[PATCH] drm/panthor: Enforce DRM_PANTHOR_BO_NO_MMAP

Tue, 15 Apr 2025 03:57:38 -0700 

Right now the DRM_PANTHOR_BO_NO_MMAP flag is ignored by
panthor_ioctl_bo_mmap_offset(), meaning BOs with this flag set can
still be mmap-ed.

Fortunately, this bug only impacts user BOs, because kernel BOs are not
exposed to userspace (they don't have a BO handle), so they can't
be mmap-ed anyway. Given all user BOs setting this flag are private
anyway (not shareable), there's no potential data leak.

Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block")
Signed-off-by: Boris Brezillon <boris.brezil...@collabora.com>
---
 drivers/gpu/drm/panthor/panthor_drv.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/gpu/drm/panthor/panthor_drv.c 
b/drivers/gpu/drm/panthor/panthor_drv.c
index 15d8e2bcf6ad..1499df07f512 100644
--- a/drivers/gpu/drm/panthor/panthor_drv.c
+++ b/drivers/gpu/drm/panthor/panthor_drv.c
@@ -940,6 +940,7 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device 
*ddev, void *data,
                                        struct drm_file *file)
 {
        struct drm_panthor_bo_mmap_offset *args = data;
+       struct panthor_gem_object *bo;
        struct drm_gem_object *obj;
        int ret;
 
@@ -950,6 +951,10 @@ static int panthor_ioctl_bo_mmap_offset(struct drm_device 
*ddev, void *data,
        if (!obj)
                return -ENOENT;
 
+       bo = to_panthor_bo(obj);
+       if (bo->flags & DRM_PANTHOR_BO_NO_MMAP)
+               return -EINVAL;
+
        ret = drm_gem_create_mmap_offset(obj);
        if (ret)
                goto out;
-- 
2.49.0

Reply via email to