drm: Protect master->unique with dev->master_mutex (5acc614a) · Commits · EulixOS / Software / Kernel

drivers/gpu/drm/drm_ioctl.c

+9 −3

Original line number	Diff line number	Diff line
		@@ -115,11 +115,15 @@ static int drm_getunique(struct drm_device dev, void data,
		struct drm_unique *u = data;
		struct drm_master *master = file_priv->master;

		mutex_lock(&master->dev->master_mutex);
		if (u->unique_len >= master->unique_len) {
		if (copy_to_user(u->unique, master->unique, master->unique_len))
		if (copy_to_user(u->unique, master->unique, master->unique_len)) {
		mutex_unlock(&master->dev->master_mutex);
		return -EFAULT;
		}
		}
		u->unique_len = master->unique_len;
		mutex_unlock(&master->dev->master_mutex);

		return 0;
		}
		@@ -340,6 +344,7 @@ static int drm_setversion(struct drm_device dev, void data, struct drm_file *f
		struct drm_set_version *sv = data;
		int if_version, retcode = 0;

		mutex_lock(&dev->master_mutex);
		if (sv->drm_di_major != -1) {
		if (sv->drm_di_major != DRM_IF_MAJOR \|\|
		sv->drm_di_minor < 0 \|\| sv->drm_di_minor > DRM_IF_MINOR) {
		@@ -374,6 +379,7 @@ static int drm_setversion(struct drm_device dev, void data, struct drm_file *f
		sv->drm_di_minor = DRM_IF_MINOR;
		sv->drm_dd_major = dev->driver->major;
		sv->drm_dd_minor = dev->driver->minor;
		mutex_unlock(&dev->master_mutex);

		return retcode;
		}
		@@ -528,7 +534,7 @@ EXPORT_SYMBOL(drm_ioctl_permit);
		static const struct drm_ioctl_desc drm_ioctls[] = {
		DRM_IOCTL_DEF(DRM_IOCTL_VERSION, drm_version,
		DRM_UNLOCKED\|DRM_RENDER_ALLOW\|DRM_CONTROL_ALLOW),
		DRM_IOCTL_DEF(DRM_IOCTL_GET_UNIQUE, drm_getunique, 0),
		DRM_IOCTL_DEF(DRM_IOCTL_GET_UNIQUE, drm_getunique, DRM_UNLOCKED),
		DRM_IOCTL_DEF(DRM_IOCTL_GET_MAGIC, drm_getmagic, DRM_UNLOCKED),
		DRM_IOCTL_DEF(DRM_IOCTL_IRQ_BUSID, drm_irq_by_busid, DRM_MASTER\|DRM_ROOT_ONLY),
		DRM_IOCTL_DEF(DRM_IOCTL_GET_MAP, drm_legacy_getmap_ioctl, DRM_UNLOCKED),
		@@ -536,7 +542,7 @@ static const struct drm_ioctl_desc drm_ioctls[] = {
		DRM_IOCTL_DEF(DRM_IOCTL_GET_STATS, drm_getstats, DRM_UNLOCKED),
		DRM_IOCTL_DEF(DRM_IOCTL_GET_CAP, drm_getcap, DRM_UNLOCKED\|DRM_RENDER_ALLOW),
		DRM_IOCTL_DEF(DRM_IOCTL_SET_CLIENT_CAP, drm_setclientcap, 0),
		DRM_IOCTL_DEF(DRM_IOCTL_SET_VERSION, drm_setversion, DRM_MASTER),
		DRM_IOCTL_DEF(DRM_IOCTL_SET_VERSION, drm_setversion, DRM_UNLOCKED \| DRM_MASTER),

		DRM_IOCTL_DEF(DRM_IOCTL_SET_UNIQUE, drm_invalid_op, DRM_AUTH\|DRM_MASTER\|DRM_ROOT_ONLY),
		DRM_IOCTL_DEF(DRM_IOCTL_BLOCK, drm_noop, DRM_AUTH\|DRM_MASTER\|DRM_ROOT_ONLY),

include/drm/drm_auth.h

+13 −4

Original line number	Diff line number	Diff line
		@@ -33,10 +33,7 @@
		*
		* @refcount: Refcount for this master object.
		* @dev: Link back to the DRM device
		* @unique: Unique identifier: e.g. busid. Protected by drm_global_mutex.
		* @unique_len: Length of unique field. Protected by drm_global_mutex.
		* @magic_map: Map of used authentication tokens. Protected by struct_mutex.
		* @lock: DRI lock information.
		* @lock: DRI1 lock information.
		* @driver_priv: Pointer to driver-private information.
		*
		* Note that master structures are only relevant for the legacy/primary device
		@@ -45,8 +42,20 @@
		struct drm_master {
		struct kref refcount;
		struct drm_device *dev;
		/**
		* @unique: Unique identifier: e.g. busid. Protected by struct
		* &drm_device master_mutex.
		*/
		char *unique;
		/**
		* @unique_len: Length of unique field. Protected by struct &drm_device
		* master_mutex.
		*/
		int unique_len;
		/**
		* @magic_map: Map of used authentication tokens. Protected by struct
		* &drm_device master_mutex.
		*/
		struct idr magic_map;
		struct drm_lock_data lock;
		void *driver_priv;