From patchwork Wed Aug 22 08:54:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Vetter X-Patchwork-Id: 10572753 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 76D881579 for ; Wed, 22 Aug 2018 08:54:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64B192B018 for ; Wed, 22 Aug 2018 08:54:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 58EC72B03D; Wed, 22 Aug 2018 08:54:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ED9BD2B017 for ; Wed, 22 Aug 2018 08:54:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728400AbeHVMSY (ORCPT ); Wed, 22 Aug 2018 08:18:24 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:40421 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728477AbeHVMSP (ORCPT ); Wed, 22 Aug 2018 08:18:15 -0400 Received: by mail-ed1-f67.google.com with SMTP id e19-v6so899760edq.7 for ; Wed, 22 Aug 2018 01:54:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=z4YaKXzJ/DownRwu4yv1jXZW8lTAGwrCMpU9ehgypc4=; b=d76XWmxNBPKF2ilzx595VNc8Fb69toGGSwPhmi4orJx6Q32PdRq9eRDWJ5NY5SUIoW lXizKQdmV06CqSvFYDg1Z9MLrgb2fgfPTONZ4mBOPbFvacepXNzPVf5S2ZTf5vsjcaLo zYy2OyMB5XIjbzysXPjq7BLXFE4r241d7PD/Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=z4YaKXzJ/DownRwu4yv1jXZW8lTAGwrCMpU9ehgypc4=; b=YGUPdHMDDckrfiqX9EjK6Gdwo9mXdRZGpJdwNVsRbaO4/IFNC5feD7dnYUUWMTkMad KySuIagRg8NxXnWU/filHwtYWMVy55LO3p7I6z/ld42IvhpXSnYbhdrm0ZeWO4ssmNLl cxc8usYsLwNdQt+JT4w5TA7LPhVP5HZV9YzIBht/ShE1izSTyDAHw7e3iK0qfKgoPsC9 KwwKlrQfZxvNL/m3QgUg/c90PxjHA8jGoGqwg3GCtZUY/QV6o7OVu7ftpzHCv5zHhqQw Ka8734jjx6CaswPVDWudFDkrHOlhaBB1wlebUAj//XL0f8ano9dP+7SPIK2a37yDGPl5 QVkg== X-Gm-Message-State: AOUpUlHF+zYTLD0ZfJUqlW+dOkG1Oy4DReK95gZ1RYfk9LyI7h4pHlX+ bf/zvo3BlYdYaZNdhR7vvfoPbEIujajP5g== X-Google-Smtp-Source: AA+uWPzAaBN0YUaOkXa9n2AysLGFpumX2evUm4a/aTID+b2O4fqiFRFgv06TKiNogRx4zNQGMA/g0g== X-Received: by 2002:a50:b8c5:: with SMTP id l63-v6mr64588855ede.80.1534928056364; Wed, 22 Aug 2018 01:54:16 -0700 (PDT) Received: from phenom.ffwll.local (212-51-149-109.fiber7.init7.net. [212.51.149.109]) by smtp.gmail.com with ESMTPSA id r21-v6sm636418eds.7.2018.08.22.01.54.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Aug 2018 01:54:15 -0700 (PDT) From: Daniel Vetter To: DRI Development Cc: Intel Graphics Development , LKML , Daniel Vetter , Bartlomiej Zolnierkiewicz , Kees Cook , linux-fbdev@vger.kernel.org, Daniel Vetter Subject: [PATCH 3/4] fbdev: Add FBINFO_HIDE_SMEM_START flag Date: Wed, 22 Aug 2018 10:54:04 +0200 Message-Id: <20180822085405.10787-3-daniel.vetter@ffwll.ch> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180822085405.10787-1-daniel.vetter@ffwll.ch> References: <20180822085405.10787-1-daniel.vetter@ffwll.ch> Sender: linux-fbdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fbdev@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP DRM drivers really, really, really don't want random userspace to share buffer behind it's back, bypassing the dma-buf buffer sharing machanism. For that reason we've ruthlessly rejected any IOCTL exposing the physical address of any graphics buffer. Unfortunately fbdev comes with that built-in. We could just set smem_start to 0, but that means we'd have to hand-roll our own fb_mmap implementation. For good reasons many drivers do that, but smem_start/length is still super convenient. Hence instead just stop the leak in the ioctl, to keep fb mmap working as-is. A second patch will set this flag for all drm drivers. Cc: Bartlomiej Zolnierkiewicz Cc: Kees Cook Cc: Daniel Vetter Cc: linux-fbdev@vger.kernel.org Signed-off-by: Daniel Vetter Acked-by: Bartlomiej Zolnierkiewicz --- drivers/video/fbdev/core/fbmem.c | 4 ++++ include/linux/fb.h | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 609438d2465b..549d0f86fcf3 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1116,6 +1116,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, if (!lock_fb_info(info)) return -ENODEV; fix = info->fix; + if (info->flags & FBINFO_HIDE_SMEM_START) + fix.smem_start = 0; unlock_fb_info(info); ret = copy_to_user(argp, &fix, sizeof(fix)) ? -EFAULT : 0; @@ -1326,6 +1328,8 @@ static int fb_get_fscreeninfo(struct fb_info *info, unsigned int cmd, if (!lock_fb_info(info)) return -ENODEV; fix = info->fix; + if (info->flags & FBINFO_HIDE_SMEM_START) + fix.smem_start = 0; unlock_fb_info(info); return do_fscreeninfo_to_user(&fix, compat_ptr(arg)); } diff --git a/include/linux/fb.h b/include/linux/fb.h index fa8c6f9c9c3a..f42b09ca71f8 100644 --- a/include/linux/fb.h +++ b/include/linux/fb.h @@ -456,6 +456,13 @@ struct fb_tile_ops { * and host endianness. Drivers should not use this flag. */ #define FBINFO_BE_MATH 0x100000 +/* + * Hide smem_start in the FBIOGET_FSCREENINFO IOCTL. This is used by modern DRM + * drivers to stop userspace from trying to share buffers behind the kernel's + * back. Instead dma-buf based buffer sharing should be used. + */ +#define FBINFO_HIDE_SMEM_START 0x200000 + struct fb_info { atomic_t count;