Re: Use of copy_from_user in msm_gem_submit.c while holding a spin_lock

From: Daniel Vetter
Date: Thu Aug 18 2016 - 04:32:06 EST


On Wed, Aug 17, 2016 at 08:31:20PM +0100, Al Viro wrote:
> On Wed, Aug 17, 2016 at 03:24:38PM -0400, Rob Clark wrote:
>
> > hmm, looks like, at least on arm (not sure about arm64),
> >
> > #define __copy_from_user_inatomic __copy_from_user
> >
> > ie. copy_from_user() minus the access_ok() and memset in the
> > !access_ok() path.. but maybe what I want is just the
> > pagefault_disable() if that disables copy_from_user() being able to
> > block..
>
> On a bunch of platforms copy_from_user() starts with might_sleep(); again,
> that'll spread to all of the pretty soon.
>
> Right now those primitives are very badly out of sync; this will change,
> but let's not add more PITA sources.

That sounds great, as part of discussing this on irc with Rob I too
noticed that the the *copy*user* funcs are all rather out of sync. On
i915.ko we go full evil mode and pass (faulting) i915 buffer objects in as
targets for all these copy*user operations. And for added evilness we have
debugfs interfaces to force-unmap/evict these bo, which is used to make
sure that the fault handling in slow-paths (after dropping locks and
reacquiring them) also works - some of i915 code has slow-slow path
fallbacks ;-)

Oh and we have a debugfs knob to disable the prefaulting we do, since
without those the race is way too small.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch