提交 5c4604e7 编写于 作者: J Joonas Lahtinen

drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set

Make sure the underlying VMA in the process address space is the
same as it was during vm_mmap to avoid applying WC to wrong VMA.

A more long-term solution would be to have vm_mmap_locked variant
in linux/mmap.h for when caller wants to hold mmap_sem for an
extended duration.

v2:
- Refactor the compare function

Fixes: 1816f923 ("drm/i915: Support creation of unbound wc user mappings for objects")
Reported-by: NAdam Zabrocki <adamza@microsoft.com>
Suggested-by: NLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: NJoonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: <stable@vger.kernel.org> # v4.0+
Cc: Akash Goel <akash.goel@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Adam Zabrocki <adamza@microsoft.com>
Reviewed-by: NChris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com> #v1
Link: https://patchwork.freedesktop.org/patch/msgid/20190207085454.10598-1-joonas.lahtinen@linux.intel.com
上级 6cbb55c0
...@@ -1679,6 +1679,16 @@ i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data, ...@@ -1679,6 +1679,16 @@ i915_gem_sw_finish_ioctl(struct drm_device *dev, void *data,
return 0; return 0;
} }
static inline bool
__vma_matches(struct vm_area_struct *vma, struct file *filp,
unsigned long addr, unsigned long size)
{
if (vma->vm_file != filp)
return false;
return vma->vm_start == addr && (vma->vm_end - vma->vm_start) == size;
}
/** /**
* i915_gem_mmap_ioctl - Maps the contents of an object, returning the address * i915_gem_mmap_ioctl - Maps the contents of an object, returning the address
* it is mapped to. * it is mapped to.
...@@ -1737,7 +1747,7 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data, ...@@ -1737,7 +1747,7 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
return -EINTR; return -EINTR;
} }
vma = find_vma(mm, addr); vma = find_vma(mm, addr);
if (vma) if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
vma->vm_page_prot = vma->vm_page_prot =
pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); pgprot_writecombine(vm_get_page_prot(vma->vm_flags));
else else
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册