From 27f3733a104950169797407fea330a2e1d42f16b Mon Sep 17 00:00:00 2001 From: Dmitry Osipenko Date: Thu, 10 Nov 2022 23:13:47 +0300 Subject: [PATCH] dma-buf/heaps: Assert held reservation lock for dma-buf mmapping MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When userspace mmaps dma-buf's fd, the dma-buf reservation lock must be held. Add locking sanity checks to the dma-buf mmaping callbacks to ensure that the locking assumptions won't regress in the future. Suggested-by: Daniel Vetter Signed-off-by: Dmitry Osipenko Acked-by: Christian König Link: https://patchwork.freedesktop.org/patch/msgid/20221110201349.351294-5-dmitry.osipenko@collabora.com --- drivers/dma-buf/heaps/cma_heap.c | 3 +++ drivers/dma-buf/heaps/system_heap.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/drivers/dma-buf/heaps/cma_heap.c b/drivers/dma-buf/heaps/cma_heap.c index 28fb04eccdd0..1131fb943992 100644 --- a/drivers/dma-buf/heaps/cma_heap.c +++ b/drivers/dma-buf/heaps/cma_heap.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -182,6 +183,8 @@ static int cma_heap_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) { struct cma_heap_buffer *buffer = dmabuf->priv; + dma_resv_assert_held(dmabuf->resv); + if ((vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) == 0) return -EINVAL; diff --git a/drivers/dma-buf/heaps/system_heap.c b/drivers/dma-buf/heaps/system_heap.c index fcf836ba9c1f..e8bd10e60998 100644 --- a/drivers/dma-buf/heaps/system_heap.c +++ b/drivers/dma-buf/heaps/system_heap.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -201,6 +202,8 @@ static int system_heap_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma) struct sg_page_iter piter; int ret; + dma_resv_assert_held(dmabuf->resv); + for_each_sgtable_page(table, &piter, vma->vm_pgoff) { struct page *page = sg_page_iter_page(&piter); -- 2.11.0