Commit da6c7707 authored by Daniel Vetter's avatar Daniel Vetter
Browse files

fbdev: Add FBINFO_HIDE_SMEM_START flag 



DRM drivers really, really, really don't want random userspace to
share buffer behind it's back, bypassing the dma-buf buffer sharing
machanism. For that reason we've ruthlessly rejected any IOCTL
exposing the physical address of any graphics buffer.

Unfortunately fbdev comes with that built-in. We could just set
smem_start to 0, but that means we'd have to hand-roll our own fb_mmap
implementation. For good reasons many drivers do that, but
smem_start/length is still super convenient.

Hence instead just stop the leak in the ioctl, to keep fb mmap working
as-is. A second patch will set this flag for all drm drivers.

Acked-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: linux-fbdev@vger.kernel.org
Signed-off-by: default avatarDaniel Vetter <daniel.vetter@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20180822085405.10787-3-daniel.vetter@ffwll.ch
parent 8d7fc299

drivers/video/fbdev/core/fbmem.c

+4 −0
Original line number Diff line number Diff line
@@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, 
		if (!lock_fb_info(info))

			return -ENODEV;

		fix = info->fix;

		if (info->flags & FBINFO_HIDE_SMEM_START)

			fix.smem_start = 0;

		unlock_fb_info(info);



		ret = copy_to_user(argp, &fix, sizeof(fix)) ? -EFAULT : 0;
@@ -1327,6 +1329,8 @@ static int fb_get_fscreeninfo(struct fb_info *info, unsigned int cmd, 
	if (!lock_fb_info(info))

		return -ENODEV;

	fix = info->fix;

	if (info->flags & FBINFO_HIDE_SMEM_START)

		fix.smem_start = 0;

	unlock_fb_info(info);

	return do_fscreeninfo_to_user(&fix, compat_ptr(arg));

}

include/linux/fb.h

+7 −0
Original line number Diff line number Diff line
@@ -456,6 +456,13 @@ struct fb_tile_ops { 
 * and host endianness. Drivers should not use this flag.

 */

#define FBINFO_BE_MATH  0x100000

/*

 * Hide smem_start in the FBIOGET_FSCREENINFO IOCTL. This is used by modern DRM

 * drivers to stop userspace from trying to share buffers behind the kernel's

 * back. Instead dma-buf based buffer sharing should be used.

 */

#define FBINFO_HIDE_SMEM_START  0x200000





struct fb_info {

	atomic_t count;

CRA Git | Maintained and supported by SUSTech CRA and CCSE