84335675f2
We have too many people abusing the struct page they can get at but really shouldn't in importers. Aside from that the backing page might simply not exist (for dynamic p2p mappings) looking at it and using it e.g. for mmap can also wreak the page handling of the exporter completely. Importers really must go through the proper interface like dma_buf_mmap for everything. I'm semi-tempted to enforce this for dynamic importers since those really have no excuse at all to break the rules. Unfortuantely we can't store the right pointers somewhere safe to make sure we oops on something recognizable, so best is to just wrangle them a bit by flipping all the bits. At least on x86 kernel addresses have all their high bits sets and the struct page array is fairly low in the kernel mapping, so flipping all the bits gives us a very high pointer in userspace and hence excellent chances for an invalid dereference. v2: Add a note to the @map_dma_buf hook that exporters shouldn't do fancy caching tricks, which would blow up with this address scrambling trick here (Chris) Enable by default when CONFIG_DMA_API_DEBUG is enabled. v3: Only one copy of the mangle/unmangle code (Christian) v4: #ifdef, not #if (0day) v5: sg_table can also be an ERR_PTR (Chris, Christian) Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal@linaro.org> Cc: "Christian König" <christian.koenig@amd.com> Cc: David Stevens <stevensd@chromium.org> Cc: linux-media@vger.kernel.org Cc: linaro-mm-sig@lists.linaro.org Link: https://patchwork.freedesktop.org/patch/msgid/20210115164739.3958206-1-daniel.vetter@ffwll.ch
78 lines
2.6 KiB
Plaintext
78 lines
2.6 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
menu "DMABUF options"
|
|
|
|
config SYNC_FILE
|
|
bool "Explicit Synchronization Framework"
|
|
default n
|
|
select DMA_SHARED_BUFFER
|
|
help
|
|
The Sync File Framework adds explicit synchronization via
|
|
userspace. It enables send/receive 'struct dma_fence' objects to/from
|
|
userspace via Sync File fds for synchronization between drivers via
|
|
userspace components. It has been ported from Android.
|
|
|
|
The first and main user for this is graphics in which a fence is
|
|
associated with a buffer. When a job is submitted to the GPU a fence
|
|
is attached to the buffer and is transferred via userspace, using Sync
|
|
Files fds, to the DRM driver for example. More details at
|
|
Documentation/driver-api/sync_file.rst.
|
|
|
|
config SW_SYNC
|
|
bool "Sync File Validation Framework"
|
|
default n
|
|
depends on SYNC_FILE
|
|
depends on DEBUG_FS
|
|
help
|
|
A sync object driver that uses a 32bit counter to coordinate
|
|
synchronization. Useful when there is no hardware primitive backing
|
|
the synchronization.
|
|
|
|
WARNING: improper use of this can result in deadlocking kernel
|
|
drivers from userspace. Intended for test and debug only.
|
|
|
|
config UDMABUF
|
|
bool "userspace dmabuf misc driver"
|
|
default n
|
|
depends on DMA_SHARED_BUFFER
|
|
depends on MEMFD_CREATE || COMPILE_TEST
|
|
help
|
|
A driver to let userspace turn memfd regions into dma-bufs.
|
|
Qemu can use this to create host dmabufs for guest framebuffers.
|
|
|
|
config DMABUF_MOVE_NOTIFY
|
|
bool "Move notify between drivers (EXPERIMENTAL)"
|
|
default n
|
|
help
|
|
Don't pin buffers if the dynamic DMA-buf interface is available on
|
|
both the exporter as well as the importer. This fixes a security
|
|
problem where userspace is able to pin unrestricted amounts of memory
|
|
through DMA-buf.
|
|
This is marked experimental because we don't yet have a consistent
|
|
execution context and memory management between drivers.
|
|
|
|
config DMABUF_DEBUG
|
|
bool "DMA-BUF debug checks"
|
|
default y if DMA_API_DEBUG
|
|
help
|
|
This option enables additional checks for DMA-BUF importers and
|
|
exporters. Specifically it validates that importers do not peek at the
|
|
underlying struct page when they import a buffer.
|
|
|
|
config DMABUF_SELFTESTS
|
|
tristate "Selftests for the dma-buf interfaces"
|
|
default n
|
|
depends on DMA_SHARED_BUFFER
|
|
|
|
menuconfig DMABUF_HEAPS
|
|
bool "DMA-BUF Userland Memory Heaps"
|
|
select DMA_SHARED_BUFFER
|
|
help
|
|
Choose this option to enable the DMA-BUF userland memory heaps.
|
|
This options creates per heap chardevs in /dev/dma_heap/ which
|
|
allows userspace to allocate dma-bufs that can be shared
|
|
between drivers.
|
|
|
|
source "drivers/dma-buf/heaps/Kconfig"
|
|
|
|
endmenu
|