There can still be other contexts that may use page flipping later on, so don't
just unilaterally 'clean it up', which could lead to the wrong page being
displayed, e.g. when running 3D apps with a GLX compositing manager such as
compiz using page flipping.
Replace r300_check_offset() with generic radeon_check_offset(), which doesn't
reject valid offsets when the framebuffer area is at the very end of the card's
32 bit address space. Make radeon_check_and_fixup_offset() use
radeon_check_offset() as well.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=7697 .
This takes up two more ring buffer entries per rectangle blitted but makes sure
the blit is performed top to bottom, reducing the likelyhood of tearing.
The overflows could cause valid offsets to get rejected under some
circumstances, e.g. when the framebuffer resides at the very end of the card's
address space.
more problems with flickering (bug #6637). drm may not be appropriate
place for this, since doing that flush there might both be overkill and
insufficient in some cases. However, it's hard to figure out when that
flush is needed, so this has to suffice. There does not seem to be a
performance penalty associated with it.
that particular file. Its contents have changed a good bit since the
original sis code, and the original sis code didn't care much about
attribution since it routinely disclaims Precision Insight/VA Linux
from responsibility. Also, adjust formatting around license headers
(have a comment open immediately before the "Copyright" line, not as a
runon of any previous comments) for automatic processing into FreeBSD,
where /*- is used to signal the beginning of license headers for
automatic compilation of license lists.
R200_EMIT_PP_TXCTLALL_0-5 (replaces R200_EMIT_PP_TXFILTER_0-5, 2 more
regs) and R200_EMIT_ATF_TFACTOR (replaces R200_EMIT_TFACTOR_0 (8 consts
instead of 6)
understandable: preinit -> load postinit -> (removed) presetup ->
firstopen postsetup -> (removed) open_helper -> open prerelease ->
preclose free_filp_priv -> postclose pretakedown -> lastclose
postcleanup -> unload release -> reclaim_buffers_locked version ->
(removed)
postinit and version were replaced with generic code in the Linux DRM
(drivers now set their version numbers and description in the driver
structure, like on BSD). postsetup wasn't used at all. Fixes the savage
hooks for initializing and tearing down mappings at the right times.
Testing involved at least starting X, running glxgears, killing
glxgears, exiting X, and repeating.
Tested on: FreeBSD (g200, g400, r200, r128) Linux (r200, savage4)
privileges on Radeon hardware. Essentially, a malicious program could
submit a packet containing an offset (possibly in main memory) to be
rendered from/to, while a separate thread switched that offset in
userspace rapidly between a valid value and an invalid one.
radeon_check_and_fixup_offset() would pull the offset in from user
space, check it, and spit it back out to user space to be copied in
later by the emit code. It would sometimes catch the bad value, but
sometimes the malicious program could modify it after the check and get
an invalid offset rendered from/to.
Fix this by allocating a temporary buffer and copying the data in at once.
While here, make the cliprects stuff not do the VERIFYAREA_READ and
COPY_FROM_USER_UNCHECKED gymnastics, avoiding a lock order reversal on
FreeBSD. Performance impact is negligible -- no difference on r200 to
~1% improvement on rv200 in quake3 tests (P4 1Ghz, demofour at
1024x768, n=4 or 5).
Dave Airlie
Michel Dänzer
Roland Scheidegger
Roland Scheidegger
Dave Airlie
Eric Anholt
Jon Smirl