diff options
author | Thomas Hellstrom <thellstrom@vmware.com> | 2014-11-12 19:08:34 +0100 |
---|---|---|
committer | Thomas Hellstrom <thellstrom@vmware.com> | 2014-11-14 10:43:16 +0100 |
commit | 6251380c2bc5f21350eabdab48e009280b9586fb (patch) | |
tree | 24e7b29173c4612ee146a25d9c6f765f826ab8db /drm_drv.c | |
parent | ec2c5d42f1b8727f63e87f1debd964e3cc0fd48d (diff) |
drm: Break out ioctl permission check to a separate function v2
Helps reviewing and understanding these checks.
v2: Remove misplaced newlines.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Diffstat (limited to 'drm_drv.c')
-rw-r--r-- | drm_drv.c | 108 |
1 files changed, 71 insertions, 37 deletions
@@ -429,6 +429,44 @@ static int drm_version(struct drm_device *dev, void *data, } /** + * drm_ioctl_permit - Check ioctl permissions against caller + * + * @flags: ioctl permission flags. + * @file_priv: Pointer to struct drm_file identifying the caller. + * + * Checks whether the caller is allowed to run an ioctl with the + * indicated permissions. If so, returns zero. Otherwise returns an + * error code suitable for ioctl return. + */ +static int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) +{ + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ + if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) + return -EACCES; + + /* AUTH is only for authenticated or render client */ + if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && + !file_priv->authenticated)) + return -EACCES; + + /* MASTER is only for master */ + if (unlikely((flags & DRM_MASTER) && !file_priv->is_master)) + return -EACCES; + + /* Control clients must be explicitly allowed */ + if (unlikely(!(flags & DRM_CONTROL_ALLOW) && + file_priv->minor->type == DRM_MINOR_CONTROL)) + return -EACCES; + + /* Render clients must be explicitly allowed */ + if (unlikely(!(flags & DRM_RENDER_ALLOW) && + drm_is_render_client(file_priv))) + return -EACCES; + + return 0; +} + +/** * Called whenever a process performs an ioctl on /dev/drm. * * \param inode device inode. @@ -476,55 +514,51 @@ long drm_ioctl(struct file *filp, /* Do not trust userspace, use our own definition */ func = ioctl->func; - /* is there a local override? */ - if ((nr == DRM_IOCTL_NR(DRM_IOCTL_DMA)) && dev->driver->dma_ioctl) - func = dev->driver->dma_ioctl; if (!func) { DRM_DEBUG("no function\n"); retcode = -EINVAL; - } else if (((ioctl->flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)) || - ((ioctl->flags & DRM_AUTH) && !drm_is_render_client(file_priv) && !file_priv->authenticated) || - ((ioctl->flags & DRM_MASTER) && !file_priv->is_master) || - (!(ioctl->flags & DRM_CONTROL_ALLOW) && (file_priv->minor->type == DRM_MINOR_CONTROL)) || - (!(ioctl->flags & DRM_RENDER_ALLOW) && drm_is_render_client(file_priv))) { - retcode = -EACCES; - } else { - if (cmd & (IOC_IN | IOC_OUT)) { - if (_IOC_SIZE(cmd) <= sizeof(stack_kdata)) { - kdata = stack_kdata; - } else { - kdata = kmalloc(_IOC_SIZE(cmd), GFP_KERNEL); - if (!kdata) { - retcode = -ENOMEM; - goto err_i1; - } - } - } + goto err_i1; + } + + retcode = drm_ioctl_permit(ioctl->flags, file_priv); + if (unlikely(retcode)) + goto err_i1; - if (cmd & IOC_IN) { - if (copy_from_user(kdata, (void __user *)arg, - _IOC_SIZE(cmd)) != 0) { - retcode = -EFAULT; + if (cmd & (IOC_IN | IOC_OUT)) { + if (_IOC_SIZE(cmd) <= sizeof(stack_kdata)) { + kdata = stack_kdata; + } else { + kdata = kmalloc(_IOC_SIZE(cmd), GFP_KERNEL); + if (!kdata) { + retcode = -ENOMEM; goto err_i1; } } - if (ioctl->flags & DRM_UNLOCKED) - retcode = func(dev, kdata, file_priv); - else { - mutex_lock(&drm_global_mutex); - retcode = func(dev, kdata, file_priv); - mutex_unlock(&drm_global_mutex); - } + } - if (cmd & IOC_OUT) { - if (copy_to_user((void __user *)arg, kdata, - _IOC_SIZE(cmd)) != 0) - retcode = -EFAULT; + if (cmd & IOC_IN) { + if (copy_from_user(kdata, (void __user *)arg, + _IOC_SIZE(cmd)) != 0) { + retcode = -EFAULT; + goto err_i1; } } + if (ioctl->flags & DRM_UNLOCKED) + retcode = func(dev, kdata, file_priv); + else { + mutex_lock(&drm_global_mutex); + retcode = func(dev, kdata, file_priv); + mutex_unlock(&drm_global_mutex); + } + + if (cmd & IOC_OUT) { + if (copy_to_user((void __user *)arg, kdata, + _IOC_SIZE(cmd)) != 0) + retcode = -EFAULT; + } - err_i1: +err_i1: if (kdata != stack_kdata) kfree(kdata); atomic_dec(&dev->ioctl_count); |