diff options
author | Andrei F <luxneb@gmail.com> | 2012-12-19 21:31:19 +0100 |
---|---|---|
committer | codeworkx <codeworkx@cyanogenmod.org> | 2012-12-20 18:47:38 +0100 |
commit | 9c1d0f487d28417858778d094f2eb98eb47ea2f7 (patch) | |
tree | ca96810f25466e2686ac44b5d71892e63c18592c /arch/arm/mach-exynos | |
parent | c3e546ee57369dc2dd340c07868df83380428de0 (diff) | |
download | kernel_samsung_smdk4412-9c1d0f487d28417858778d094f2eb98eb47ea2f7.zip kernel_samsung_smdk4412-9c1d0f487d28417858778d094f2eb98eb47ea2f7.tar.gz kernel_samsung_smdk4412-9c1d0f487d28417858778d094f2eb98eb47ea2f7.tar.bz2 |
exynos-mem: Fix major security hole
This fixes the exynos-mem device security hole. The driver allowed any user
to access all of the device's lowmem through the provided mmap functionality.
We create a small little framework collecting the actual CMA memory blocks
that exist on the device; they are the root cause of the existence of this device
driver. We white-list only the CMA memory spaces as parameters to the mmap
function and deny access to any other memory space requests.
We furthermore just allow access to the "s3c-fimc" memory block as this is
seemingly the only space which upon access denial actually breaks functionality.
Change-Id: I286be4a2546621c66d214c79f480822ecd8138db
Diffstat (limited to 'arch/arm/mach-exynos')
-rw-r--r-- | arch/arm/mach-exynos/mach-midas.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/arch/arm/mach-exynos/mach-midas.c b/arch/arm/mach-exynos/mach-midas.c index fc6c224..ddc2d14 100644 --- a/arch/arm/mach-exynos/mach-midas.c +++ b/arch/arm/mach-exynos/mach-midas.c @@ -58,6 +58,7 @@ #ifdef CONFIG_DMA_CMA #include <linux/dma-contiguous.h> +#include <linux/exynos_mem.h> #endif #include <asm/mach/arch.h> @@ -3423,11 +3424,14 @@ static void __init exynos4_reserve(void) CONFIG_VIDEO_SAMSUNG_MEMSIZE_FIMC1 * SZ_1K, 0x65800000, 0); if (ret != 0) panic("alloc failed for FIMC1\n"); + cma_region_descriptor_add(s3c_device_fimc1.name, 0x65800000, + CONFIG_VIDEO_SAMSUNG_MEMSIZE_FIMC1 * SZ_1K); #endif #if defined(CONFIG_USE_MFC_CMA) && defined(CONFIG_MACH_M0) ret = dma_declare_contiguous(&s5p_device_mfc.dev, 0x02800000, 0x5C800000, 0); + cma_region_descriptor_add(s5p_device_mfc.name, 0x5C800000, 0x02800000); #endif if (ret != 0) printk(KERN_ERR "%s Fail\n", __func__); |