gpu: nvgpu: Mark fds with O_CLOEXEC

There shouldn't be an usecase that an fd, installed by nvgpu, must be shared on exec with the new process. This doesn't only lead to excessive number of fds in the exec process, but also can lead to potential security issues. This patch marks the fds with O_CLOEXEC, so that they get closed on exec. Bug 3583628 Change-Id: I3499b1429ac512b2c172e9e628d0a7a1417d72e3 Signed-off-by: Martin Radev <mradev@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2704350 Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com> Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com> Reviewed-by: Sagar Kamble <skamble@nvidia.com> Reviewed-by: Konsta Holtta <kholtta@nvidia.com> Reviewed-by: Alex Waterman <alexw@nvidia.com> GVS: Gerrit_Virtual_Submit
2025-12-22 09:12:24 +03:00 · 2022-04-28 14:21:45 +03:00
parent c30afdce02
commit 657daaee9e
5 changed files with 10 additions and 10 deletions
--- a/drivers/gpu/nvgpu/os/linux/dmabuf_vidmem.c
+++ b/drivers/gpu/nvgpu/os/linux/dmabuf_vidmem.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2020, NVIDIA CORPORATION.  All rights reserved.
+ * Copyright (c) 2017-2022, NVIDIA CORPORATION.  All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
@@ -194,9 +194,9 @@ int nvgpu_vidmem_export_linux(struct gk20a *g, size_t bytes)
 	buf->priv = priv;
 #ifdef CONFIG_NVGPU_USE_TEGRA_ALLOC_FD
-	fd = tegra_alloc_fd(current->files, 1024, O_RDWR);
+	fd = tegra_alloc_fd(current->files, 1024, O_RDWR | O_CLOEXEC);
 #else
-	fd = get_unused_fd_flags(O_RDWR);
+	fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 #endif
 	if (fd < 0) {
 		/* ->release frees what we have done */
--- a/drivers/gpu/nvgpu/os/linux/ioctl_channel.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl_channel.c
@@ -583,7 +583,7 @@ int gk20a_channel_open_ioctl(struct gk20a *g, struct nvgpu_cdev *cdev,
 	char name[64];
 	s32 runlist_id = args->in.runlist_id;
-	err = get_unused_fd_flags(O_RDWR);
+	err = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 	if (err < 0)
 		return err;
 	fd = err;
@@ -901,7 +901,7 @@ static int gk20a_ioctl_channel_submit_gpfifo(
 	/* Try and allocate an fd here*/
 	if (flag_fence_get && flag_sync_fence) {
-		fd = get_unused_fd_flags(O_RDWR);
+		fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 		if (fd < 0)
 			return fd;
 	}
--- a/drivers/gpu/nvgpu/os/linux/ioctl_clk_arb.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl_clk_arb.c
@@ -327,7 +327,7 @@ static int nvgpu_clk_arb_install_fd(struct gk20a *g,
 		goto fail;
 	}
-	fd = get_unused_fd_flags(O_RDWR);
+	fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 	if (fd < 0) {
 		err = fd;
 		goto fail;
--- a/drivers/gpu/nvgpu/os/linux/ioctl_ctrl.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl_ctrl.c
@@ -575,7 +575,7 @@ static int gk20a_ctrl_prepare_compressible_read(
 	/* Try and allocate an fd here*/
 	if ((submit_flags & NVGPU_SUBMIT_FLAGS_FENCE_GET)
 		&& (submit_flags & NVGPU_SUBMIT_FLAGS_SYNC_FENCE)) {
-			fd = get_unused_fd_flags(O_RDWR);
+			fd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 			if (fd < 0)
 				return fd;
 	}
@@ -648,7 +648,7 @@ static int gk20a_ctrl_alloc_as(
 	struct file *file;
 	char name[64];
-	err = get_unused_fd_flags(O_RDWR);
+	err = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 	if (err < 0)
 		return err;
 	fd = err;
@@ -691,7 +691,7 @@ static int gk20a_ctrl_open_tsg(struct gk20a *g, struct nvgpu_cdev *cdev,
 	struct file *file;
 	char name[64];
-	err = get_unused_fd_flags(O_RDWR);
+	err = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 	if (err < 0)
 		return err;
 	fd = err;
--- a/drivers/gpu/nvgpu/os/linux/ioctl_tsg.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl_tsg.c
@@ -380,7 +380,7 @@ static int gk20a_tsg_event_id_enable(struct nvgpu_tsg *tsg,
 		goto free_ref;
 	}
-	err = get_unused_fd_flags(O_RDWR);
+	err = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
 	if (err < 0)
 		goto free_ref;
 	local_fd = err;