[14/16] drm/vmwgfx: Tighten the security around buffer maps

Message ID	1395753548-17441-15-git-send-email-thellstrom@vmware.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <dri-devel-bounces@lists.freedesktop.org> From: Thomas Hellstrom <thellstrom@vmware.com> To: dri-devel@lists.freedesktop.org Subject: [PATCH 14/16] drm/vmwgfx: Tighten the security around buffer maps Date: Tue, 25 Mar 2014 14:19:06 +0100 Message-Id: <1395753548-17441-15-git-send-email-thellstrom@vmware.com> In-Reply-To: <1395753548-17441-1-git-send-email-thellstrom@vmware.com> References: <1395753548-17441-1-git-send-email-thellstrom@vmware.com> Cc: pv-drivers@vmware.com, Thomas Hellstrom <thellstrom@vmware.com>, linux-graphics-maintainer@vmware.com Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Message ID

1395753548-17441-15-git-send-email-thellstrom@vmware.com (mailing list archive)

State

New, archived

Headers

From: Thomas Hellstrom <thellstrom@vmware.com>
To: dri-devel@lists.freedesktop.org
Subject: [PATCH 14/16] drm/vmwgfx: Tighten the security around buffer maps
Date: Tue, 25 Mar 2014 14:19:06 +0100
Message-Id: <1395753548-17441-15-git-send-email-thellstrom@vmware.com>
In-Reply-To: <1395753548-17441-1-git-send-email-thellstrom@vmware.com>
References: <1395753548-17441-1-git-send-email-thellstrom@vmware.com>
Cc: pv-drivers@vmware.com, Thomas Hellstrom <thellstrom@vmware.com>,
	linux-graphics-maintainer@vmware.com
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Commit Message

Thomas Hellstrom March 25, 2014, 1:19 p.m. UTC

Make sure only buffer objects that are referenced by the client can be mapped.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
---
 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
index 30439cb..01d68f0 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
@@ -538,8 +538,13 @@  int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo,
 		return -EPERM;
 
 	vmw_user_bo = vmw_user_dma_buffer(bo);
-	return (vmw_user_bo->prime.base.tfile == tfile ||
-		vmw_user_bo->prime.base.shareable) ? 0 : -EPERM;
+
+	/* Check that the caller has opened the object. */
+	if (likely(ttm_ref_object_exists(tfile, &vmw_user_bo->prime.base)))
+		return 0;
+
+	DRM_ERROR("Could not grant buffer access.\n");
+	return -EPERM;
 }
 
 /**

[14/16] drm/vmwgfx: Tighten the security around buffer maps

Commit Message

Patch