diff options
author | Andrei F <luxneb@gmail.com> | 2012-12-19 21:31:19 +0100 |
---|---|---|
committer | codeworkx <codeworkx@cyanogenmod.org> | 2012-12-20 18:47:38 +0100 |
commit | 9c1d0f487d28417858778d094f2eb98eb47ea2f7 (patch) | |
tree | ca96810f25466e2686ac44b5d71892e63c18592c /include | |
parent | c3e546ee57369dc2dd340c07868df83380428de0 (diff) | |
download | kernel_samsung_smdk4412-9c1d0f487d28417858778d094f2eb98eb47ea2f7.zip kernel_samsung_smdk4412-9c1d0f487d28417858778d094f2eb98eb47ea2f7.tar.gz kernel_samsung_smdk4412-9c1d0f487d28417858778d094f2eb98eb47ea2f7.tar.bz2 |
exynos-mem: Fix major security hole
This fixes the exynos-mem device security hole. The driver allowed any user
to access all of the device's lowmem through the provided mmap functionality.
We create a small little framework collecting the actual CMA memory blocks
that exist on the device; they are the root cause of the existence of this device
driver. We white-list only the CMA memory spaces as parameters to the mmap
function and deny access to any other memory space requests.
We furthermore just allow access to the "s3c-fimc" memory block as this is
seemingly the only space which upon access denial actually breaks functionality.
Change-Id: I286be4a2546621c66d214c79f480822ecd8138db
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/exynos_mem.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/linux/exynos_mem.h b/include/linux/exynos_mem.h index 9c7bed9..3ed0bd6 100644 --- a/include/linux/exynos_mem.h +++ b/include/linux/exynos_mem.h @@ -22,4 +22,13 @@ struct exynos_mem_flush_range { size_t length; }; +#define CMA_REGION_COUNT (12) +struct simple_cma_descriptor { + const char *name; + int start; + int size; +}; + +extern void cma_region_descriptor_add(const char *name, int start, int size); + #endif /* __INCLUDE_EXYNOS_MEM_H */ |