On 2021/2/23 7:50 下午, Xie Yongji wrote:
+
+ switch (cmd) {
+ case VDUSE_IOTLB_GET_FD: {
+ struct vduse_iotlb_entry entry;
+ struct vhost_iotlb_map *map;
+ struct vdpa_map_file *map_file;
+ struct file *f = NULL;
+
+ ret = -EFAULT;
+ if (copy_from_user(&entry, argp, sizeof(entry)))
+ break;
+
+ spin_lock(&dev->iommu_lock);
+ map = vhost_iotlb_itree_first(dev->iommu, entry.start,
+ entry.last);
+ if (map) {
+ map_file = (struct vdpa_map_file *)map->opaque;
+ f = get_file(map_file->file);
+ entry.offset = map_file->offset;
+ entry.start = map->start;
+ entry.last = map->last;
+ entry.perm = map->perm;
+ }
+ spin_unlock(&dev->iommu_lock);
+ if (!f) {
+ ret = -EINVAL;
+ break;
+ }
+ if (copy_to_user(argp, &entry, sizeof(entry))) {
+ fput(f);
+ ret = -EFAULT;
+ break;
+ }
+ ret = get_unused_fd_flags(perm_to_file_flags(entry.perm));
+ if (ret < 0) {
+ fput(f);
+ break;
+ }
+ fd_install(ret, f);
So at least we need to use receice_fd_user() here to give a chance to be
hooked into security module.
Consider this is bascially a kind of passing file descriptor implicitly.
We need to be careful if any security stufss is missed.
(Have a quick glance at scm_send/recv, feel ok but need to double check).
Thanks
+ break;
+ }
