Commit f6dfe73a authored by Thomas Hellstrom's avatar Thomas Hellstrom

drm/vmwgfx: Tighten the security around buffer maps

Make sure only buffer objects that are referenced by the client can be mapped.
Signed-off-by: default avatarThomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: default avatarBrian Paul <brianp@vmware.com>
parent 0d3215e3
...@@ -538,8 +538,13 @@ int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo, ...@@ -538,8 +538,13 @@ int vmw_user_dmabuf_verify_access(struct ttm_buffer_object *bo,
return -EPERM; return -EPERM;
vmw_user_bo = vmw_user_dma_buffer(bo); vmw_user_bo = vmw_user_dma_buffer(bo);
return (vmw_user_bo->prime.base.tfile == tfile ||
vmw_user_bo->prime.base.shareable) ? 0 : -EPERM; /* Check that the caller has opened the object. */
if (likely(ttm_ref_object_exists(tfile, &vmw_user_bo->prime.base)))
return 0;
DRM_ERROR("Could not grant buffer access.\n");
return -EPERM;
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment