From patchwork Mon Nov 7 19:49:49 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robert Bragg X-Patchwork-Id: 9415951 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8C48260512 for ; Mon, 7 Nov 2016 19:50:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7D0C828AF5 for ; Mon, 7 Nov 2016 19:50:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 71B2828D42; Mon, 7 Nov 2016 19:50:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 33AC028AF5 for ; Mon, 7 Nov 2016 19:50:22 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 473326E34D; Mon, 7 Nov 2016 19:50:08 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) by gabe.freedesktop.org (Postfix) with ESMTPS id A684B6E207; Mon, 7 Nov 2016 19:50:04 +0000 (UTC) Received: by mail-wm0-x243.google.com with SMTP id u144so18312343wmu.0; Mon, 07 Nov 2016 11:50:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=BZ3zThDjrnYxwGMoopsRY3BFFE7sIc6tScl5aDgZieI=; b=LmxVG2XjbovlBTW1vcrRJQBLGOUOZs6gg4+iSn7taziSRY+VyZWBRPOyBW0Fve4deq Lro7C0fi+rbnQM8t9SFDarNjoMRsueZffaAUb7voepof4D3U7IiMr3dkcQGk9D23DGdw rXsJFVY07aA7nA72uJESjxLC16b3vsPe20UFodI96RmDkB9gZNmrtCbN+nI7VjXyPUho /ede65JRWNjN6NQPi0A78L2AgqLOF8MdQA4iiozr5BUWiRXqghNMUm9fcIbQW+Clt4ED LpLpG0goDStBZKNPPe5bN51WTj64S2h9MY9lMmRtecHC0e2ENL+UpBgDTxOv/S4D5XnX zd4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=BZ3zThDjrnYxwGMoopsRY3BFFE7sIc6tScl5aDgZieI=; b=epXqSThWr5uZ+8iyet+Aqonib7GCII3tCEAvgN1wVhhd50+j9l/j2oSGD1bTBTh2Hn TAdkOE6CW1MT0yFChgRUkKPdACbQuM+leCeBwvppRkREg/b7A4s6mFMrqVmaUAP9tK71 Ha2XluuUQqGgIaFoElBY887dXymVdrReQkVH39PqOOBTjvlDXZKOZaWGYmwR3WQQ9Dyo 1jJtfe03w2NrVZwPb5CDEhoY9JNqMMYiQY25UuwbuR4Q3FCDulpFKkTjpFi++J6IeWsw w9+t9AtOyJPMS+44iQOikDdjnsoUIUQAvG0ZdKVHFWRYzycX/wuhvoB7xz/21ZTHZRHU 438g== X-Gm-Message-State: ABUngvc+FxtuUlaexk9mrr9/4gE/63n74fJaDWLm84sVT4NVYahruAlFpJiXXJnxAIVYzA== X-Received: by 10.28.52.76 with SMTP id b73mr10366163wma.8.1478548203263; Mon, 07 Nov 2016 11:50:03 -0800 (PST) Received: from sixbynine.org (cpc26-heme10-2-0-cust305.9-1.cable.virginm.net. [86.3.57.50]) by smtp.gmail.com with ESMTPSA id jq10sm32856291wjb.46.2016.11.07.11.50.02 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 07 Nov 2016 11:50:02 -0800 (PST) From: Robert Bragg To: intel-gfx@lists.freedesktop.org Date: Mon, 7 Nov 2016 19:49:49 +0000 Message-Id: <20161107194957.3385-4-robert@sixbynine.org> X-Mailer: git-send-email 2.10.1 In-Reply-To: <20161107194957.3385-1-robert@sixbynine.org> References: <20161107194957.3385-1-robert@sixbynine.org> Cc: David Airlie , dri-devel@lists.freedesktop.org, Sourab Gupta , Daniel Vetter Subject: [Intel-gfx] [PATCH v9 03/11] drm/i915: return EACCES for check_cmd() failures X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP check_cmd() is checking whether a command adheres to certain restrictions that ensure it's safe to execute within a privileged batch buffer. Returning false implies a privilege problem, not that the command is invalid. The distinction makes the difference between allowing the buffer to be executed as an unprivileged batch buffer or returning an EINVAL error to userspace without executing anything. In a case where userspace may want to test whether it can successfully write to a register that needs privileges the distinction may be important and an EINVAL error may be considered fatal. In particular this is currently true for Mesa, which includes a test for whether OACONTROL can be written too, but Mesa treats any error when flushing a batch buffer as fatal, calling exit(1). As it is currently Mesa can gracefully handle a failure to write to OACONTROL if the command parser is disabled, but if we were to remove OACONTROL from the parser's whitelist then the returned EINVAL would break Mesa applications as they attempt an OACONTROL write. This bumps the command parser version from 7 to 8, as the change is visible to userspace. Signed-off-by: Robert Bragg Reviewed-by: Matthew Auld Reviewed-by: Sourab Gupta --- drivers/gpu/drm/i915/i915_cmd_parser.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_cmd_parser.c b/drivers/gpu/drm/i915/i915_cmd_parser.c index 7719aed..c9d2ecd 100644 --- a/drivers/gpu/drm/i915/i915_cmd_parser.c +++ b/drivers/gpu/drm/i915/i915_cmd_parser.c @@ -1272,7 +1272,7 @@ int intel_engine_cmd_parser(struct intel_engine_cs *engine, if (!check_cmd(engine, desc, cmd, length, is_master, &oacontrol_set)) { - ret = -EINVAL; + ret = -EACCES; break; } @@ -1333,6 +1333,9 @@ int i915_cmd_parser_get_version(struct drm_i915_private *dev_priv) * 5. GPGPU dispatch compute indirect registers. * 6. TIMESTAMP register and Haswell CS GPR registers * 7. Allow MI_LOAD_REGISTER_REG between whitelisted registers. + * 8. Don't report cmd_check() failures as EINVAL errors to userspace; + * rely on the HW to NOOP disallowed commands as it would without + * the parser enabled. */ - return 7; + return 8; }