with IOMMUs and such. There is one usage of the forbidden vtophys()
left in drm_scatter.c which will be fixed up soon. This required a KPI
change for drm_pci_alloc/free() to return/use a drm_dma_handle_t that
keeps track of os-specific bits, rather than just passing around the
vaddr/busaddr/size.
Submitted by: Tonnerre Lombard (partially) Tested on: FreeBSD: Rage128
AGP/PCI Linux: Savage4 AGP/PCI
privileges on Radeon hardware. Essentially, a malicious program could
submit a packet containing an offset (possibly in main memory) to be
rendered from/to, while a separate thread switched that offset in
userspace rapidly between a valid value and an invalid one.
radeon_check_and_fixup_offset() would pull the offset in from user
space, check it, and spit it back out to user space to be copied in
later by the emit code. It would sometimes catch the bad value, but
sometimes the malicious program could modify it after the check and get
an invalid offset rendered from/to.
Fix this by allocating a temporary buffer and copying the data in at once.
While here, make the cliprects stuff not do the VERIFYAREA_READ and
COPY_FROM_USER_UNCHECKED gymnastics, avoiding a lock order reversal on
FreeBSD. Performance impact is negligible -- no difference on r200 to
~1% improvement on rv200 in quake3 tests (P4 1Ghz, demofour at
1024x768, n=4 or 5).
FreeBSD. Add drm_get_resource_{start|len} so linux-specific stuff
doesn't need to be in shared code.
- Fix mach64 build by using __DECONST to work around passing a const
pointer to useracc, which is unfortunately not marked const.
- Get rid of a lot of maplist code by not having dev->maplist be a pointer,
and by sticking the link entries directly in drm_local_map_t rather
than having a separate structure for the linked list.
- Factor out map uninit and removal into its own routine, rather than
duplicating in both drm_takedown() and drm_rmmap().
- Hook up more driver functions, and correct FreeBSD-specific bits of
radeon_cp.c, making radeon work.
- Baby steps towards using bus_space as we should.
ioctls with dev_lock, which is a major step toward being able to remove
Giant. Covers some new pieces (dev->unique*) in the core, and avoids
one call down into system internals with the drm lock held, which is
usually bad (FreeBSD LOR #23, #27).
code. Remove the "drv" from sisdrv, as it's unnecessary. Use the
drm_pci functions in i915 instead of per-os implementations of the
same. Avoid whitespace within fields in drm_pciids.txt (one of the r300
definitions), since it breaks the bsd pciids script. Tested on sis,
mga, r128. i915 needs more work.
done by Martin Lexa (martin at martinlexa dot cz). Now that we've got
porting for all three major BSDs (and the fourth being very similar to
FreeBSD), move the mostly-duplication drm_os_* files into drmP.h.
Remove some cruft from linux heritage and from pieces of the DRM that
have since been removed.
Note that things are still not quite working for even FreeBSD, but these
are first steps at cleanup, and just a WIP checkpoint.
martinlexa dot cz). Now that we've got porting for all three major BSDs
(and the fourth being very similar to FreeBSD), move the
mostly-duplication drm_os_* files into drmP.h. Remove some cruft from
linux heritage and from pieces of the DRM that have since been removed.
Note that things are still not quite working for even FreeBSD, but these
are first steps at cleanup, and just a WIP checkpoint.
DRM_IOCTL_VIA_DMA_INIT DRM_IOCTL_VIA_CMDBUFFER DRM_IOCTL_VIA_FLUSH
The first ioctl sets up an area in AGP memory that will be used as the ring
buffer. The second ioctl copies a command buffer from user space memory
to the ring buffer. The third ioctl waits for engine idle until it
returns.
The motivation for this patch is to avoid the wait for engine idle call
before each buffer flush in the current DRI driver. With this patch,
the DRI driver can continue to flush its buffer as long as there is
free space in the ring buffer.
This patch adds an additional copy operation on the command buffer. This
buffer copying is necessary to support multiple DRI clients rendering
simultaneously. Otherwise, more CPU time will be spent in the busy loop
waiting for engine idle between DRI context switch. Even in the single
client case, the tradeoff is reasonable in comparision to the kernel
call to check for free buffer space for the client to render directly
to the ring buffer.