxejDqXSNWcDF7pRF5giqrbs4+XSV1Uq +8LPMMVbTZDQLGJEjcSsRkQHZUIKMksdoHUZhLyhOT3NiQ4UnJGT6J75ftC1BdcEJ/If Yj2DzDNtM8HNqwEuW6YXcwS1FUWVll/fpxn4R/GBSf6DtmhkJdih4m1opWhLGUxUm3XC Ao4VSV+k8mWMBBJLVmLoUL9sOasJVivtB9aLfAlr+FnGFZwayLlie3kGvhx/79TEu0O/ 96IQ== X-Gm-Message-State: ABUngvcWd6U0/qcNlh2rklb19DYTQWRLar6C+epUYcjZU6uY0g51cbWG7uAyV4hi21Q/dA== X-Received: by 10.194.57.195 with SMTP id k3mr10674316wjq.168.1477620876562; Thu, 27 Oct 2016 19:14:36 -0700 (PDT) Received: from sixbynine.org (cpc26-heme10-2-0-cust305.9-1.cable.virginm.net. [86.3.57.50]) by smtp.gmail.com with ESMTPSA id 63sm7393715wmv.1.2016.10.27.19.14.35 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 27 Oct 2016 19:14:36 -0700 (PDT) From: Robert Bragg To: intel-gfx@lists.freedesktop.org Date: Fri, 28 Oct 2016 03:14:22 +0100 Message-Id: <20161028021430.2177-5-robert@sixbynine.org> X-Mailer: git-send-email 2.10.1 In-Reply-To: <20161028021430.2177-1-robert@sixbynine.org> References: <20161028021430.2177-1-robert@sixbynine.org> Cc: David Airlie , dri-devel@lists.freedesktop.org, Sourab Gupta , Daniel Vetter Subject: [Intel-gfx] [PATCH v8 04/12] drm/i915: return EACCES for check_cmd() failures X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP check_cmd() is checking whether a command adheres to certain restrictions that ensure it's safe to execute within a privileged batch buffer. Returning false implies a privilege problem, not that the command is invalid. The distinction makes the difference between allowing the buffer to be executed as an unprivileged batch buffer or returning an EINVAL error to userspace without executing anything. In a case where userspace may want to test whether it can successfully write to a register that needs privileges the distinction may be important and an EINVAL error may be considered fatal. In particular this is currently true for Mesa, which includes a test for whether OACONTROL can be written too, but Mesa treats any error when flushing a batch buffer as fatal, calling exit(1). As it is currently Mesa can gracefully handle a failure to write to OACONTROL if the command parser is disabled, but if we were to remove OACONTROL from the parser's whitelist then the returned EINVAL would break Mesa applications as they attempt an OACONTROL write. This bumps the command parser version from 7 to 8, as the change is visible to userspace. Signed-off-by: Robert Bragg Reviewed-by: Matthew Auld Reviewed-by: Sourab Gupta --- drivers/gpu/drm/i915/i915_cmd_parser.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_cmd_parser.c b/drivers/gpu/drm/i915/i915_cmd_parser.c index fe34470..c45dd83 100644 --- a/drivers/gpu/drm/i915/i915_cmd_parser.c +++ b/drivers/gpu/drm/i915/i915_cmd_parser.c @@ -1272,7 +1272,7 @@ int intel_engine_cmd_parser(struct intel_engine_cs *engine, if (!check_cmd(engine, desc, cmd, length, is_master, &oacontrol_set)) { - ret = -EINVAL; + ret = -EACCES; break; } @@ -1333,6 +1333,9 @@ int i915_cmd_parser_get_version(struct drm_i915_private *dev_priv) * 5. GPGPU dispatch compute indirect registers. * 6. TIMESTAMP register and Haswell CS GPR registers * 7. Allow MI_LOAD_REGISTER_REG between whitelisted registers. + * 8. Don't report cmd_check() failures as EINVAL errors to userspace; + * rely on the HW to NOOP disallowed commands as it would without + * the parser enabled. */ - return 7; + return 8; }