Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 778da77c authored by Sudarshan Rajagopalan's avatar Sudarshan Rajagopalan Committed by Gerrit - the friendly Code Review server
Browse files

ashmem: remove cache maintenance support 



The cache maintenance routines in ashmem were causing
several security issues. Since they are not being used
anymore by any drivers, its well to remove them entirely.

CRs-Fixed: 1107034, 2001129, 2007786
Change-Id: I955e33d90b888d58db5cf6bb490905283374425b
Signed-off-by: default avatarSudarshan Rajagopalan <sudaraja@codeaurora.org>
parent 79459f1b

drivers/staging/android/ashmem.c

+0 −41
Original line number Diff line number Diff line
@@ -32,7 +32,6 @@ 
#include <linux/mutex.h>

#include <linux/shmem_fs.h>

#include <linux/ashmem.h>

#include <asm/cacheflush.h>



#include "ashmem.h"
@@ -744,37 +743,6 @@ static int ashmem_pin_unpin(struct ashmem_area *asma, unsigned long cmd, 
	return ret;

}



static int ashmem_cache_op(struct ashmem_area *asma,

	void (*cache_func)(const void *vstart, const void *vend))

{

	int ret = 0;

	struct vm_area_struct *vma;

	if (!asma->vm_start)

		return -EINVAL;



	down_read(&current->mm->mmap_sem);

	vma = find_vma(current->mm, asma->vm_start);

	if (!vma) {

		ret = -EINVAL;

		goto done;

	}

	if (vma->vm_file != asma->file) {

		ret = -EINVAL;

		goto done;

	}

	if ((asma->vm_start + asma->size) > vma->vm_end) {

		ret = -EINVAL;

		goto done;

	}

	cache_func((void *)asma->vm_start,

			(void *)(asma->vm_start + asma->size));

done:

	up_read(&current->mm->mmap_sem);

	if (ret)

		asma->vm_start = 0;

	return ret;

}



static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)

{

	struct ashmem_area *asma = file->private_data;
@@ -822,15 +790,6 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 
			ashmem_shrink_scan(&ashmem_shrinker, &sc);

		}

		break;

	case ASHMEM_CACHE_FLUSH_RANGE:

		ret = ashmem_cache_op(asma, &dmac_flush_range);

		break;

	case ASHMEM_CACHE_CLEAN_RANGE:

		ret = ashmem_cache_op(asma, &dmac_clean_range);

		break;

	case ASHMEM_CACHE_INV_RANGE:

		ret = ashmem_cache_op(asma, &dmac_inv_range);

		break;

	}



	return ret;

include/uapi/linux/ashmem.h

+0 −3
Original line number Diff line number Diff line
@@ -34,9 +34,6 @@ struct ashmem_pin { 
#define ASHMEM_UNPIN		_IOW(__ASHMEMIOC, 8, struct ashmem_pin)

#define ASHMEM_GET_PIN_STATUS	_IO(__ASHMEMIOC, 9)

#define ASHMEM_PURGE_ALL_CACHES	_IO(__ASHMEMIOC, 10)

#define ASHMEM_CACHE_FLUSH_RANGE	_IO(__ASHMEMIOC, 11)

#define ASHMEM_CACHE_CLEAN_RANGE	_IO(__ASHMEMIOC, 12)

#define ASHMEM_CACHE_INV_RANGE		_IO(__ASHMEMIOC, 13)





#endif /* _UAPI_LINUX_ASHMEM_H */