leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

drm/vmwgfx: Tighten the security around buffer maps

Browse Source 
Make sure that other DRM clients can't map the contents of
non-shareable buffer objects.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This commit is contained in:
Thomas Hellstrom 2012-11-21 16:04:18 +01:00 committed by Dave Airlie
parent 219e81536c
commit d08a9b9cd8
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/gpu/drm/vmwgfx/vmwgfx_buffer.c
View File

@ -248,13 +248,12 @@ void vmw_evict_flags(struct ttm_buffer_object *bo,
*placement = vmw_sys_placement; *placement = vmw_sys_placement;
} }
/**
* FIXME: Proper access checks on buffers.
*/
static int vmw_verify_access(struct ttm_buffer_object *bo, struct file *filp) static int vmw_verify_access(struct ttm_buffer_object *bo, struct file *filp)
{ {
return 0; struct ttm_object_file *tfile =
vmw_fpriv((struct drm_file *)filp->private_data)->tfile;
return vmw_user_dmabuf_verify_access(bo, tfile);
} }
static int vmw_ttm_io_mem_reserve(struct ttm_bo_device *bdev, struct ttm_mem_reg *mem) static int vmw_ttm_io_mem_reserve(struct ttm_bo_device *bdev, struct ttm_mem_reg *mem)

2
drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
View File

@ -461,6 +461,8 @@ extern int vmw_dmabuf_init(struct vmw_private *dev_priv,
size_t size, struct ttm_placement *placement, size_t size, struct ttm_placement *placement,
bool interuptable, bool interuptable,
void (*bo_free) (struct ttm_buffer_object *bo)); void (*bo_free) (struct ttm_buffer_object *bo));
extern int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo,
struct ttm_object_file *tfile);
extern int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data, extern int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv); struct drm_file *file_priv);
extern int vmw_dmabuf_unref_ioctl(struct drm_device *dev, void *data, extern int vmw_dmabuf_unref_ioctl(struct drm_device *dev, void *data,

20
drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
View File

@ -458,6 +458,26 @@ out_no_base_object:
return ret; return ret;
} }
/**
* vmw_user_dmabuf_verify_access - verify access permissions on this
* buffer object.
*
* @bo: Pointer to the buffer object being accessed
* @tfile: Identifying the caller.
*/
int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo,
struct ttm_object_file *tfile)
{
struct vmw_user_dma_buffer *vmw_user_bo;
if (unlikely(bo->destroy != vmw_user_dmabuf_destroy))
return -EPERM;
vmw_user_bo = vmw_user_dma_buffer(bo);
return (vmw_user_bo->base.tfile == tfile ||
vmw_user_bo->base.shareable) ? 0 : -EPERM;
}
int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data, int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data,
struct drm_file *file_priv) struct drm_file *file_priv)
{ {