On Mon, 18 May 2009 11:56:16 +1000
Benjamin Herrenschmidt <b...@kernel.crashing.org> wrote:
> Currently, userspace fail to obtain the SAREA mapping (among others)
> because they pass SAREA_MAX to drmAddMap without aligning it to the
> page size. This breaks for example on PowerPC with 64K pages and
> radeon despite the kernel radeon actually doing the right rouding in
> the first place.
>
> The way SAREA_MAX is defined with a bunch of ifdef's and duplicated
> between libdrm and the X server is gross, ultimately it should be
> retrieved by userspace from the kernel, but in the meantime, we have
> plenty of existing userspace built with bad values that need to work.
>
> This works around it by rounding the requested size in
> drm_addmap_core() of any SHM map to the page size. Since those maps
> backing memory is allocated within addmap_core, there is no security
> issue involved, the only side effect is that drivers that previous
> tries to create or access SHM maps using a size < PAGE_SIZE and would
> have failed (-EINVAL) will no succeed at the cost of a little bit
> more memory used if that happens to be when the map is created.
>
> Signed-off-by: Benjamin Herrenschmidt <b...@kernel.crashing.org>
> ---
>
> That replaces my previous attempt. This is safer and cleaner and still
> fixes the radeon problem. Other drivers having other type of maps with
> incorrect sizes will need proper fixes but they did anyway.
>
> Index: linux-work/drivers/gpu/drm/drm_bufs.c
> ===================================================================
> --- linux-work.orig/drivers/gpu/drm/drm_bufs.c 2009-05-18
> 10:50:04.000000000 +1000 +++
> linux-work/drivers/gpu/drm/drm_bufs.c 2009-05-18
> 11:47:25.000000000 +1000 @@ -170,6 +170,14 @@ static int
> drm_addmap_core(struct drm_de } DRM_DEBUG("offset = 0x%08llx, size =
> 0x%08lx, type = %d\n", (unsigned long long)map->offset, map->size,
> map->type); +
> + /* page-align _DRM_SHM maps. They are allocated here so
> there is no security
> + * hole created by that and it works around various broken
> drivers that use
> + * a non-aligned quantity to map the SAREA. --BenH
> + */
> + if (map->type == _DRM_SHM)
> + map->size = PAGE_ALIGN(map->size);
> +
> if ((map->offset & (~(resource_size_t)PAGE_MASK)) ||
> (map->size & (~PAGE_MASK))) { drm_free(map, sizeof(*map),
> DRM_MEM_MAPS); return -EINVAL;
Applied to my for-linus branch, thanks Ben.
--
Jesse Barnes, Intel Open Source Technology Center
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
--
_______________________________________________
Dri-devel mailing list
Dri-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dri-devel
