p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

drm-misc-fixes for v5.0: 

- Block fb changes for async atomic updates to prevent a use after free.
 - Fix ID mismatch error on load in bochs.
 - Fix memory leak when drm_setup fails.
 - Fixes around handling of DRM_AUTH.
 -
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEuXvWqAysSYEJGuVH/lWMcqZwE8MFAlxvuWMACgkQ/lWMcqZw
 E8PzZQ/8CzXSzUVCx2yB5fk26FBk8F0O7lJuARE4R7UiH43qtxn8/IRsIB7P/TDe
 GNmqqJ6k7rFaW3SVvfsa1qGqi52w0CmvAGTBhBFCpjQQwEvYq6oGNi5cyGbRTWZU
 mio11DABVk3ZOeAuZLxn5Ua4s981hEC5IJqHxS37v/GZY8E3NJDPVklHRzBIN++i
 uB89RDIa359dlxRKxXqyyO2nnpO3Tx217ysgxY2WPUPp/bwFozPFcumltTqGaTdq
 9TEtWHzJJ6IDUpdUxz+hsFd+B1EDP2klpJQXi5am80XtIB7z7C2G8gkNsmf9V9Ft
 vlCe0rKYFFKZaBp9ed8TRw+UIOhyr8aGmuprlnz5JCyIYxgdCUVabJ4sC1KAdGge
 wNGR9Orpkb12CrFahwcnKqWPAMBIvZa8da9NhmsonXGEhv6aewJdTBO7upcdb4BQ
 B6SG9hMVcxNqDSktemcH4qaKhU4cempDomliZ4As28nbQDGmCayRBjAttFzZluOB
 kU46GIMjqhE18DKPwTz2SisV2xDCu0VvbQObV6PSpl7sf0vKz5nFMr1LQHYt3WG3
 GTF5u5mUtAwkcDdRdyDHrKsUI/IAXceRIaa7PJhWwRVlE4lY9/QNXccvJWjSy5Zc
 rrWn0TTNlWX+0fQFHr2NmYDn2h9suTnKSCW6fd83TPe/UTYnXXs=
 =Rf1K
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2019-02-22' of git://anongit.freedesktop.org/drm/drm-misc into drm-next

drm-misc-fixes for v5.0:
- Block fb changes for async atomic updates to prevent a use after free.
- Fix ID mismatch error on load in bochs.
- Fix memory leak when drm_setup fails.
- Fixes around handling of DRM_AUTH.

Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/42113611-e2cd-6bdd-7de5-4f8ab5a0cbe6@linux.intel.com
This commit is contained in:
Dave Airlie 2019-03-05 08:14:17 +10:00
parent 634092b1b9 04b9c48851
commit 4b057e73f2
3 changed files with 34 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
drivers/gpu/drm/drm_file.c
View File

@ -262,6 +262,18 @@ void drm_file_free(struct drm_file *file)
kfree(file); kfree(file);
} }
static void drm_close_helper(struct file *filp)
{
struct drm_file *file_priv = filp->private_data;
struct drm_device *dev = file_priv->minor->dev;
mutex_lock(&dev->filelist_mutex);
list_del(&file_priv->lhead);
mutex_unlock(&dev->filelist_mutex);
drm_file_free(file_priv);
}
static int drm_setup(struct drm_device * dev) static int drm_setup(struct drm_device * dev)
{ {
int ret; int ret;
@ -318,8 +330,10 @@ int drm_open(struct inode *inode, struct file *filp)
goto err_undo; goto err_undo;
if (need_setup) { if (need_setup) {
retcode = drm_setup(dev); retcode = drm_setup(dev);
if (retcode) if (retcode) {
drm_close_helper(filp);
goto err_undo; goto err_undo;
}
} }
return 0; return 0;
@ -473,11 +487,7 @@ int drm_release(struct inode *inode, struct file *filp)
DRM_DEBUG("open_count = %d\n", dev->open_count); DRM_DEBUG("open_count = %d\n", dev->open_count);
mutex_lock(&dev->filelist_mutex); drm_close_helper(filp);
list_del(&file_priv->lhead);
mutex_unlock(&dev->filelist_mutex);
drm_file_free(file_priv);
if (!--dev->open_count) { if (!--dev->open_count) {
drm_lastclose(dev); drm_lastclose(dev);

22
drivers/gpu/drm/drm_ioctl.c
View File

@ -508,6 +508,13 @@ int drm_version(struct drm_device *dev, void *data,
return err; return err;
} }
static inline bool
drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags)
{
return drm_core_check_feature(dev, DRIVER_RENDER) &&
(flags & DRM_RENDER_ALLOW);
}
/** /**
* drm_ioctl_permit - Check ioctl permissions against caller * drm_ioctl_permit - Check ioctl permissions against caller
* *
@ -522,14 +529,19 @@ int drm_version(struct drm_device *dev, void *data,
*/ */
int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) int drm_ioctl_permit(u32 flags, struct drm_file *file_priv)
{ {
const struct drm_device *dev = file_priv->minor->dev;
/* ROOT_ONLY is only for CAP_SYS_ADMIN */ /* ROOT_ONLY is only for CAP_SYS_ADMIN */
if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)))
return -EACCES; return -EACCES;
/* AUTH is only for authenticated or render client */ /* AUTH is only for master ... */
if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && if (unlikely((flags & DRM_AUTH) && drm_is_primary_client(file_priv))) {
!file_priv->authenticated)) /* authenticated ones, or render capable on DRM_RENDER_ALLOW. */
return -EACCES; if (!file_priv->authenticated &&
!drm_render_driver_and_ioctl(dev, flags))
return -EACCES;
}
/* MASTER is only for master or control clients */ /* MASTER is only for master or control clients */
if (unlikely((flags & DRM_MASTER) && if (unlikely((flags & DRM_MASTER) &&
@ -570,7 +582,7 @@ static const struct drm_ioctl_desc drm_ioctls[] = {
DRM_IOCTL_DEF(DRM_IOCTL_SET_UNIQUE, drm_invalid_op, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF(DRM_IOCTL_SET_UNIQUE, drm_invalid_op, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF(DRM_IOCTL_BLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF(DRM_IOCTL_BLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF(DRM_IOCTL_UNBLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF(DRM_IOCTL_UNBLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF(DRM_IOCTL_AUTH_MAGIC, drm_authmagic, DRM_AUTH|DRM_UNLOCKED|DRM_MASTER), DRM_IOCTL_DEF(DRM_IOCTL_AUTH_MAGIC, drm_authmagic, DRM_UNLOCKED|DRM_MASTER),
DRM_IOCTL_DEF(DRM_IOCTL_ADD_MAP, drm_legacy_addmap_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF(DRM_IOCTL_ADD_MAP, drm_legacy_addmap_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF(DRM_IOCTL_RM_MAP, drm_legacy_rmmap_ioctl, DRM_AUTH), DRM_IOCTL_DEF(DRM_IOCTL_RM_MAP, drm_legacy_rmmap_ioctl, DRM_AUTH),

2
include/drm/drm_drv.h
View File

@ -767,7 +767,7 @@ static inline bool drm_dev_is_unplugged(struct drm_device *dev)
* *
* Returns true if the @feature is supported, false otherwise. * Returns true if the @feature is supported, false otherwise.
*/ */
static inline bool drm_core_check_feature(struct drm_device *dev, u32 feature) static inline bool drm_core_check_feature(const struct drm_device *dev, u32 feature)
{ {
return dev->driver->driver_features & dev->driver_features & feature; return dev->driver->driver_features & dev->driver_features & feature;
} }