Re: [PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP

Wed, 16 Apr 2025 07:26:51 -0700 

On 15/04/2025 11:57, Boris Brezillon wrote:
> Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
> panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
> still be mmap-ed.
> 
> Fortunately, this bug only impacts user BOs, because kernel BOs are not
> exposed to userspace (they don't have a BO handle), so they can't
> be mmap-ed anyway. Given all user BOs setting this flag are private
> anyway (not shareable), there's no potential data leak.

Maybe I'm missing something, but I think the below check in
panthor_gem_mmap() should also prevent this:

> static int panthor_gem_mmap(struct drm_gem_object *obj, struct vm_area_struct 
> *vma)
> {
>       struct panthor_gem_object *bo = to_panthor_bo(obj);
> 
>       /* Don't allow mmap on objects that have the NO_MMAP flag set. */
>       if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
>               return -EINVAL;
> 
>       return drm_gem_shmem_object_mmap(obj, vma);
> }

That said, it doesn't make sense to be able to get an offset if you
can't mmap() so this seems like a good change. Indeed potentially with
this we no longer need panthor_gem_mmap() - although I haven't
completely convinced myself of that yet.

> Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
> Signed-off-by: Boris Brezillon <boris.brezil...@collabora.com>

Reviewed-by: Steven Price <steven.pr...@arm.com>

> ---
>  drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/gpu/drm/panthor/panthor_drv.c 
> b/drivers/gpu/drm/panthor/panthor_drv.c
> index 15d8e2bcf6ad..1499df07f512 100644
> --- a/drivers/gpu/drm/panthor/panthor_drv.c
> +++ b/drivers/gpu/drm/panthor/panthor_drv.c
> @@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device 
> *ddev, void *data,
>                                       struct drm_file *file)
>  {
>       struct drm_panthor_bo_mmap_offset *args = data;
> +     struct panthor_gem_object *bo;
>       struct drm_gem_object *obj;
>       int ret;
>  
> @@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct 
> drm_device *ddev, void *data,
>       if (!obj)
>               return -ENOENT;
>  
> +     bo = to_panthor_bo(obj);
> +     if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
> +             return -EINVAL;
> +
>       ret = drm_gem_create_mmap_offset(obj);
>       if (ret)
>               goto out;

Reply via email to