From 838ba0a14d61ffde0d8631d1c6267694632234de Mon Sep 17 00:00:00 2001 From: David Li Date: Tue, 12 Sep 2017 18:37:00 -0700 Subject: gpu: nvgpu: check capability for reschedule runlist submit flag NVGPU_SUBMIT_GPFIFO_FLAGS_RESCHEDULE_RUNLIST is only used by realtime priority EGL context, which checks for CAP_SYS_NICE during context creation in userspace, so it wasn't secure against unprivileged program spoofing submit ioctl with this flag to stall GPU progress of others. This flag does increase duration of submit by approx 16us, mostly due to register accesses and PMU FIFO mutex. Bug 1989493 Bug 1854791 Bug 1968813 Change-Id: I086b1d14f286abf8bd2d2dfae5945974b7fe6d1f Reviewed-on: https://git-master.nvidia.com/r/#/c/1558644 Signed-off-by: David Li Reviewed-on: https://git-master.nvidia.com/r/1558644 Reviewed-by: svc-mobile-coverity GVS: Gerrit_Virtual_Submit Reviewed-by: svccoveritychecker Reviewed-by: Terje Bergstrom --- drivers/gpu/nvgpu/common/linux/ioctl_channel.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'drivers/gpu/nvgpu/common') diff --git a/drivers/gpu/nvgpu/common/linux/ioctl_channel.c b/drivers/gpu/nvgpu/common/linux/ioctl_channel.c index 5e09c677..6c66eca0 100644 --- a/drivers/gpu/nvgpu/common/linux/ioctl_channel.c +++ b/drivers/gpu/nvgpu/common/linux/ioctl_channel.c @@ -823,6 +823,11 @@ static int gk20a_ioctl_channel_submit_gpfifo( #endif if (ch->has_timedout) return -ETIMEDOUT; + + if ((NVGPU_SUBMIT_GPFIFO_FLAGS_RESCHEDULE_RUNLIST & args->flags) && + !capable(CAP_SYS_NICE)) + return -EPERM; + ret = gk20a_submit_channel_gpfifo(ch, NULL, args, args->num_entries, args->flags, &args->fence, &fence_out, false, profile); -- cgit v1.2.2