A BO's address has to be at least the minimum offset. Sharing this test in ttm_bo_mmap() removes code from drivers. A full buffer-address validation is still done within drm_vma_offset_lockup_locked(). Signed-off-by: Thomas Zimmermann <tzimmermann@xxxxxxx> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 9 ++------- drivers/gpu/drm/ast/ast_ttm.c | 9 ++------- drivers/gpu/drm/bochs/bochs_mm.c | 9 ++------- drivers/gpu/drm/cirrus/cirrus_ttm.c | 9 ++------- drivers/gpu/drm/hisilicon/hibmc/hibmc_ttm.c | 9 ++------- drivers/gpu/drm/mgag200/mgag200_ttm.c | 9 ++------- drivers/gpu/drm/nouveau/nouveau_ttm.c | 3 --- drivers/gpu/drm/qxl/qxl_ttm.c | 9 ++------- drivers/gpu/drm/radeon/radeon_ttm.c | 10 ++-------- drivers/gpu/drm/ttm/ttm_bo_vm.c | 3 +++ drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c | 11 ++--------- drivers/staging/vboxvideo/vbox_ttm.c | 10 ++-------- 12 files changed, 23 insertions(+), 77 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index 5755ac428fd0..a8cd1e0ae4b3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -1874,14 +1874,9 @@ void amdgpu_ttm_set_buffer_funcs_status(struct amdgpu_device *adev, bool enable) int amdgpu_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct amdgpu_device *adev; - - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; + struct drm_file *file_priv = filp->private_data; + struct amdgpu_device *adev = file_priv->minor->dev->dev_private; - file_priv = filp->private_data; - adev = file_priv->minor->dev->dev_private; if (adev == NULL) return -EINVAL; diff --git a/drivers/gpu/drm/ast/ast_ttm.c b/drivers/gpu/drm/ast/ast_ttm.c index c410804a5e2c..75d477b37854 100644 --- a/drivers/gpu/drm/ast/ast_ttm.c +++ b/drivers/gpu/drm/ast/ast_ttm.c @@ -343,13 +343,8 @@ int ast_bo_push_sysram(struct ast_bo *bo) int ast_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct ast_private *ast; + struct drm_file *file_priv = filp->private_data; + struct ast_private *ast = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - ast = file_priv->minor->dev->dev_private; return ttm_bo_mmap(filp, vma, &ast->ttm.bdev); } diff --git a/drivers/gpu/drm/bochs/bochs_mm.c b/drivers/gpu/drm/bochs/bochs_mm.c index ebc9dbd94923..4a40308169c4 100644 --- a/drivers/gpu/drm/bochs/bochs_mm.c +++ b/drivers/gpu/drm/bochs/bochs_mm.c @@ -263,14 +263,9 @@ int bochs_bo_unpin(struct bochs_bo *bo) int bochs_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct bochs_device *bochs; + struct drm_file *file_priv = filp->private_data; + struct bochs_device *bochs = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - bochs = file_priv->minor->dev->dev_private; return ttm_bo_mmap(filp, vma, &bochs->ttm.bdev); } diff --git a/drivers/gpu/drm/cirrus/cirrus_ttm.c b/drivers/gpu/drm/cirrus/cirrus_ttm.c index 223a75ba77a8..e6b98467a428 100644 --- a/drivers/gpu/drm/cirrus/cirrus_ttm.c +++ b/drivers/gpu/drm/cirrus/cirrus_ttm.c @@ -330,13 +330,8 @@ int cirrus_bo_push_sysram(struct cirrus_bo *bo) int cirrus_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct cirrus_device *cirrus; + struct drm_file *file_priv = filp->private_data; + struct cirrus_device *cirrus = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - cirrus = file_priv->minor->dev->dev_private; return ttm_bo_mmap(filp, vma, &cirrus->ttm.bdev); } diff --git a/drivers/gpu/drm/hisilicon/hibmc/hibmc_ttm.c b/drivers/gpu/drm/hisilicon/hibmc/hibmc_ttm.c index 845488922865..6093c421daff 100644 --- a/drivers/gpu/drm/hisilicon/hibmc/hibmc_ttm.c +++ b/drivers/gpu/drm/hisilicon/hibmc/hibmc_ttm.c @@ -319,14 +319,9 @@ int hibmc_bo_unpin(struct hibmc_bo *bo) int hibmc_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct hibmc_drm_private *hibmc; + struct drm_file *file_priv = filp->private_data; + struct hibmc_drm_private *hibmc = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - hibmc = file_priv->minor->dev->dev_private; return ttm_bo_mmap(filp, vma, &hibmc->bdev); } diff --git a/drivers/gpu/drm/mgag200/mgag200_ttm.c b/drivers/gpu/drm/mgag200/mgag200_ttm.c index ce739da5161d..bd42365a8aa8 100644 --- a/drivers/gpu/drm/mgag200/mgag200_ttm.c +++ b/drivers/gpu/drm/mgag200/mgag200_ttm.c @@ -344,13 +344,8 @@ int mgag200_bo_push_sysram(struct mgag200_bo *bo) int mgag200_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct mga_device *mdev; + struct drm_file *file_priv = filp->private_data; + struct mga_device *mdev = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - mdev = file_priv->minor->dev->dev_private; return ttm_bo_mmap(filp, vma, &mdev->ttm.bdev); } diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c index c66467232604..f0daf958e03a 100644 --- a/drivers/gpu/drm/nouveau/nouveau_ttm.c +++ b/drivers/gpu/drm/nouveau/nouveau_ttm.c @@ -168,9 +168,6 @@ nouveau_ttm_mmap(struct file *filp, struct vm_area_struct *vma) struct drm_file *file_priv = filp->private_data; struct nouveau_drm *drm = nouveau_drm(file_priv->minor->dev); - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return drm_legacy_mmap(filp, vma); - return ttm_bo_mmap(filp, vma, &drm->ttm.bdev); } diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c index 6b3b92d1f17f..0234f8556ada 100644 --- a/drivers/gpu/drm/qxl/qxl_ttm.c +++ b/drivers/gpu/drm/qxl/qxl_ttm.c @@ -63,15 +63,10 @@ static vm_fault_t qxl_ttm_fault(struct vm_fault *vmf) int qxl_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct qxl_device *qdev; int r; + struct drm_file *file_priv = filp->private_data; + struct qxl_device *qdev = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - qdev = file_priv->minor->dev->dev_private; if (qdev == NULL) { DRM_ERROR( "filp->private_data->minor->dev->dev_private == NULL\n"); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c index 7c10e1560780..557bdd7a2fc8 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c @@ -898,16 +898,10 @@ static vm_fault_t radeon_ttm_fault(struct vm_fault *vmf) int radeon_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct radeon_device *rdev; int r; + struct drm_file *file_priv = filp->private_data; + struct radeon_device *rdev = file_priv->minor->dev->dev_private; - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) { - return -EINVAL; - } - - file_priv = filp->private_data; - rdev = file_priv->minor->dev->dev_private; if (rdev == NULL) { return -EINVAL; } diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c index e86a29a1e51f..e94c2ab3718a 100644 --- a/drivers/gpu/drm/ttm/ttm_bo_vm.c +++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c @@ -432,6 +432,9 @@ int ttm_bo_mmap(struct file *filp, struct vm_area_struct *vma, struct ttm_buffer_object *bo; int ret; + if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) + return -EINVAL; + bo = ttm_bo_vm_lookup(bdev, vma->vm_pgoff, vma_pages(vma)); if (unlikely(!bo)) return -EINVAL; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c index ec5b4b237f2c..8bafa6eac5a8 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_glue.c @@ -30,16 +30,9 @@ int vmw_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct vmw_private *dev_priv; + struct drm_file *file_priv = filp->private_data; + struct vmw_private *dev_priv = vmw_priv(file_priv->minor->dev); - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) { - DRM_ERROR("Illegal attempt to mmap old fifo space.\n"); - return -EINVAL; - } - - file_priv = filp->private_data; - dev_priv = vmw_priv(file_priv->minor->dev); return ttm_bo_mmap(filp, vma, &dev_priv->bdev); } diff --git a/drivers/staging/vboxvideo/vbox_ttm.c b/drivers/staging/vboxvideo/vbox_ttm.c index b7db7a7952d4..9d78438c2877 100644 --- a/drivers/staging/vboxvideo/vbox_ttm.c +++ b/drivers/staging/vboxvideo/vbox_ttm.c @@ -357,14 +357,8 @@ int vbox_bo_push_sysram(struct vbox_bo *bo) int vbox_mmap(struct file *filp, struct vm_area_struct *vma) { - struct drm_file *file_priv; - struct vbox_private *vbox; - - if (unlikely(vma->vm_pgoff < DRM_FILE_PAGE_OFFSET)) - return -EINVAL; - - file_priv = filp->private_data; - vbox = file_priv->minor->dev->dev_private; + struct drm_file *file_priv = filp->private_data; + struct vbox_private *vbox = file_priv->minor->dev->dev_private; return ttm_bo_mmap(filp, vma, &vbox->ttm.bdev); } -- 2.20.1 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel