From 89cefe5398f55f56062e47f277c946e472654b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= Date: Wed, 5 Jun 2024 17:08:54 +0200 Subject: [PATCH] Update to 2.4.121 Resolves: https://issues.redhat.com/browse/RHEL-24145 Resolves: https://issues.redhat.com/browse/RHEL-29916 --- .gitignore | 1 + ...dgpu_cs_signal_semaphore-thread-safe.patch | 94 ------------------- libdrm.spec | 7 +- sources | 2 +- 4 files changed, 6 insertions(+), 98 deletions(-) delete mode 100644 0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch diff --git a/.gitignore b/.gitignore index 22fc5dc..41a647b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /libdrm-2.4.115.tar.xz /libdrm-2.4.117.tar.xz /libdrm-2.4.120.tar.xz +/libdrm-2.4.121.tar.xz diff --git a/0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch b/0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch deleted file mode 100644 index 0592b58..0000000 --- a/0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 4df9173595dcc65662516b634f9d10001fd060e2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= -Date: Thu, 21 Mar 2024 11:41:18 +0100 -Subject: [PATCH] amdgpu: Make amdgpu_cs_signal_semaphore() thread-safe -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The issue was found by a static analysis tool: - - Error: LOCK_EVASION (CWE-543): - libdrm-2.4.115/amdgpu/amdgpu_cs.c:596: thread1_checks_field: - Thread1 uses the value read from field "context" in the - condition "sem->signal_fence.context". It sees that the - condition is false. Control is switched to Thread2. - libdrm-2.4.115/amdgpu/amdgpu_cs.c:596: thread2_checks_field: - Thread2 uses the value read from field "context" in the - condition "sem->signal_fence.context". It sees that the - condition is false. - libdrm-2.4.115/amdgpu/amdgpu_cs.c:598: thread2_acquires_lock: - Thread2 acquires lock "amdgpu_context.sequence_mutex". - libdrm-2.4.115/amdgpu/amdgpu_cs.c:599: thread2_modifies_field: - Thread2 sets "context" to a new value. Note that this write can - be reordered at runtime to occur before instructions that do - not access this field within this locked region. After Thread2 - leaves the critical section, control is switched back to - Thread1. - libdrm-2.4.115/amdgpu/amdgpu_cs.c:598: thread1_acquires_lock: - Thread1 acquires lock "amdgpu_context.sequence_mutex". - libdrm-2.4.115/amdgpu/amdgpu_cs.c:599: thread1_overwrites_value_in_field: - Thread1 sets "context" to a new value. Now the two threads have - an inconsistent view of "context" and updates to fields of - "context" or fields correlated with "context" may be lost. - libdrm-2.4.115/amdgpu/amdgpu_cs.c:596: use_same_locks_for_read_and_modify: - Guard the modification of "context" and the read used to decide - whether to modify "context" with the same set of locks. - # 597| return -EINVAL; - # 598| pthread_mutex_lock(&ctx->sequence_mutex); - # 599|-> sem->signal_fence.context = ctx; - # 600| sem->signal_fence.ip_type = ip_type; - # 601| sem->signal_fence.ip_instance = ip_instance; - -Check `sem->signal_fence.context` in the locked region to avoid a race -condition. - -Reviewed-by: Pierre-Eric Pelloux-Prayer -Signed-off-by: José Expósito ---- - amdgpu/amdgpu_cs.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/amdgpu/amdgpu_cs.c b/amdgpu/amdgpu_cs.c -index 49fc16c3..2db49675 100644 ---- a/amdgpu/amdgpu_cs.c -+++ b/amdgpu/amdgpu_cs.c -@@ -598,24 +598,31 @@ drm_public int amdgpu_cs_signal_semaphore(amdgpu_context_handle ctx, - uint32_t ring, - amdgpu_semaphore_handle sem) - { -+ int ret; -+ - if (!ctx || !sem) - return -EINVAL; - if (ip_type >= AMDGPU_HW_IP_NUM) - return -EINVAL; - if (ring >= AMDGPU_CS_MAX_RINGS) - return -EINVAL; -- /* sem has been signaled */ -- if (sem->signal_fence.context) -- return -EINVAL; -+ - pthread_mutex_lock(&ctx->sequence_mutex); -+ /* sem has been signaled */ -+ if (sem->signal_fence.context) { -+ ret = -EINVAL; -+ goto unlock; -+ } - sem->signal_fence.context = ctx; - sem->signal_fence.ip_type = ip_type; - sem->signal_fence.ip_instance = ip_instance; - sem->signal_fence.ring = ring; - sem->signal_fence.fence = ctx->last_seq[ip_type][ip_instance][ring]; - update_references(NULL, &sem->refcount); -+ ret = 0; -+unlock: - pthread_mutex_unlock(&ctx->sequence_mutex); -- return 0; -+ return ret; - } - - drm_public int amdgpu_cs_wait_semaphore(amdgpu_context_handle ctx, --- -2.45.1 - diff --git a/libdrm.spec b/libdrm.spec index f0c4daf..a463681 100644 --- a/libdrm.spec +++ b/libdrm.spec @@ -53,7 +53,7 @@ end} Name: libdrm Summary: Direct Rendering Manager runtime library -Version: 2.4.120 +Version: 2.4.121 Release: 1%{?dist} License: MIT @@ -88,8 +88,6 @@ BuildRequires: chrpath Patch1001: libdrm-make-dri-perms-okay.patch # remove backwards compat not needed on Fedora Patch1002: libdrm-2.4.0-no-bc.patch -# Fix findings from static application security testing (SAST) -Patch1003: 0001-amdgpu-Make-amdgpu_cs_signal_semaphore-thread-safe.patch %description Direct Rendering Manager runtime library @@ -281,6 +279,9 @@ cp %{SOURCE1} %{buildroot}%{_docdir}/libdrm %endif %changelog +* Wed Jun 05 2024 José Expósito - 2.4.121-1 +- Update to 2.4.121 + * Mon May 27 2024 José Expósito - 2.4.120-1 - Update to 2.4.120 - Fix findings from static application security testing (SAST) diff --git a/sources b/sources index afc99c6..d23fb8a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libdrm-2.4.120.tar.xz) = 6dc16e5134a669eeb59debb1dc2d15b857483ab7476dc2b94bd05a32d8953f046f5656f6cf9e1a63e97e7156fb65ebb58b6a29fe45cb6326058baaf820626e70 +SHA512 (libdrm-2.4.121.tar.xz) = cc8816d61884caa0e404348d1caeb0b2952fb50e1dc401716adfe08121096e2a67826db0bda0d8b163d67c5ee048870177670d5eac28a5abe5792d09ba77ab2e