[PATCH v2] drm/gem: Fix mmap fake offset handling for drm_gem_object_funcs.mmap
Daniel Vetter
daniel at ffwll.ch
Wed Nov 20 13:40:02 UTC 2019
On Wed, Nov 20, 2019 at 2:08 PM Gerd Hoffmann <kraxel at redhat.com> wrote:
> > Ah, we're not going to replace the mapping on the dma-buf file. Only
> > the file of the vma structure. Doing the former would indeed be pretty
> > bad from a security pov.
>
> Now where do I get a filp from? Can I just call drm_open?
Hm, now I wonder whether it's maybe ok to just exchange the
filp->f_mapping. As long as we don't mix up the kinds of mapping and
page-cache management that can happon on a given address_space
structure (that's why I'm not keeon the shmem mapping reused, since
shmem uses the same address_space structure internally to manage the
page allocations - address_space both contains the page cache for a
file, and also the reverse mapping information). So kinda what
drm_open does, except we do that to the dma-buf file. So exactly what
amdgpu is doing and that I just complained about :-)
Aside: the amdgpu isn't great because it's racy, userspace could have
guessed the fd and already started an mmap before we managed to update
stuff. But aside from that maybe rolling out the amdgpu trick for
everyone is the right way?
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the dri-devel
mailing list