Do not leak our internal kernel address for random userspace to abuse. Daniel added the support to fbdev to filter out the physical addresses being exposed by fbdev, put that to use to protect ourselves. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=112256 Fixes: 5f889b9a61dd ("drm/i915: Disregard drm_mode_config.fb_base") References: da6c7707caf3 ("fbdev: Add FBINFO_HIDE_SMEM_START flag") Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> Cc: Daniel Vetter <daniel.vetter@xxxxxxxx> Cc: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx> --- drivers/gpu/drm/i915/display/intel_fbdev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_fbdev.c b/drivers/gpu/drm/i915/display/intel_fbdev.c index 3d1061470e76..bff311561597 100644 --- a/drivers/gpu/drm/i915/display/intel_fbdev.c +++ b/drivers/gpu/drm/i915/display/intel_fbdev.c @@ -226,8 +226,8 @@ static int intelfb_create(struct drm_fb_helper *helper, goto out_unpin; } - ifbdev->helper.fb = &ifbdev->fb->base; - + /* don't leak any physical addresses to userspace */ + info->flags |= FBINFO_HIDE_SMEM_START; info->fbops = &intelfb_ops; /* setup aperture base/size for vesafb takeover */ @@ -247,6 +247,7 @@ static int intelfb_create(struct drm_fb_helper *helper, info->fix.smem_start = (unsigned long)info->screen_base; info->fix.smem_len = info->screen_size; + ifbdev->helper.fb = &ifbdev->fb->base; drm_fb_helper_fill_info(info, &ifbdev->helper, sizes); /* If the object is shmemfs backed, it will have given us zeroed pages. -- 2.24.0 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx
