privileges on Radeon hardware. Essentially, a malicious program could
submit a packet containing an offset (possibly in main memory) to be
rendered from/to, while a separate thread switched that offset in
userspace rapidly between a valid value and an invalid one.
radeon_check_and_fixup_offset() would pull the offset in from user
space, check it, and spit it back out to user space to be copied in
later by the emit code. It would sometimes catch the bad value, but
sometimes the malicious program could modify it after the check and get
an invalid offset rendered from/to.
Fix this by allocating a temporary buffer and copying the data in at once.
While here, make the cliprects stuff not do the VERIFYAREA_READ and
COPY_FROM_USER_UNCHECKED gymnastics, avoiding a lock order reversal on
FreeBSD. Performance impact is negligible -- no difference on r200 to
~1% improvement on rv200 in quake3 tests (P4 1Ghz, demofour at
1024x768, n=4 or 5).
FreeBSD. Add drm_get_resource_{start|len} so linux-specific stuff
doesn't need to be in shared code.
- Fix mach64 build by using __DECONST to work around passing a const
pointer to useracc, which is unfortunately not marked const.
- Get rid of a lot of maplist code by not having dev->maplist be a pointer,
and by sticking the link entries directly in drm_local_map_t rather
than having a separate structure for the linked list.
- Factor out map uninit and removal into its own routine, rather than
duplicating in both drm_takedown() and drm_rmmap().
- Hook up more driver functions, and correct FreeBSD-specific bits of
radeon_cp.c, making radeon work.
- Baby steps towards using bus_space as we should.
Implemented SAVAGE_CMD_DMA_IDX and SAVAGE_CMD_VB_IDX for ELTs support in
the _savage_render_stage of the 3D driver
Bumped minor version and driver date
The attached patch adds a new buffer type DRM_FB_BUFFER. It works like AGP
memory but uses video memory.
From: austinyuan@viatech.com.cn (fd.o bug 1668) Signed-off-by: Dave Airlie
<airlied@linux.ie>
passed to the cmdbuf ioctl (try xeyes on top of glxgears ;-)
Tightened the texture state check
Bumped Savage DRM version to 2.1.0 so that DRI driver can (theoretically)
depend on the DRM to manage the scissor registers
Release video futexes when context is destroyed (This was previously done
by the X server).
Added New Unichrome Pro VIDEO DMA commands to the verifier.
Added Quiescent heavyweight lock mode.
implementation errors). Direct hardware (MMIO, BCI) access is no longer
needed in the Mesa driver. Bumped version to 2.0.0. Corresponding
changes to the DDX and Mesa drivers are being committed.
bug in the cmdbuf_size ioctl. Modified ring-buffer jump code AGAIN, due
to new oddities discovered on the Unichrome Pro with faster processors.
Bumped patchlevel and driver date.
1. Improved security check of AGP texture adresses.
2. Hopefully last fix of ring-buffer jump oddities.
3. Added ioctl to check available space and command regulator lag in
ring-buffer. This is needed for 3D application responsiveness.
1. The command verifier was never initialized in the non-core source tree.
2. Check added that the AGP ring buffer has been initialized before
accepting command buffer.
3. Free space check in the AGP buffer is moved to after command
verification, which is more optimal in most cases.
drivers/char/drm/sis_ds.h:88:12: warning: dubious one-bit signed
bitfield drivers/char/drm/sis_ds.h:89:16: warning: dubious one-bit
signed bitfield
Signed-off-by: Randy Dunlap <rddunlap@osdl.org> Signed-off-by: Dave Airlie
<airlied@linux.ie>
driver. It can now handle the 3D OpenGL commands from the Mesa
unichrome driver.
Added vsync frequency detection support. This will be used in the future
for XvMC and better frame timing.
Bumped minor version number and driver date.
Michel Daenzer
Eric Anholt
Thomas Hellstrom
Roland Scheidegger
Dave Airlie
Felix Kuehling
Adam Jackson
Jose Fonseca
Alan Hourihane
Keith Whitwell