LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount
@ 2021-07-16 10:41 Xiyu Yang
  2021-07-21  2:00 ` Zhenyu Wang
  0 siblings, 1 reply; 3+ messages in thread
From: Xiyu Yang @ 2021-07-16 10:41 UTC (permalink / raw)
  To: Zhenyu Wang, Zhi Wang, Jani Nikula, Joonas Lahtinen,
	Rodrigo Vivi, David Airlie, Daniel Vetter, intel-gvt-dev,
	intel-gfx, dri-devel, linux-kernel
  Cc: yuanxzhang, Xiyu Yang, Xin Tan

refcount_t type and corresponding API can protect refcounters from
accidental underflow and overflow and further use-after-free situations

Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
 drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++-----
 drivers/gpu/drm/i915/gvt/gtt.h |  3 ++-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
index cc2c05e18206..62f3daff5a36 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.c
+++ b/drivers/gpu/drm/i915/gvt/gtt.c
@@ -841,7 +841,7 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt(
 	}
 
 	spt->vgpu = vgpu;
-	atomic_set(&spt->refcount, 1);
+	refcount_set(&spt->refcount, 1);
 	INIT_LIST_HEAD(&spt->post_shadow_list);
 
 	/*
@@ -927,18 +927,19 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt_gfn(
 
 static inline void ppgtt_get_spt(struct intel_vgpu_ppgtt_spt *spt)
 {
-	int v = atomic_read(&spt->refcount);
+	int v = refcount_read(&spt->refcount);
 
 	trace_spt_refcount(spt->vgpu->id, "inc", spt, v, (v + 1));
-	atomic_inc(&spt->refcount);
+	refcount_inc(&spt->refcount);
 }
 
 static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt)
 {
-	int v = atomic_read(&spt->refcount);
+	int v = refcount_read(&spt->refcount);
 
 	trace_spt_refcount(spt->vgpu->id, "dec", spt, v, (v - 1));
-	return atomic_dec_return(&spt->refcount);
+	refcount_dec(&spt->refcount);
+	return refcount_read(&spt->refcount);
 }
 
 static int ppgtt_invalidate_spt(struct intel_vgpu_ppgtt_spt *spt);
diff --git a/drivers/gpu/drm/i915/gvt/gtt.h b/drivers/gpu/drm/i915/gvt/gtt.h
index 3bf45672ef98..944c2d0739df 100644
--- a/drivers/gpu/drm/i915/gvt/gtt.h
+++ b/drivers/gpu/drm/i915/gvt/gtt.h
@@ -38,6 +38,7 @@
 #include <linux/kref.h>
 #include <linux/mutex.h>
 #include <linux/radix-tree.h>
+#include <linux/refcount.h>
 
 #include "gt/intel_gtt.h"
 
@@ -243,7 +244,7 @@ struct intel_vgpu_oos_page {
 
 /* Represent a vgpu shadow page table. */
 struct intel_vgpu_ppgtt_spt {
-	atomic_t refcount;
+	refcount_t refcount;
 	struct intel_vgpu *vgpu;
 
 	struct {
-- 
2.7.4


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount
  2021-07-16 10:41 [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount Xiyu Yang
@ 2021-07-21  2:00 ` Zhenyu Wang
  2021-07-21  9:40   ` Daniel Vetter
  0 siblings, 1 reply; 3+ messages in thread
From: Zhenyu Wang @ 2021-07-21  2:00 UTC (permalink / raw)
  To: Xiyu Yang
  Cc: Zhi Wang, Jani Nikula, Joonas Lahtinen, Rodrigo Vivi,
	David Airlie, Daniel Vetter, intel-gvt-dev, intel-gfx, dri-devel,
	linux-kernel, Xin Tan, yuanxzhang

[-- Attachment #1: Type: text/plain, Size: 2677 bytes --]

On 2021.07.16 18:41:38 +0800, Xiyu Yang wrote:
> refcount_t type and corresponding API can protect refcounters from
> accidental underflow and overflow and further use-after-free situations
>

Thanks for the patch. Is there any specific problem you run with current code?
Any shadow ppgtt error?

> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
> ---
>  drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++-----
>  drivers/gpu/drm/i915/gvt/gtt.h |  3 ++-
>  2 files changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index cc2c05e18206..62f3daff5a36 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -841,7 +841,7 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt(
>  	}
>  
>  	spt->vgpu = vgpu;
> -	atomic_set(&spt->refcount, 1);
> +	refcount_set(&spt->refcount, 1);
>  	INIT_LIST_HEAD(&spt->post_shadow_list);
>  
>  	/*
> @@ -927,18 +927,19 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt_gfn(
>  
>  static inline void ppgtt_get_spt(struct intel_vgpu_ppgtt_spt *spt)
>  {
> -	int v = atomic_read(&spt->refcount);
> +	int v = refcount_read(&spt->refcount);
>  
>  	trace_spt_refcount(spt->vgpu->id, "inc", spt, v, (v + 1));
> -	atomic_inc(&spt->refcount);
> +	refcount_inc(&spt->refcount);
>  }
>  
>  static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt)
>  {
> -	int v = atomic_read(&spt->refcount);
> +	int v = refcount_read(&spt->refcount);
>  
>  	trace_spt_refcount(spt->vgpu->id, "dec", spt, v, (v - 1));
> -	return atomic_dec_return(&spt->refcount);
> +	refcount_dec(&spt->refcount);
> +	return refcount_read(&spt->refcount);
>  }
>  
>  static int ppgtt_invalidate_spt(struct intel_vgpu_ppgtt_spt *spt);
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.h b/drivers/gpu/drm/i915/gvt/gtt.h
> index 3bf45672ef98..944c2d0739df 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.h
> +++ b/drivers/gpu/drm/i915/gvt/gtt.h
> @@ -38,6 +38,7 @@
>  #include <linux/kref.h>
>  #include <linux/mutex.h>
>  #include <linux/radix-tree.h>
> +#include <linux/refcount.h>
>  
>  #include "gt/intel_gtt.h"
>  
> @@ -243,7 +244,7 @@ struct intel_vgpu_oos_page {
>  
>  /* Represent a vgpu shadow page table. */
>  struct intel_vgpu_ppgtt_spt {
> -	atomic_t refcount;
> +	refcount_t refcount;
>  	struct intel_vgpu *vgpu;
>  
>  	struct {
> -- 
> 2.7.4
> 
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount
  2021-07-21  2:00 ` Zhenyu Wang
@ 2021-07-21  9:40   ` Daniel Vetter
  0 siblings, 0 replies; 3+ messages in thread
From: Daniel Vetter @ 2021-07-21  9:40 UTC (permalink / raw)
  To: Zhenyu Wang
  Cc: Xiyu Yang, Zhi Wang, Jani Nikula, Joonas Lahtinen, Rodrigo Vivi,
	David Airlie, intel-gvt-dev, intel-gfx, dri-devel,
	Linux Kernel Mailing List, Xin Tan, yuanxzhang

On Wed, Jul 21, 2021 at 4:21 AM Zhenyu Wang <zhenyuw@linux.intel.com> wrote:
> On 2021.07.16 18:41:38 +0800, Xiyu Yang wrote:
> > refcount_t type and corresponding API can protect refcounters from
> > accidental underflow and overflow and further use-after-free situations
> >
>
> Thanks for the patch. Is there any specific problem you run with current code?
> Any shadow ppgtt error?

refcount_t is just part of the kernel hardening project, and
recommeded to be used anywhere it's possible. It doesn't fix bugs
itself, but makes it impossible to exploit at least some of them and
warns in other cases, so easier to catch them if they do exist.
-Daniel

> > Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
> > Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
> > ---
> >  drivers/gpu/drm/i915/gvt/gtt.c | 11 ++++++-----
> >  drivers/gpu/drm/i915/gvt/gtt.h |  3 ++-
> >  2 files changed, 8 insertions(+), 6 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> > index cc2c05e18206..62f3daff5a36 100644
> > --- a/drivers/gpu/drm/i915/gvt/gtt.c
> > +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> > @@ -841,7 +841,7 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt(
> >       }
> >
> >       spt->vgpu = vgpu;
> > -     atomic_set(&spt->refcount, 1);
> > +     refcount_set(&spt->refcount, 1);
> >       INIT_LIST_HEAD(&spt->post_shadow_list);
> >
> >       /*
> > @@ -927,18 +927,19 @@ static struct intel_vgpu_ppgtt_spt *ppgtt_alloc_spt_gfn(
> >
> >  static inline void ppgtt_get_spt(struct intel_vgpu_ppgtt_spt *spt)
> >  {
> > -     int v = atomic_read(&spt->refcount);
> > +     int v = refcount_read(&spt->refcount);
> >
> >       trace_spt_refcount(spt->vgpu->id, "inc", spt, v, (v + 1));
> > -     atomic_inc(&spt->refcount);
> > +     refcount_inc(&spt->refcount);
> >  }
> >
> >  static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt)
> >  {
> > -     int v = atomic_read(&spt->refcount);
> > +     int v = refcount_read(&spt->refcount);
> >
> >       trace_spt_refcount(spt->vgpu->id, "dec", spt, v, (v - 1));
> > -     return atomic_dec_return(&spt->refcount);
> > +     refcount_dec(&spt->refcount);
> > +     return refcount_read(&spt->refcount);
> >  }
> >
> >  static int ppgtt_invalidate_spt(struct intel_vgpu_ppgtt_spt *spt);
> > diff --git a/drivers/gpu/drm/i915/gvt/gtt.h b/drivers/gpu/drm/i915/gvt/gtt.h
> > index 3bf45672ef98..944c2d0739df 100644
> > --- a/drivers/gpu/drm/i915/gvt/gtt.h
> > +++ b/drivers/gpu/drm/i915/gvt/gtt.h
> > @@ -38,6 +38,7 @@
> >  #include <linux/kref.h>
> >  #include <linux/mutex.h>
> >  #include <linux/radix-tree.h>
> > +#include <linux/refcount.h>
> >
> >  #include "gt/intel_gtt.h"
> >
> > @@ -243,7 +244,7 @@ struct intel_vgpu_oos_page {
> >
> >  /* Represent a vgpu shadow page table. */
> >  struct intel_vgpu_ppgtt_spt {
> > -     atomic_t refcount;
> > +     refcount_t refcount;
> >       struct intel_vgpu *vgpu;
> >
> >       struct {
> > --
> > 2.7.4
> >
> > _______________________________________________
> > intel-gvt-dev mailing list
> > intel-gvt-dev@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev



-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-07-21  9:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-16 10:41 [PATCH] drm/i915/gvt: Convert from atomic_t to refcount_t on intel_vgpu_ppgtt_spt->refcount Xiyu Yang
2021-07-21  2:00 ` Zhenyu Wang
2021-07-21  9:40   ` Daniel Vetter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).