drm/vmwgfx: Tighten the security around buffer maps

Make sure only buffer objects that are referenced by the client can be mapped. Signed-off-by: N Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: N Brian Paul <brianp@vmware.com>

drm/vmwgfx: Tighten the security around buffer maps
Make sure only buffer objects that are referenced by the client can be mapped. Signed-off-by: N Thomas Hellstrom <thellstrom@vmware.com> Reviewed-by: N Brian Paul <brianp@vmware.com>
f6dfe73a · Thomas Hellstrom · 0d3215e3 · f6dfe73a
隐藏空白更改
内联并排

Showing with 7 addition and 2 deletion

drivers/gpu/drm/vmwgfx/vmwgfx_resource.c drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +7 -2

未找到文件。
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c
@@ -538,8 +538,13 @@ int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo,
 		return -EPERM;

 	vmw_user_bo = vmw_user_dma_buffer(bo);
-	return (vmw_user_bo->prime.base.tfile == tfile ||
-		vmw_user_bo->prime.base.shareable) ? 0 : -EPERM;
+
+	/* Check that the caller has opened the object. */
+	if (likely(ttm_ref_object_exists(tfile, &vmw_user_bo->prime.base)))
+		return 0;
+
+	DRM_ERROR("Could not grant buffer access.\n");
+	return -EPERM;
 }

 /**