dma-buf/heaps: Assert held reservation lock for dma-buf mmapping

When userspace mmaps dma-buf's fd, the dma-buf reservation lock must be
held. Add locking sanity checks to the dma-buf mmaping callbacks to ensure
that the locking assumptions won't regress in the future.

Suggested-by: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Acked-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221110201349.351294-5-dmitry.osipenko@collabora.com
This commit is contained in:
Dmitry Osipenko 2022-11-10 23:13:47 +03:00
parent aa3f998964
commit 27f3733a10
2 changed files with 6 additions and 0 deletions

View File

@ -13,6 +13,7 @@
#include <linux/dma-buf.h> #include <linux/dma-buf.h>
#include <linux/dma-heap.h> #include <linux/dma-heap.h>
#include <linux/dma-map-ops.h> #include <linux/dma-map-ops.h>
#include <linux/dma-resv.h>
#include <linux/err.h> #include <linux/err.h>
#include <linux/highmem.h> #include <linux/highmem.h>
#include <linux/io.h> #include <linux/io.h>
@ -182,6 +183,8 @@ static int cma_heap_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma)
{ {
struct cma_heap_buffer *buffer = dmabuf->priv; struct cma_heap_buffer *buffer = dmabuf->priv;
dma_resv_assert_held(dmabuf->resv);
if ((vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) == 0) if ((vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) == 0)
return -EINVAL; return -EINVAL;

View File

@ -13,6 +13,7 @@
#include <linux/dma-buf.h> #include <linux/dma-buf.h>
#include <linux/dma-mapping.h> #include <linux/dma-mapping.h>
#include <linux/dma-heap.h> #include <linux/dma-heap.h>
#include <linux/dma-resv.h>
#include <linux/err.h> #include <linux/err.h>
#include <linux/highmem.h> #include <linux/highmem.h>
#include <linux/mm.h> #include <linux/mm.h>
@ -201,6 +202,8 @@ static int system_heap_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma)
struct sg_page_iter piter; struct sg_page_iter piter;
int ret; int ret;
dma_resv_assert_held(dmabuf->resv);
for_each_sgtable_page(table, &piter, vma->vm_pgoff) { for_each_sgtable_page(table, &piter, vma->vm_pgoff) {
struct page *page = sg_page_iter_page(&piter); struct page *page = sg_page_iter_page(&piter);