diff options
author | Rob Clark <rob@ti.com> | 2012-03-19 16:42:49 -0500 |
---|---|---|
committer | Sumit Semwal <sumit.semwal@ti.com> | 2012-03-26 11:33:22 +0530 |
commit | fbb231e1a98cb0360b681b6a6195a619e98d7077 (patch) | |
tree | c7a3bd8975fc2d6a7e2ab25df02402a489b350ac /Documentation/dma-buf-sharing.txt | |
parent | b0b40f24848440aa65418532fe97d8d46acceb3d (diff) |
dma-buf: document fd flags and O_CLOEXEC requirement
Otherwise subsystems will get this wrong and end up with a second
export ioctl with the flag and O_CLOEXEC support added.
Signed-off-by: Rob Clark <rob@ti.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Diffstat (limited to 'Documentation/dma-buf-sharing.txt')
-rw-r--r-- | Documentation/dma-buf-sharing.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Documentation/dma-buf-sharing.txt b/Documentation/dma-buf-sharing.txt index 9f3aeeffd60..3bbd5c51605 100644 --- a/Documentation/dma-buf-sharing.txt +++ b/Documentation/dma-buf-sharing.txt @@ -319,6 +319,24 @@ Miscellaneous notes - Any exporters or users of the dma-buf buffer sharing framework must have a 'select DMA_SHARED_BUFFER' in their respective Kconfigs. +- In order to avoid fd leaks on exec, the FD_CLOEXEC flag must be set + on the file descriptor. This is not just a resource leak, but a + potential security hole. It could give the newly exec'd application + access to buffers, via the leaked fd, to which it should otherwise + not be permitted access. + + The problem with doing this via a separate fcntl() call, versus doing it + atomically when the fd is created, is that this is inherently racy in a + multi-threaded app[3]. The issue is made worse when it is library code + opening/creating the file descriptor, as the application may not even be + aware of the fd's. + + To avoid this problem, userspace must have a way to request O_CLOEXEC + flag be set when the dma-buf fd is created. So any API provided by + the exporting driver to create a dmabuf fd must provide a way to let + userspace control setting of O_CLOEXEC flag passed in to dma_buf_fd(). + References: [1] struct dma_buf_ops in include/linux/dma-buf.h [2] All interfaces mentioned above defined in include/linux/dma-buf.h +[3] https://lwn.net/Articles/236486/ |