1. Patchew
  2. linux
  3. View series

[PATCH] drm/imagination: Disallow exporting of PM/FW protected objects

Alessio Belle posted 1 patch 1 week, 4 days ago 
drivers/gpu/drm/imagination/pvr_gem.c | 11 +++++++++++
1 file changed, 11 insertions(+)
[PATCH] drm/imagination: Disallow exporting of PM/FW protected objects
Posted by Alessio Belle 1 week, 4 days ago 
These objects are meant to be used by the GPU firmware or by the PM unit
within the GPU, in which case they may contain physical addresses.

This adds a layer of protection against exposing potentially exploitable
information outside of the driver.

Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
Signed-off-by: Alessio Belle <alessio.belle@imgtec.com>
---
 drivers/gpu/drm/imagination/pvr_gem.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/gpu/drm/imagination/pvr_gem.c b/drivers/gpu/drm/imagination/pvr_gem.c
index a66cf082af24..c07c9a915190 100644
--- a/drivers/gpu/drm/imagination/pvr_gem.c
+++ b/drivers/gpu/drm/imagination/pvr_gem.c
@@ -28,6 +28,16 @@ static void pvr_gem_object_free(struct drm_gem_object *obj)
 	drm_gem_shmem_object_free(obj);
 }
 
+static struct dma_buf *pvr_gem_export(struct drm_gem_object *obj, int flags)
+{
+	struct pvr_gem_object *pvr_obj = gem_to_pvr_gem(obj);
+
+	if (pvr_obj->flags & DRM_PVR_BO_PM_FW_PROTECT)
+		return ERR_PTR(-EPERM);
+
+	return drm_gem_prime_export(obj, flags);
+}
+
 static int pvr_gem_mmap(struct drm_gem_object *gem_obj, struct vm_area_struct *vma)
 {
 	struct pvr_gem_object *pvr_obj = gem_to_pvr_gem(gem_obj);
@@ -42,6 +52,7 @@ static int pvr_gem_mmap(struct drm_gem_object *gem_obj, struct vm_area_struct *v
 static const struct drm_gem_object_funcs pvr_gem_object_funcs = {
 	.free = pvr_gem_object_free,
 	.print_info = drm_gem_shmem_object_print_info,
+	.export = pvr_gem_export,
 	.pin = drm_gem_shmem_object_pin,
 	.unpin = drm_gem_shmem_object_unpin,
 	.get_sg_table = drm_gem_shmem_object_get_sg_table,

---
base-commit: ca2583412306ceda9304a7c4302fd9efbf43e963
change-id: 20251128-no-export-pm-fw-obj-aeca634ddd0a

Best regards,
-- 
Alessio Belle <alessio.belle@imgtec.com>
Re: [PATCH] drm/imagination: Disallow exporting of PM/FW protected objects
Posted by Matt Coster 18 hours ago 
On 08/12/2025 09:11, Alessio Belle wrote:
> These objects are meant to be used by the GPU firmware or by the PM unit
> within the GPU, in which case they may contain physical addresses.
> 
> This adds a layer of protection against exposing potentially exploitable
> information outside of the driver.
> 
> Fixes: ff5f643de0bf ("drm/imagination: Add GEM and VM related code")
> Signed-off-by: Alessio Belle <alessio.belle@imgtec.com>

Reviewed-by: Matt Coster <matt.coster@imgtec.com>

And I believe we want this to be:

Cc: stable@vger.kernel.org

Cheers,
Matt

> ---
>  drivers/gpu/drm/imagination/pvr_gem.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/drivers/gpu/drm/imagination/pvr_gem.c b/drivers/gpu/drm/imagination/pvr_gem.c
> index a66cf082af24..c07c9a915190 100644
> --- a/drivers/gpu/drm/imagination/pvr_gem.c
> +++ b/drivers/gpu/drm/imagination/pvr_gem.c
> @@ -28,6 +28,16 @@ static void pvr_gem_object_free(struct drm_gem_object *obj)
>         drm_gem_shmem_object_free(obj);
>  }
> 
> +static struct dma_buf *pvr_gem_export(struct drm_gem_object *obj, int flags)
> +{
> +       struct pvr_gem_object *pvr_obj = gem_to_pvr_gem(obj);
> +
> +       if (pvr_obj->flags & DRM_PVR_BO_PM_FW_PROTECT)
> +               return ERR_PTR(-EPERM);
> +
> +       return drm_gem_prime_export(obj, flags);
> +}
> +
>  static int pvr_gem_mmap(struct drm_gem_object *gem_obj, struct vm_area_struct *vma)
>  {
>         struct pvr_gem_object *pvr_obj = gem_to_pvr_gem(gem_obj);
> @@ -42,6 +52,7 @@ static int pvr_gem_mmap(struct drm_gem_object *gem_obj, struct vm_area_struct *v
>  static const struct drm_gem_object_funcs pvr_gem_object_funcs = {
>         .free = pvr_gem_object_free,
>         .print_info = drm_gem_shmem_object_print_info,
> +       .export = pvr_gem_export,
>         .pin = drm_gem_shmem_object_pin,
>         .unpin = drm_gem_shmem_object_unpin,
>         .get_sg_table = drm_gem_shmem_object_get_sg_table,
> 
> ---
> base-commit: ca2583412306ceda9304a7c4302fd9efbf43e963
> change-id: 20251128-no-export-pm-fw-obj-aeca634ddd0a
> 
> Best regards,
> --
> Alessio Belle <alessio.belle@imgtec.com>
> 

-- 
Matt Coster
E: matt.coster@imgtec.com
Re: [PATCH] drm/imagination: Disallow exporting of PM/FW protected objects
Posted by Matt Coster 18 hours ago 
On Mon, 08 Dec 2025 09:11:00 +0000, Alessio Belle wrote:
> These objects are meant to be used by the GPU firmware or by the PM unit
> within the GPU, in which case they may contain physical addresses.
> 
> This adds a layer of protection against exposing potentially exploitable
> information outside of the driver.
> 
> 
> [...]

Applied, thanks!

[1/1] drm/imagination: Disallow exporting of PM/FW protected objects
      commit: 6b991ad8dc3abfe5720fc2e9ee96be63ae43e362

Best regards,
-- 
Matt Coster <matt.coster@imgtec.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.