| Message ID | 20180531113552.13152-4-chris@chris-wilson.co.uk (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, 2018-05-31 at 12:35 +0100, Chris Wilson wrote: > If the user created a read-only object, they should not be allowed to > circumvent the write protection using the pwrite ioctl. > > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > Cc: Jon Bloomfield <jon.bloomfield@intel.com> > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> > Cc: Matthew Auld <matthew.william.auld@gmail.com> This asks for some igt's and selftests. Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> Regards, Joonas
Quoting Joonas Lahtinen (2018-06-01 11:19:07) > On Thu, 2018-05-31 at 12:35 +0100, Chris Wilson wrote: > > If the user created a read-only object, they should not be allowed to > > circumvent the write protection using the pwrite ioctl. > > > > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > > Cc: Jon Bloomfield <jon.bloomfield@intel.com> > > Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> > > Cc: Matthew Auld <matthew.william.auld@gmail.com> > > This asks for some igt's and selftests. uABI, so hard for a selftest. (Or more to the point, I haven't figured out how we are supposed to fake userspace memory from inside the kernel. set_fs()? Maybe fork_usermode_helper? Hmm. So really I've been focusing on uABI coverage in igt, and forcing the corner cases in selftests where we can control faults much more easily.) The first round of igt was already posted; the plan was to extend that test to cover poking at it through the different holes in the uapi. -Chris
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index e55278fadf9c..f359ee507eb5 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -1619,6 +1619,12 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data, goto err; } + /* Writes not allowed into this read-only object */ + if (obj->gt_ro) { + ret = -EINVAL; + goto err; + } + trace_i915_gem_object_pwrite(obj, args->offset, args->size); ret = -ENODEV;
If the user created a read-only object, they should not be allowed to circumvent the write protection using the pwrite ioctl. Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: Jon Bloomfield <jon.bloomfield@intel.com> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com> Cc: Matthew Auld <matthew.william.auld@gmail.com> --- drivers/gpu/drm/i915/i915_gem.c | 6 ++++++ 1 file changed, 6 insertions(+)