samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
複製 0
程式碼 問題管理 合併請求 Actions Packages Projects 版本發佈 Wiki Activity

disp: msm: sde: prevent custom ioctls from accessing unowned HW

瀏覽代碼 
Early wakeup ioctls from perf HAL driver can access display HW
registers and come as a sideband to atomic commits. Since the
atomic validate checks are not part of this code path it's
possible for HW access to occur during a trusted UI session.
Prevent this whenever the HW is not under this VM's ownership.
Also, move the VM ownership check for the register/deregister
event ioctl to cover both the CRTC and connector events since
new connector events are being added which can access HW.

Change-Id: I39660ae60e7e8f8a405e819c43ec42fbac3f492a
Signed-off-by: Steve Cohen <cohens@codeaurora.org>
This commit is contained in:
Steve Cohen
2021-08-10 17:15:02 -04:00
父節點 6bf96605eb
當前提交 9690b545df
共有 3 個文件被更改,包括 22 次插入17 次删除
Download Patch File Download Diff File Expand all files Collapse all files

27
msm/sde/sde_kms.c
查看文件

@@ -5062,9 +5062,9 @@ static int _sde_kms_register_events(struct msm_kms *kms,
struct drm_mode_object *obj, u32 event, bool en)
{
int ret = 0;
struct drm_crtc *crtc = NULL;
struct drm_connector *conn = NULL;
struct sde_kms *sde_kms = NULL;
struct drm_crtc *crtc;
struct drm_connector *conn;
struct sde_kms *sde_kms;
struct sde_vm_ops *vm_ops;
if (!kms || !obj) {
@@ -5073,24 +5073,19 @@ static int _sde_kms_register_events(struct msm_kms *kms,
}
sde_kms = to_sde_kms(kms);
vm_ops = sde_vm_get_ops(sde_kms);
sde_vm_lock(sde_kms);
if (vm_ops && vm_ops->vm_owns_hw && !vm_ops->vm_owns_hw(sde_kms)) {
sde_vm_unlock(sde_kms);
SDE_DEBUG("HW is owned by other VM\n");
return -EACCES;
}
/* check vm ownership, if event registration requires HW access */
switch (obj->type) {
case DRM_MODE_OBJECT_CRTC:
vm_ops = sde_vm_get_ops(sde_kms);
sde_vm_lock(sde_kms);
if (vm_ops && vm_ops->vm_owns_hw
&& !vm_ops->vm_owns_hw(sde_kms)) {
sde_vm_unlock(sde_kms);
SDE_DEBUG("HW is owned by other VM\n");
return -EACCES;
}
crtc = obj_to_crtc(obj);
ret = sde_crtc_register_custom_event(sde_kms, crtc, event, en);
sde_vm_unlock(sde_kms);
break;
case DRM_MODE_OBJECT_CONNECTOR:
conn = obj_to_connector(obj);
@@ -5099,6 +5094,8 @@ static int _sde_kms_register_events(struct msm_kms *kms,
break;
}
sde_vm_unlock(sde_kms);
return ret;
}