From patchwork Sun Jul 7 17:17:34 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 2824604 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 3C8CE9F9CA for ; Sun, 7 Jul 2013 17:33:05 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4DFD32012B for ; Sun, 7 Jul 2013 17:33:04 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 5D72D20122 for ; Sun, 7 Jul 2013 17:33:03 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 4B813E6079 for ; Sun, 7 Jul 2013 10:33:03 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-ee0-f50.google.com (mail-ee0-f50.google.com [74.125.83.50]) by gabe.freedesktop.org (Postfix) with ESMTP id 80C88E6053 for ; Sun, 7 Jul 2013 10:18:17 -0700 (PDT) Received: by mail-ee0-f50.google.com with SMTP id d49so2375410eek.9 for ; Sun, 07 Jul 2013 10:18:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; bh=Ux1fJcMv5cuORhp4RcOGf8/umZnB0kuPVn5fHs0Ht/c=; b=vF56HMjwhn8N+7eEJq21Zn+eA1r3YYPuP5PNoLwp09OuTs9vxGU+Be9N91b9gRICp+ mvIMlXJ0B2btudeHvkJxp0Valu4Rqo/D6EDpVJj28/+F2+8lk4q2ji5GcbDrSSENEwDw /pKiS82dmZ8euKLdb7n4O1TneZ5JMcy121idDqiacauQ5KrriH6az+CTC+kjE7BZKNor 4cnSywP5qUaZCh+EOQdLZj5evqYk29eNYs5TMJud6c5dIF9pDFXZG+hKZYcREQWyVC8Z 9hdF3uETAzUKw8k5grTuAZuhD83VrhWE78MtWMtKtI0awfQDkvER2b8e982w67QvhDIc fKYw== X-Received: by 10.14.106.195 with SMTP id m43mr21282474eeg.60.1373217496764; Sun, 07 Jul 2013 10:18:16 -0700 (PDT) Received: from localhost.localdomain (stgt-5f71834a.pool.mediaWays.net. [95.113.131.74]) by mx.google.com with ESMTPSA id n45sm34781333eew.1.2013.07.07.10.18.13 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 07 Jul 2013 10:18:15 -0700 (PDT) From: David Herrmann To: dri-devel@lists.freedesktop.org Subject: [PATCH v2 18/20] drm/gem: implement mmap access management Date: Sun, 7 Jul 2013 19:17:34 +0200 Message-Id: <1373217456-32282-19-git-send-email-dh.herrmann@gmail.com> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1373217456-32282-1-git-send-email-dh.herrmann@gmail.com> References: <1373217456-32282-1-git-send-email-dh.herrmann@gmail.com> Cc: Daniel Vetter , Martin Peres , Dave Airlie X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org Errors-To: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Implement automatic access management for mmap offsets for all GEM drivers. This prevents user-space applications from "guessing" GEM BO offsets and accessing buffers which they don't own. Signed-off-by: David Herrmann --- drivers/gpu/drm/drm_gem.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index b5db89b..9d40ee3 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -240,6 +240,7 @@ drm_gem_handle_delete(struct drm_file *filp, u32 handle) spin_unlock(&filp->table_lock); drm_gem_remove_prime_handles(obj, filp); + drm_vma_node_revoke(&obj->vma_node, filp->filp); if (dev->driver->gem_close_object) dev->driver->gem_close_object(obj, filp); @@ -279,15 +280,23 @@ drm_gem_handle_create(struct drm_file *file_priv, drm_gem_object_handle_reference(obj); + ret = drm_vma_node_allow(&obj->vma_node, file_priv->filp); + if (ret) + goto err_handle; + if (dev->driver->gem_open_object) { ret = dev->driver->gem_open_object(obj, file_priv); - if (ret) { - drm_gem_handle_delete(file_priv, *handlep); - return ret; - } + if (ret) + goto err_vma; } return 0; + +err_vma: + drm_vma_node_revoke(&obj->vma_node, file_priv->filp); +err_handle: + drm_gem_handle_delete(file_priv, *handlep); + return ret; } EXPORT_SYMBOL(drm_gem_handle_create); @@ -476,6 +485,7 @@ drm_gem_object_release_handle(int id, void *ptr, void *data) struct drm_device *dev = obj->dev; drm_gem_remove_prime_handles(obj, file_priv); + drm_vma_node_revoke(&obj->vma_node, file_priv->filp); if (dev->driver->gem_close_object) dev->driver->gem_close_object(obj, file_priv); @@ -668,6 +678,9 @@ int drm_gem_mmap(struct file *filp, struct vm_area_struct *vma) if (!node) { mutex_unlock(&dev->struct_mutex); return drm_mmap(filp, vma); + } else if (!drm_vma_node_is_allowed(node, filp)) { + mutex_unlock(&dev->struct_mutex); + return -EACCES; } obj = container_of(node, struct drm_gem_object, vma_node);