[PATCH 0/2] Fix purging buffers in the shmem helpers
Neil Roberts
nroberts at igalia.com
Tue Feb 23 15:51:23 UTC 2021
These two patches fix a problem with the madvise purging code for the
shmem helpers where the mmaping for a purged buffer wouldn't get
invalidated correctly. This presumably ends up as a security hole
where the mapping can be accessed from user-space to read and write
random pages from other buffers. This is currently affecting Panfrost.
The second patch is a v2 from a patch that was sent standalone.
There is a WIP IGT test for Panfrost which demonstrates the bug here:
https://gitlab.freedesktop.org/nroberts/igt-gpu-tools/-/commits/panfrost-purgemap/
Neil Roberts (2):
drm/shmem-helper: Check for purged buffers in fault handler
drm/shmem-helper: Don't remove the offset in vm_area_struct pgoff
drivers/gpu/drm/drm_gem_shmem_helper.c | 25 ++++++++++++++++++-------
1 file changed, 18 insertions(+), 7 deletions(-)
--
2.29.2
More information about the dri-devel
mailing list