From patchwork Sun Jul 7 17:17:33 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Herrmann X-Patchwork-Id: 2824603 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 19F849F9CA for ; Sun, 7 Jul 2013 17:32:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 340AB2012B for ; Sun, 7 Jul 2013 17:32:22 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 4A61C20122 for ; Sun, 7 Jul 2013 17:32:21 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 358F5E6095 for ; Sun, 7 Jul 2013 10:32:21 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-ee0-f45.google.com (mail-ee0-f45.google.com [74.125.83.45]) by gabe.freedesktop.org (Postfix) with ESMTP id 748DEE605B for ; Sun, 7 Jul 2013 10:18:14 -0700 (PDT) Received: by mail-ee0-f45.google.com with SMTP id c1so2342077eek.32 for ; Sun, 07 Jul 2013 10:18:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; bh=PqLVjcc6hjYSABYzaiZ8zAP/C0LbEyQOmYiYdygrsew=; b=n7LZJ8QTUAt8osEAywjyUTQKP7z77r4UhSFyA96VdIFPh71hfDSejtEbI06HQFAz9z elKDN5JKOLlMv/trd/pRTzBgqywwU37srR+KloG9toCvJ0S+CzCAmWr5AADVP4IaLjxx 9GSqoi0bk4ICBzZZE4hmmDMOEUeh5Uk4QrWJ09qbQ0kGYTjrIbaurLvc5orTuP+KdBag j/npiBLFL/7Fe4kGo+LQ48ImDG8d7seWR9lftTt+pR9x7kHdyzJ1KrDTzGhqLVLqoJey jIRp8fT5Viicqti5PXFiXZIwJKinKz3JzQRNm/4p1iVhyiLd5wjEqyiQSd0JZI3dL0uQ F3Zg== X-Received: by 10.15.21.199 with SMTP id d47mr20997516eeu.36.1373217493791; Sun, 07 Jul 2013 10:18:13 -0700 (PDT) Received: from localhost.localdomain (stgt-5f71834a.pool.mediaWays.net. [95.113.131.74]) by mx.google.com with ESMTPSA id n45sm34781333eew.1.2013.07.07.10.18.12 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 07 Jul 2013 10:18:12 -0700 (PDT) From: David Herrmann To: dri-devel@lists.freedesktop.org Subject: [PATCH v2 17/20] drm/ttm: prevent mmap access to unauthorized users Date: Sun, 7 Jul 2013 19:17:33 +0200 Message-Id: <1373217456-32282-18-git-send-email-dh.herrmann@gmail.com> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1373217456-32282-1-git-send-email-dh.herrmann@gmail.com> References: <1373217456-32282-1-git-send-email-dh.herrmann@gmail.com> Cc: Daniel Vetter , Martin Peres , Dave Airlie X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org Errors-To: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If a user does not have access to a given buffer, we must not allow them to mmap it. Otherwise, users could "guess" the buffer offsets of other users and get access to the buffer. All TTM drivers already use the new VMA offset manager access management so we can enable TTM mmap access management now. Signed-off-by: David Herrmann --- drivers/gpu/drm/ttm/ttm_bo_vm.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c index 54a67f1..756adc7 100644 --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c @@ -219,7 +219,8 @@ static const struct vm_operations_struct ttm_bo_vm_ops = { .close = ttm_bo_vm_close }; -static struct ttm_buffer_object *ttm_bo_vm_lookup(struct ttm_bo_device *bdev, +static struct ttm_buffer_object *ttm_bo_vm_lookup(struct file *filp, + struct ttm_bo_device *bdev, unsigned long offset, unsigned long pages) { @@ -229,7 +230,7 @@ static struct ttm_buffer_object *ttm_bo_vm_lookup(struct ttm_bo_device *bdev, read_lock(&bdev->vm_lock); node = drm_vma_offset_lookup(&bdev->vma_manager, offset, pages); - if (likely(node)) { + if (likely(node) && drm_vma_node_is_allowed(node, filp)) { bo = container_of(node, struct ttm_buffer_object, vma_node); if (!kref_get_unless_zero(&bo->kref)) bo = NULL; @@ -250,7 +251,7 @@ int ttm_bo_mmap(struct file *filp, struct vm_area_struct *vma, struct ttm_buffer_object *bo; int ret; - bo = ttm_bo_vm_lookup(bdev, vma->vm_pgoff, vma_pages(vma)); + bo = ttm_bo_vm_lookup(filp, bdev, vma->vm_pgoff, vma_pages(vma)); if (unlikely(!bo)) return -EINVAL; @@ -310,7 +311,7 @@ ssize_t ttm_bo_io(struct ttm_bo_device *bdev, struct file *filp, bool no_wait = false; bool dummy; - bo = ttm_bo_vm_lookup(bdev, dev_offset, 1); + bo = ttm_bo_vm_lookup(filp, bdev, dev_offset, 1); if (unlikely(bo == NULL)) return -EFAULT;