* [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP
@ 2025-04-15 10:57 Boris Brezillon
2025-04-15 11:18 ` Boris Brezillon
2025-04-16 14:26 ` Steven Price
0 siblings, 2 replies; 5+ messages in thread
From: Boris Brezillon @ 2025-04-15 10:57 UTC (permalink / raw)
To: Boris Brezillon, Steven Price, Liviu Dudau, Adrián Larumbe
Cc: dri-devel, kernel
Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
still be mmap-ed.
Fortunately, this bug only impacts user BOs, because kernel BOs are not
exposed to userspace (they don't have a BO handle), so they can't
be mmap-ed anyway. Given all user BOs setting this flag are private
anyway (not shareable), there's no potential data leak.
Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
---
drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c
index 15d8e2bcf6ad..1499df07f512 100644
--- a/drivers/gpu/drm/panthor/panthor_drv.c
+++ b/drivers/gpu/drm/panthor/panthor_drv.c
@@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
struct drm_file *file)
{
struct drm_panthor_bo_mmap_offset *args = data;
+ struct panthor_gem_object *bo;
struct drm_gem_object *obj;
int ret;
@@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
if (!obj)
return -ENOENT;
+ bo = to_panthor_bo(obj);
+ if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
+ return -EINVAL;
+
ret = drm_gem_create_mmap_offset(obj);
if (ret)
goto out;
--
2.49.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP
2025-04-15 10:57 [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP Boris Brezillon
@ 2025-04-15 11:18 ` Boris Brezillon
2025-04-15 11:24 ` Liviu Dudau
2025-04-16 14:26 ` Steven Price
1 sibling, 1 reply; 5+ messages in thread
From: Boris Brezillon @ 2025-04-15 11:18 UTC (permalink / raw)
To: Boris Brezillon, Steven Price, Liviu Dudau, Adrián Larumbe
Cc: dri-devel, kernel
On Tue, 15 Apr 2025 12:57:10 +0200
Boris Brezillon <boris.brezillon@collabora.com> wrote:
> Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
> panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
> still be mmap-ed.
>
> Fortunately, this bug only impacts user BOs, because kernel BOs are not
> exposed to userspace (they don't have a BO handle), so they can't
> be mmap-ed anyway. Given all user BOs setting this flag are private
> anyway (not shareable), there's no potential data leak.
>
> Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
> Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
> ---
> drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c
> index 15d8e2bcf6ad..1499df07f512 100644
> --- a/drivers/gpu/drm/panthor/panthor_drv.c
> +++ b/drivers/gpu/drm/panthor/panthor_drv.c
> @@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> struct drm_file *file)
> {
> struct drm_panthor_bo_mmap_offset *args = data;
> + struct panthor_gem_object *bo;
> struct drm_gem_object *obj;
> int ret;
>
> @@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> if (!obj)
> return -ENOENT;
>
> + bo = to_panthor_bo(obj);
> + if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> + return -EINVAL;
Maybe it should be EPERM instead of EINVAL here.
> +
> ret = drm_gem_create_mmap_offset(obj);
> if (ret)
> goto out;
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP
2025-04-15 11:18 ` Boris Brezillon
@ 2025-04-15 11:24 ` Liviu Dudau
0 siblings, 0 replies; 5+ messages in thread
From: Liviu Dudau @ 2025-04-15 11:24 UTC (permalink / raw)
To: Boris Brezillon; +Cc: Steven Price, Adrián Larumbe, dri-devel, kernel
On Tue, Apr 15, 2025 at 01:18:42PM +0200, Boris Brezillon wrote:
> On Tue, 15 Apr 2025 12:57:10 +0200
> Boris Brezillon <boris.brezillon@collabora.com> wrote:
>
> > Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
> > panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
> > still be mmap-ed.
> >
> > Fortunately, this bug only impacts user BOs, because kernel BOs are not
> > exposed to userspace (they don't have a BO handle), so they can't
> > be mmap-ed anyway. Given all user BOs setting this flag are private
> > anyway (not shareable), there's no potential data leak.
> >
> > Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
> > Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
> > ---
> > drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c
> > index 15d8e2bcf6ad..1499df07f512 100644
> > --- a/drivers/gpu/drm/panthor/panthor_drv.c
> > +++ b/drivers/gpu/drm/panthor/panthor_drv.c
> > @@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> > struct drm_file *file)
> > {
> > struct drm_panthor_bo_mmap_offset *args = data;
> > + struct panthor_gem_object *bo;
> > struct drm_gem_object *obj;
> > int ret;
> >
> > @@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> > if (!obj)
> > return -ENOENT;
> >
> > + bo = to_panthor_bo(obj);
> > + if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> > + return -EINVAL;
>
> Maybe it should be EPERM instead of EINVAL here.
