diff options
| author | Thomas Hellstrom <thellstrom@vmware.com> | 2012-11-21 16:04:18 +0100 |
|---|---|---|
| committer | Dave Airlie <airlied@redhat.com> | 2012-11-28 20:09:08 +1000 |
| commit | d08a9b9cd82f668a5437c23e59063387ca3ecec5 (patch) | |
| tree | ba4f33c31d5cf530c244b2ec0fa8bf5865677563 | |
| parent | 219e81536c8776b30ccf3262c1ceaeaddf7a231a (diff) | |
drm/vmwgfx: Tighten the security around buffer maps
Make sure that other DRM clients can't map the contents of
non-shareable buffer objects.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
| -rw-r--r-- | drivers/gpu/drm/vmwgfx/vmwgfx_buffer.c | 9 | ||||
| -rw-r--r-- | drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 2 | ||||
| -rw-r--r-- | drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 20 |
3 files changed, 26 insertions, 5 deletions
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_buffer.c index ef1109c8fec8..96dc84dc34d0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_buffer.c @@ -248,13 +248,12 @@ void vmw_evict_flags(struct ttm_buffer_object *bo, *placement = vmw_sys_placement; } -/** - * FIXME: Proper access checks on buffers. - */ - static int vmw_verify_access(struct ttm_buffer_object *bo, struct file *filp) { - return 0; + struct ttm_object_file *tfile = + vmw_fpriv((struct drm_file *)filp->private_data)->tfile; + + return vmw_user_dmabuf_verify_access(bo, tfile); } static int vmw_ttm_io_mem_reserve(struct ttm_bo_device *bdev, struct ttm_mem_reg *mem) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index 34dce9e2b6d2..13aeda71280e 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -461,6 +461,8 @@ extern int vmw_dmabuf_init(struct vmw_private *dev_priv, size_t size, struct ttm_placement *placement, bool interuptable, void (*bo_free) (struct ttm_buffer_object *bo)); +extern int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo, + struct ttm_object_file *tfile); extern int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv); extern int vmw_dmabuf_unref_ioctl(struct drm_device *dev, void *data, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c index 88b6f921ee94..0def4ff5b621 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c @@ -458,6 +458,26 @@ out_no_base_object: return ret; } +/** + * vmw_user_dmabuf_verify_access - verify access permissions on this + * buffer object. + * + * @bo: Pointer to the buffer object being accessed + * @tfile: Identifying the caller. + */ +int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo, + struct ttm_object_file *tfile) +{ + struct vmw_user_dma_buffer *vmw_user_bo; + + if (unlikely(bo->destroy != vmw_user_dmabuf_destroy)) + return -EPERM; + + vmw_user_bo = vmw_user_dma_buffer(bo); + return (vmw_user_bo->base.tfile == tfile || + vmw_user_bo->base.shareable) ? 0 : -EPERM; +} + int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv) { |