rpms/libdrm
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 2.4.121

Browse Source 
Resolves: https://issues.redhat.com/browse/RHEL-28774
Resolves: https://issues.redhat.com/browse/RHEL-29915
This commit is contained in:
José Expósito 2024-06-05 17:21:09 +02:00
parent 38dbf76226
commit 57358ff182
3 changed files with 6 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch
View File

@ -1,94 +0,0 @@
From 4df9173595dcc65662516b634f9d10001fd060e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jexposit@redhat.com>
Date: Thu, 21 Mar 2024 11:41:18 +0100
Subject: [PATCH] amdgpu: Make amdgpu_cs_signal_semaphore() thread-safe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The issue was found by a static analysis tool:
Error: LOCK_EVASION (CWE-543):
libdrm-2.4.115/amdgpu/amdgpu_cs.c:596: thread1_checks_field:
Thread1 uses the value read from field "context" in the
condition "sem->signal_fence.context". It sees that the
condition is false. Control is switched to Thread2.
libdrm-2.4.115/amdgpu/amdgpu_cs.c:596: thread2_checks_field:
Thread2 uses the value read from field "context" in the
condition "sem->signal_fence.context". It sees that the
condition is false.
libdrm-2.4.115/amdgpu/amdgpu_cs.c:598: thread2_acquires_lock:
Thread2 acquires lock "amdgpu_context.sequence_mutex".
libdrm-2.4.115/amdgpu/amdgpu_cs.c:599: thread2_modifies_field:
Thread2 sets "context" to a new value. Note that this write can
be reordered at runtime to occur before instructions that do
not access this field within this locked region. After Thread2
leaves the critical section, control is switched back to
Thread1.
libdrm-2.4.115/amdgpu/amdgpu_cs.c:598: thread1_acquires_lock:
Thread1 acquires lock "amdgpu_context.sequence_mutex".
libdrm-2.4.115/amdgpu/amdgpu_cs.c:599: thread1_overwrites_value_in_field:
Thread1 sets "context" to a new value. Now the two threads have
an inconsistent view of "context" and updates to fields of
"context" or fields correlated with "context" may be lost.
libdrm-2.4.115/amdgpu/amdgpu_cs.c:596: use_same_locks_for_read_and_modify:
Guard the modification of "context" and the read used to decide
whether to modify "context" with the same set of locks.
# 597| return -EINVAL;
# 598| pthread_mutex_lock(&ctx->sequence_mutex);
# 599|-> sem->signal_fence.context = ctx;
# 600| sem->signal_fence.ip_type = ip_type;
# 601| sem->signal_fence.ip_instance = ip_instance;
Check `sem->signal_fence.context` in the locked region to avoid a race
condition.
Reviewed-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Signed-off-by: José Expósito <jexposit@redhat.com>
---
amdgpu/amdgpu_cs.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/amdgpu/amdgpu_cs.c b/amdgpu/amdgpu_cs.c
index 49fc16c3..2db49675 100644
--- a/amdgpu/amdgpu_cs.c
+++ b/amdgpu/amdgpu_cs.c
@@ -598,24 +598,31 @@ drm_public int amdgpu_cs_signal_semaphore(amdgpu_context_handle ctx,
uint32_t ring,
amdgpu_semaphore_handle sem)
{
+ int ret;
+
if (!ctx || !sem)
return -EINVAL;
if (ip_type >= AMDGPU_HW_IP_NUM)
return -EINVAL;
if (ring >= AMDGPU_CS_MAX_RINGS)
return -EINVAL;
- /* sem has been signaled */
- if (sem->signal_fence.context)
- return -EINVAL;
+
pthread_mutex_lock(&ctx->sequence_mutex);
+ /* sem has been signaled */
+ if (sem->signal_fence.context) {
+ ret = -EINVAL;
+ goto unlock;
+ }
sem->signal_fence.context = ctx;
sem->signal_fence.ip_type = ip_type;
sem->signal_fence.ip_instance = ip_instance;
sem->signal_fence.ring = ring;
sem->signal_fence.fence = ctx->last_seq[ip_type][ip_instance][ring];
update_references(NULL, &sem->refcount);
+ ret = 0;
+unlock:
pthread_mutex_unlock(&ctx->sequence_mutex);
- return 0;
+ return ret;
}
drm_public int amdgpu_cs_wait_semaphore(amdgpu_context_handle ctx,
--
2.45.1

9
libdrm.spec
View File

@ -50,8 +50,8 @@ end}
Name: libdrm Name: libdrm
Summary: Direct Rendering Manager runtime library Summary: Direct Rendering Manager runtime library
Version: 2.4.120 Version: 2.4.121
Release: 4%{?dist} Release: 1%{?dist}
License: MIT License: MIT
URL: https://dri.freedesktop.org URL: https://dri.freedesktop.org
@ -85,8 +85,6 @@ BuildRequires: chrpath
Patch1001: libdrm-make-dri-perms-okay.patch Patch1001: libdrm-make-dri-perms-okay.patch
# remove backwards compat not needed on Fedora # remove backwards compat not needed on Fedora
Patch1002: libdrm-2.4.0-no-bc.patch Patch1002: libdrm-2.4.0-no-bc.patch
# Fix findings from static application security testing (SAST)
Patch1003: 0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch
%description %description
Direct Rendering Manager runtime library Direct Rendering Manager runtime library
@ -284,6 +282,9 @@ cp %{SOURCE1} %{buildroot}%{_docdir}/libdrm
%endif %endif
%changelog %changelog
* Wed Jun 05 2024 José Expósito <jexposit@redhat.com> - 2.4.121-1
- Update to 2.4.121
* Mon May 27 2024 José Expósito <jexposit@redhat.com> - 2.4.120-4 * Mon May 27 2024 José Expósito <jexposit@redhat.com> - 2.4.120-4
- Fix findings from static application security testing (SAST) - Fix findings from static application security testing (SAST)

1
sources
View File

@ -1 +1,2 @@
SHA512 (libdrm-2.4.120.tar.xz) = 6dc16e5134a669eeb59debb1dc2d15b857483ab7476dc2b94bd05a32d8953f046f5656f6cf9e1a63e97e7156fb65ebb58b6a29fe45cb6326058baaf820626e70 SHA512 (libdrm-2.4.120.tar.xz) = 6dc16e5134a669eeb59debb1dc2d15b857483ab7476dc2b94bd05a32d8953f046f5656f6cf9e1a63e97e7156fb65ebb58b6a29fe45cb6326058baaf820626e70
SHA512 (libdrm-2.4.121.tar.xz) = cc8816d61884caa0e404348d1caeb0b2952fb50e1dc401716adfe08121096e2a67826db0bda0d8b163d67c5ee048870177670d5eac28a5abe5792d09ba77ab2e