lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Jan 2018 14:58:02 +0100
From:   Tomeu Vizoso <tomeu.vizoso@...labora.com>
To:     linux-kernel@...r.kernel.org
Cc:     Zach Reizner <zachr@...gle.com>, kernel@...labora.com,
        Tomeu Vizoso <tomeu.vizoso@...labora.com>,
        David Airlie <airlied@...ux.ie>,
        Gerd Hoffmann <kraxel@...hat.com>,
        dri-devel@...ts.freedesktop.org,
        virtualization@...ts.linux-foundation.org
Subject: [PATCH v3 2/2] drm/virtio: Handle buffers from the compositor

When retrieving queued messages from the compositor in the host for
clients in the guest, handle buffers that may be passed.

These buffers should have been mapped to the guest's address space, for
example via the KVM_SET_USER_MEMORY_REGION ioctl.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@...labora.com>
---

 drivers/gpu/drm/virtio/virtgpu_ioctl.c | 54 ++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index d4230b1fa91d..57b1ad51d251 100644
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -545,14 +545,58 @@ static unsigned int winsrv_poll(struct file *filp,
 	return mask;
 }
 
+struct virtio_gpu_winsrv_region {
+	uint64_t pfn;
+	size_t size;
+};
+
+static int winsrv_fd_mmap(struct file *filp, struct vm_area_struct *vma)
+{
+	struct virtio_gpu_winsrv_region *region = filp->private_data;
+	unsigned long vm_size = vma->vm_end - vma->vm_start;
+	int ret = 0;
+
+	if (vm_size +
+	    (vma->vm_pgoff << PAGE_SHIFT) > PAGE_ALIGN(region->size))
+		return -EINVAL;
+
+	ret = io_remap_pfn_range(vma, vma->vm_start, region->pfn, vm_size,
+				 vma->vm_page_prot);
+	if (ret)
+		return ret;
+
+	vma->vm_flags |= VM_PFNMAP | VM_IO | VM_DONTEXPAND | VM_DONTDUMP;
+
+	return ret;
+}
+
+static int winsrv_fd_release(struct inode *inodep, struct file *filp)
+{
+	struct virtio_gpu_winsrv_region *region = filp->private_data;
+
+	kfree(region);
+
+	return 0;
+}
+
+static const struct file_operations winsrv_fd_fops = {
+	.mmap = winsrv_fd_mmap,
+	.release = winsrv_fd_release,
+};
+
 static int winsrv_ioctl_rx(struct virtio_gpu_device *vgdev,
 			   struct virtio_gpu_winsrv_conn *conn,
 			   struct drm_virtgpu_winsrv *cmd)
 {
 	struct virtio_gpu_winsrv_rx_qentry *qentry, *tmp;
 	struct virtio_gpu_winsrv_rx *virtio_cmd;
+	struct virtio_gpu_winsrv_region *region;
 	int available_len = cmd->len;
 	int read_count = 0;
+	int i;
+
+	for (i = 0; i < VIRTGPU_WINSRV_MAX_ALLOCS; i++)
+		cmd->fds[i] = -1;
 
 	list_for_each_entry_safe(qentry, tmp, &conn->cmdq, next) {
 		virtio_cmd = qentry->cmd;
@@ -567,6 +611,16 @@ static int winsrv_ioctl_rx(struct virtio_gpu_device *vgdev,
 				return -EFAULT;
 		}
 
+		for (i = 0; virtio_cmd->pfns[i]; i++) {
+			region = kmalloc(sizeof(*region), GFP_KERNEL);
+			region->pfn = virtio_cmd->pfns[i];
+			region->size = virtio_cmd->lens[i];
+			cmd->fds[i] = anon_inode_getfd("[winsrv_fd]",
+						       &winsrv_fd_fops,
+						       region,
+						       O_CLOEXEC | O_RDWR);
+		}
+
 		available_len -= virtio_cmd->len;
 		read_count += virtio_cmd->len;
 
-- 
2.14.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