Skip to content

Commit b7d0949

Browse files
Martin Krastevzackr
Martin Krastev
authored and
zackr
committed
drm/vmwgfx: Refactor vmw_mksstat_remove_ioctl to expect pgid match with vmw_mksstat_add_ioctl to authorise removal.
Original vmw_mksstat_remove_ioctl expected pid to match the corresponding vmw_mksstat_add_ioctl. That made impossible en-masse removals by one pid, which is a valid use case, so pid match was discarded. Current change enforces a broader pgid match as a form of protection from arbitrary processes interrupting an ongoing mks-guest-stats. Reviewed-by: Zack Rusin <[email protected]> Signed-off-by: Martin Krastev <[email protected]> Signed-off-by: Zack Rusin <[email protected]> Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
1 parent 8d9a8d9 commit b7d0949

File tree

1 file changed

+13
-19
lines changed

1 file changed

+13
-19
lines changed

drivers/gpu/drm/vmwgfx/vmwgfx_msg.c

Lines changed: 13 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1111,7 +1111,7 @@ int vmw_mksstat_add_ioctl(struct drm_device *dev, void *data,
11111111
hypervisor_ppn_add((PPN64)page_to_pfn(page));
11121112

11131113
dev_priv->mksstat_user_pages[slot] = page;
1114-
atomic_set(&dev_priv->mksstat_user_pids[slot], current->pid);
1114+
atomic_set(&dev_priv->mksstat_user_pids[slot], task_pgrp_vnr(current));
11151115

11161116
arg->id = slot;
11171117

@@ -1158,37 +1158,31 @@ int vmw_mksstat_remove_ioctl(struct drm_device *dev, void *data,
11581158
struct vmw_private *const dev_priv = vmw_priv(dev);
11591159

11601160
const size_t slot = arg->id;
1161-
pid_t pid0;
1161+
pid_t pgid, pid;
11621162

11631163
if (slot >= ARRAY_SIZE(dev_priv->mksstat_user_pids))
11641164
return -EINVAL;
11651165

11661166
DRM_DEV_INFO(dev->dev, "pid=%d arg.id=%lu\n", current->pid, slot);
11671167

1168-
pid0 = atomic_read(&dev_priv->mksstat_user_pids[slot]);
1168+
pgid = task_pgrp_vnr(current);
1169+
pid = atomic_cmpxchg(&dev_priv->mksstat_user_pids[slot], pgid, MKSSTAT_PID_RESERVED);
11691170

1170-
if (!pid0)
1171+
if (!pid)
11711172
return 0;
11721173

1173-
if (pid0 != MKSSTAT_PID_RESERVED) {
1174-
const pid_t pid1 = atomic_cmpxchg(&dev_priv->mksstat_user_pids[slot], pid0, MKSSTAT_PID_RESERVED);
1174+
if (pid == pgid) {
1175+
struct page *const page = dev_priv->mksstat_user_pages[slot];
11751176

1176-
if (!pid1)
1177-
return 0;
1178-
1179-
if (pid1 == pid0) {
1180-
struct page *const page = dev_priv->mksstat_user_pages[slot];
1177+
BUG_ON(!page);
11811178

1182-
BUG_ON(!page);
1183-
1184-
dev_priv->mksstat_user_pages[slot] = NULL;
1185-
atomic_set(&dev_priv->mksstat_user_pids[slot], 0);
1179+
dev_priv->mksstat_user_pages[slot] = NULL;
1180+
atomic_set(&dev_priv->mksstat_user_pids[slot], 0);
11861181

1187-
hypervisor_ppn_remove((PPN64)page_to_pfn(page));
1182+
hypervisor_ppn_remove((PPN64)page_to_pfn(page));
11881183

1189-
vmw_mksstat_cleanup_descriptor(page);
1190-
return 0;
1191-
}
1184+
vmw_mksstat_cleanup_descriptor(page);
1185+
return 0;
11921186
}
11931187

11941188
return -EAGAIN;

0 commit comments

Comments
 (0)