On Wed, Mar 10, 2021 at 8:58 PM Jason Wang <jasowang@xxxxxxxxxx> wrote:
>
>
> On 2021/2/23 7:50 下午, Xie Yongji wrote:
> > +
> > + switch (cmd) {
> > + case VDUSE_IOTLB_GET_FD: {
> > + struct vduse_iotlb_entry entry;
> > + struct vhost_iotlb_map *map;
> > + struct vdpa_map_file *map_file;
> > + struct file *f = NULL;
> > +
> > + ret = -EFAULT;
> > + if (copy_from_user(&entry, argp, sizeof(entry)))
> > + break;
> > +
> > + spin_lock(&dev->iommu_lock);
> > + map = vhost_iotlb_itree_first(dev->iommu, entry.start,
> > + entry.last);
> > + if (map) {
> > + map_file = (struct vdpa_map_file *)map->opaque;
> > + f = get_file(map_file->file);
> > + entry.offset = map_file->offset;
> > + entry.start = map->start;
> > + entry.last = map->last;
> > + entry.perm = map->perm;
> > + }
> > + spin_unlock(&dev->iommu_lock);
> > + if (!f) {
> > + ret = -EINVAL;
> > + break;
> > + }
> > + if (copy_to_user(argp, &entry, sizeof(entry))) {
> > + fput(f);
> > + ret = -EFAULT;
> > + break;
> > + }
> > + ret = get_unused_fd_flags(perm_to_file_flags(entry.perm));
> > + if (ret < 0) {
> > + fput(f);
> > + break;
> > + }
> > + fd_install(ret, f);
>
>
> So at least we need to use receice_fd_user() here to give a chance to be
> hooked into security module.
>
Good point. Will do it in v5.
Thanks,
Yongji
