From: Dongwon Kim <dongwon....@intel.com> To enhance security in accessing the QemuDmaBuf struct, new helper functions for setting specific fields within the struct were introduced. And all occurrences where these fields were previously set directly have been updated to utilize these helper functions.
Suggested-by: Marc-André Lureau <marcandre.lur...@redhat.com> Cc: Philippe Mathieu-Daudé <phi...@linaro.org> Cc: Vivek Kasireddy <vivek.kasire...@intel.com> Signed-off-by: Dongwon Kim <dongwon....@intel.com> --- include/ui/console.h | 5 +++++ ui/console.c | 30 ++++++++++++++++++++++++++++++ ui/egl-helpers.c | 16 +++++++++------- ui/gtk-egl.c | 4 ++-- ui/gtk-gl-area.c | 4 ++-- ui/gtk.c | 2 +- 6 files changed, 49 insertions(+), 12 deletions(-) diff --git a/include/ui/console.h b/include/ui/console.h index 6292943a82..3d9d8b9fce 100644 --- a/include/ui/console.h +++ b/include/ui/console.h @@ -375,6 +375,11 @@ void *dpy_gl_qemu_dmabuf_get_sync(QemuDmaBuf *dmabuf); int32_t dpy_gl_qemu_dmabuf_get_fence_fd(QemuDmaBuf *dmabuf); bool dpy_gl_qemu_dmabuf_get_allow_fences(QemuDmaBuf *dmabuf); bool dpy_gl_qemu_dmabuf_get_draw_submitted(QemuDmaBuf *dmabuf); +void dpy_gl_qemu_dmabuf_set_texture(QemuDmaBuf *dmabuf, uint32_t texture); +void dpy_gl_qemu_dmabuf_set_fence_fd(QemuDmaBuf *dmabuf, int32_t fence_fd); +void dpy_gl_qemu_dmabuf_set_sync(QemuDmaBuf *dmabuf, void *sync); +void dpy_gl_qemu_dmabuf_set_draw_submitted(QemuDmaBuf *dmabuf, bool draw_submitted); +void dpy_gl_qemu_dmabuf_set_fd(QemuDmaBuf *dmabuf, int32_t fd); void dpy_gl_release_dmabuf(QemuConsole *con, QemuDmaBuf *dmabuf); void dpy_gl_update(QemuConsole *con, diff --git a/ui/console.c b/ui/console.c index 5d5635f783..d4ca9e6e0f 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1244,6 +1244,36 @@ bool dpy_gl_qemu_dmabuf_get_draw_submitted(QemuDmaBuf *dmabuf) return dmabuf->draw_submitted; } +void dpy_gl_qemu_dmabuf_set_texture(QemuDmaBuf *dmabuf, uint32_t texture) +{ + assert(dmabuf != NULL); + dmabuf->texture = texture; +} + +void dpy_gl_qemu_dmabuf_set_fence_fd(QemuDmaBuf *dmabuf, int32_t fence_fd) +{ + assert(dmabuf != NULL); + dmabuf->fence_fd = fence_fd; +} + +void dpy_gl_qemu_dmabuf_set_sync(QemuDmaBuf *dmabuf, void *sync) +{ + assert(dmabuf != NULL); + dmabuf->sync = sync; +} + +void dpy_gl_qemu_dmabuf_set_draw_submitted(QemuDmaBuf *dmabuf, bool draw_submitted) +{ + assert(dmabuf != NULL); + dmabuf->draw_submitted = draw_submitted; +} + +void dpy_gl_qemu_dmabuf_set_fd(QemuDmaBuf *dmabuf, int32_t fd) +{ + assert(dmabuf != NULL); + dmabuf->fd = fd; +} + void dpy_gl_release_dmabuf(QemuConsole *con, QemuDmaBuf *dmabuf) { diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c index 86d64c68ce..c71a2878c2 100644 --- a/ui/egl-helpers.c +++ b/ui/egl-helpers.c @@ -348,8 +348,8 @@ void egl_dmabuf_import_texture(QemuDmaBuf *dmabuf) return; } - glGenTextures(1, &dmabuf->texture); - texture = dpy_gl_qemu_dmabuf_get_texture(dmabuf); + glGenTextures(1, &texture); + dpy_gl_qemu_dmabuf_set_texture(dmabuf, texture); glBindTexture(GL_TEXTURE_2D, texture); glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR); glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_LINEAR); @@ -368,7 +368,7 @@ void egl_dmabuf_release_texture(QemuDmaBuf *dmabuf) } glDeleteTextures(1, &texture); - dmabuf->texture = 0; + dpy_gl_qemu_dmabuf_set_texture(dmabuf, 0); } void egl_dmabuf_create_sync(QemuDmaBuf *dmabuf) @@ -382,7 +382,7 @@ void egl_dmabuf_create_sync(QemuDmaBuf *dmabuf) sync = eglCreateSyncKHR(qemu_egl_display, EGL_SYNC_NATIVE_FENCE_ANDROID, NULL); if (sync != EGL_NO_SYNC_KHR) { - dmabuf->sync = sync; + dpy_gl_qemu_dmabuf_set_sync(dmabuf, sync); } } } @@ -390,12 +390,14 @@ void egl_dmabuf_create_sync(QemuDmaBuf *dmabuf) void egl_dmabuf_create_fence(QemuDmaBuf *dmabuf) { void *sync = dpy_gl_qemu_dmabuf_get_sync(dmabuf); + int fence_fd; if (sync) { - dmabuf->fence_fd = eglDupNativeFenceFDANDROID(qemu_egl_display, - sync); + fence_fd = eglDupNativeFenceFDANDROID(qemu_egl_display, + sync); + dpy_gl_qemu_dmabuf_set_fence_fd(dmabuf, fence_fd); eglDestroySyncKHR(qemu_egl_display, sync); - dmabuf->sync = NULL; + dpy_gl_qemu_dmabuf_set_sync(dmabuf, NULL); } } diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c index c9469af9ed..7494a34d7c 100644 --- a/ui/gtk-egl.c +++ b/ui/gtk-egl.c @@ -87,7 +87,7 @@ void gd_egl_draw(VirtualConsole *vc) if (!dpy_gl_qemu_dmabuf_get_draw_submitted(dmabuf)) { return; } else { - dmabuf->draw_submitted = false; + dpy_gl_qemu_dmabuf_set_draw_submitted(dmabuf, false); } } #endif @@ -381,7 +381,7 @@ void gd_egl_flush(DisplayChangeListener *dcl, if (vc->gfx.guest_fb.dmabuf && !dpy_gl_qemu_dmabuf_get_draw_submitted(vc->gfx.guest_fb.dmabuf)) { graphic_hw_gl_block(vc->gfx.dcl.con, true); - vc->gfx.guest_fb.dmabuf->draw_submitted = true; + dpy_gl_qemu_dmabuf_set_draw_submitted(vc->gfx.guest_fb.dmabuf, true); gtk_egl_set_scanout_mode(vc, true); gtk_widget_queue_draw_area(area, x, y, w, h); return; diff --git a/ui/gtk-gl-area.c b/ui/gtk-gl-area.c index 193862ecc2..26b9689a5f 100644 --- a/ui/gtk-gl-area.c +++ b/ui/gtk-gl-area.c @@ -63,7 +63,7 @@ void gd_gl_area_draw(VirtualConsole *vc) if (!dpy_gl_qemu_dmabuf_get_draw_submitted(dmabuf)) { return; } else { - dmabuf->draw_submitted = false; + dpy_gl_qemu_dmabuf_set_draw_submitted(dmabuf, false); } } #endif @@ -291,7 +291,7 @@ void gd_gl_area_scanout_flush(DisplayChangeListener *dcl, if (vc->gfx.guest_fb.dmabuf && !dpy_gl_qemu_dmabuf_get_draw_submitted(vc->gfx.guest_fb.dmabuf)) { graphic_hw_gl_block(vc->gfx.dcl.con, true); - vc->gfx.guest_fb.dmabuf->draw_submitted = true; + dpy_gl_qemu_dmabuf_set_draw_submitted(vc->gfx.guest_fb.dmabuf, true); gtk_gl_area_set_scanout_mode(vc, true); } gtk_gl_area_queue_render(GTK_GL_AREA(vc->gfx.drawing_area)); diff --git a/ui/gtk.c b/ui/gtk.c index 2c054a42ba..b6a1f6f897 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -601,7 +601,7 @@ void gd_hw_gl_flushed(void *vcon) fence_fd = dpy_gl_qemu_dmabuf_get_fence_fd(dmabuf); qemu_set_fd_handler(fence_fd, NULL, NULL, NULL); close(fence_fd); - dmabuf->fence_fd = -1; + dpy_gl_qemu_dmabuf_set_fence_fd(dmabuf, -1); graphic_hw_gl_block(vc->gfx.dcl.con, false); } -- 2.34.1