Module Name: src
Committed By: chs
Date: Sun Jun 17 15:15:34 UTC 2012
Modified Files:
src/sys/external/bsd/drm/dist/bsd-core: drm_bufs.c
Log Message:
when freeing the DRM_SHM kernel memory that can be mapped by a user process,
remove any user mappings before freeing the memory, so that a user process
doesn't have still have access to that physical memory after it's reused.
this really shouldn't be using kernel malloc'd memory at all,
but changing that would be much more involved.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/external/bsd/drm/dist/bsd-core/drm_bufs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/drm/dist/bsd-core/drm_bufs.c
diff -u src/sys/external/bsd/drm/dist/bsd-core/drm_bufs.c:1.10 src/sys/external/bsd/drm/dist/bsd-core/drm_bufs.c:1.11
--- src/sys/external/bsd/drm/dist/bsd-core/drm_bufs.c:1.10 Sun Jan 29 11:49:02 2012
+++ src/sys/external/bsd/drm/dist/bsd-core/drm_bufs.c Sun Jun 17 15:15:34 2012
@@ -316,6 +316,22 @@ int drm_addmap_ioctl(struct drm_device *
return 0;
}
+static void
+drm_rmmap_user(void *addr, size_t size)
+{
+ vaddr_t va, eva;
+ paddr_t pa;
+ struct vm_page *pg;
+
+ va = (vaddr_t)addr;
+ eva = va + size;
+ for (; va < eva; va += PAGE_SIZE) {
+ pmap_extract(pmap_kernel(), va, &pa);
+ pg = PHYS_TO_VM_PAGE(pa);
+ pmap_page_protect(pg, VM_PROT_NONE);
+ }
+}
+
void drm_rmmap(struct drm_device *dev, drm_local_map_t *map)
{
DRM_SPINLOCK_ASSERT(&dev->dev_lock);
@@ -338,6 +354,11 @@ void drm_rmmap(struct drm_device *dev, d
}
break;
case _DRM_SHM:
+
+ /*
+ * Remove any user mappings before we free the kernel memory.
+ */
+ drm_rmmap_user(map->handle, map->size);
free(map->handle, DRM_MEM_MAPS);
break;
case _DRM_AGP:
