On 2021/2/23 7:50 下午, Xie Yongji wrote:
+ + switch (cmd) { + case VDUSE_IOTLB_GET_FD: { + struct vduse_iotlb_entry entry; + struct vhost_iotlb_map *map; + struct vdpa_map_file *map_file; + struct file *f = NULL; + + ret = -EFAULT; + if (copy_from_user(&entry, argp, sizeof(entry))) + break; + + spin_lock(&dev->iommu_lock); + map = vhost_iotlb_itree_first(dev->iommu, entry.start, + entry.last); + if (map) { + map_file = (struct vdpa_map_file *)map->opaque; + f = get_file(map_file->file); + entry.offset = map_file->offset; + entry.start = map->start; + entry.last = map->last; + entry.perm = map->perm; + } + spin_unlock(&dev->iommu_lock); + if (!f) { + ret = -EINVAL; + break; + } + if (copy_to_user(argp, &entry, sizeof(entry))) { + fput(f); + ret = -EFAULT; + break; + } + ret = get_unused_fd_flags(perm_to_file_flags(entry.perm)); + if (ret < 0) { + fput(f); + break; + } + fd_install(ret, f);
So at least we need to use receice_fd_user() here to give a chance to be hooked into security module.
Consider this is bascially a kind of passing file descriptor implicitly. We need to be careful if any security stufss is missed.
(Have a quick glance at scm_send/recv, feel ok but need to double check). Thanks
+ break; + }