Yeah, I agree. With that change:
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
Best regards,
Liviu
>
> > +
> > ret = drm_gem_create_mmap_offset(obj);
> > if (ret)
> > goto out;
>
--
====================
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP
2025-04-15 10:57 [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP Boris Brezillon
2025-04-15 11:18 ` Boris Brezillon
@ 2025-04-16 14:26 ` Steven Price
2025-04-16 15:11 ` Boris Brezillon
1 sibling, 1 reply; 5+ messages in thread
From: Steven Price @ 2025-04-16 14:26 UTC (permalink / raw)
To: Boris Brezillon, Liviu Dudau, Adrián Larumbe; +Cc: dri-devel, kernel
On 15/04/2025 11:57, Boris Brezillon wrote:
> Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
> panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
> still be mmap-ed.
>
> Fortunately, this bug only impacts user BOs, because kernel BOs are not
> exposed to userspace (they don't have a BO handle), so they can't
> be mmap-ed anyway. Given all user BOs setting this flag are private
> anyway (not shareable), there's no potential data leak.
Maybe I'm missing something, but I think the below check in
panthor_gem_mmap() should also prevent this:
> static int panthor_gem_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
> {
> struct panthor_gem_object *bo = to_panthor_bo(obj);
>
> /* Don't allow mmap on objects that have the NO_MMAP flag set. */
> if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> return -EINVAL;
>
> return drm_gem_shmem_object_mmap(obj, vma);
> }
That said, it doesn't make sense to be able to get an offset if you
can't mmap() so this seems like a good change. Indeed potentially with
this we no longer need panthor_gem_mmap() - although I haven't
completely convinced myself of that yet.
> Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
> Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
Reviewed-by: Steven Price <steven.price@arm.com>
> ---
> drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c
> index 15d8e2bcf6ad..1499df07f512 100644
> --- a/drivers/gpu/drm/panthor/panthor_drv.c
> +++ b/drivers/gpu/drm/panthor/panthor_drv.c
> @@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> struct drm_file *file)
> {
> struct drm_panthor_bo_mmap_offset *args = data;
> + struct panthor_gem_object *bo;
> struct drm_gem_object *obj;
> int ret;
>
> @@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> if (!obj)
> return -ENOENT;
>
> + bo = to_panthor_bo(obj);
> + if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> + return -EINVAL;
> +
> ret = drm_gem_create_mmap_offset(obj);
> if (ret)
> goto out;
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP
2025-04-16 14:26 ` Steven Price
@ 2025-04-16 15:11 ` Boris Brezillon
0 siblings, 0 replies; 5+ messages in thread
From: Boris Brezillon @ 2025-04-16 15:11 UTC (permalink / raw)
To: Steven Price; +Cc: Liviu Dudau, Adrián Larumbe, dri-devel, kernel
On Wed, 16 Apr 2025 15:26:42 +0100
Steven Price <steven.price@arm.com> wrote:
> On 15/04/2025 11:57, Boris Brezillon wrote:
> > Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
> > panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
> > still be mmap-ed.
> >
> > Fortunately, this bug only impacts user BOs, because kernel BOs are not
> > exposed to userspace (they don't have a BO handle), so they can't
> > be mmap-ed anyway. Given all user BOs setting this flag are private
> > anyway (not shareable), there's no potential data leak.
>
> Maybe I'm missing something, but I think the below check in
> panthor_gem_mmap() should also prevent this:
>
> > static int panthor_gem_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)
> > {
> > struct panthor_gem_object *bo = to_panthor_bo(obj);
> >
> > /* Don't allow mmap on objects that have the NO_MMAP flag set. */
> > if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> > return -EINVAL;
Doh, how did I miss that one...
> >
> > return drm_gem_shmem_object_mmap(obj, vma);
> > }
>
> That said, it doesn't make sense to be able to get an offset if you
> can't mmap() so this seems like a good change. Indeed potentially with
> this we no longer need panthor_gem_mmap() - although I haven't
> completely convinced myself of that yet.
>
> > Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
> > Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
>
> Reviewed-by: Steven Price <steven.price@arm.com>
Okay, if we decide to keep that change, I need to reword the commit
message and drop the Fixes tag.
>
> > ---
> > drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/drivers/gpu/drm/panthor/panthor_drv.c b/drivers/gpu/drm/panthor/panthor_drv.c
> > index 15d8e2bcf6ad..1499df07f512 100644
> > --- a/drivers/gpu/drm/panthor/panthor_drv.c
> > +++ b/drivers/gpu/drm/panthor/panthor_drv.c
> > @@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> > struct drm_file *file)
> > {
> > struct drm_panthor_bo_mmap_offset *args = data;
> > + struct panthor_gem_object *bo;
> > struct drm_gem_object *obj;
> > int ret;
> >
> > @@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device *ddev, void *data,
> > if (!obj)
> > return -ENOENT;
> >
> > + bo = to_panthor_bo(obj);
> > + if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> > + return -EINVAL;
> > +
> > ret = drm_gem_create_mmap_offset(obj);
> > if (ret)
> > goto out;
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-04-16 15:11 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-15 10:57 [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP Boris Brezillon
2025-04-15 11:18 ` Boris Brezillon
2025-04-15 11:24 ` Liviu Dudau
2025-04-16 14:26 ` Steven Price
2025-04-16 15:11 ` Boris Brezillon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.