privileges on Radeon hardware. Essentially, a malicious program could
submit a packet containing an offset (possibly in main memory) to be
rendered from/to, while a separate thread switched that offset in
userspace rapidly between a valid value and an invalid one.
radeon_check_and_fixup_offset() would pull the offset in from user
space, check it, and spit it back out to user space to be copied in
later by the emit code. It would sometimes catch the bad value, but
sometimes the malicious program could modify it after the check and get
an invalid offset rendered from/to.
Fix this by allocating a temporary buffer and copying the data in at once.
While here, make the cliprects stuff not do the VERIFYAREA_READ and
COPY_FROM_USER_UNCHECKED gymnastics, avoiding a lock order reversal on
FreeBSD. Performance impact is negligible -- no difference on r200 to
~1% improvement on rv200 in quake3 tests (P4 1Ghz, demofour at
1024x768, n=4 or 5).
FreeBSD. Add drm_get_resource_{start|len} so linux-specific stuff
doesn't need to be in shared code.
- Fix mach64 build by using __DECONST to work around passing a const
pointer to useracc, which is unfortunately not marked const.
- Get rid of a lot of maplist code by not having dev->maplist be a pointer,
and by sticking the link entries directly in drm_local_map_t rather
than having a separate structure for the linked list.
- Factor out map uninit and removal into its own routine, rather than
duplicating in both drm_takedown() and drm_rmmap().
- Hook up more driver functions, and correct FreeBSD-specific bits of
radeon_cp.c, making radeon work.
- Baby steps towards using bus_space as we should.
The attached patch adds a new buffer type DRM_FB_BUFFER. It works like AGP
memory but uses video memory.
From: austinyuan@viatech.com.cn (fd.o bug 1668) Signed-off-by: Dave Airlie
<airlied@linux.ie>
implementation errors). Direct hardware (MMIO, BCI) access is no longer
needed in the Mesa driver. Bumped version to 2.0.0. Corresponding
changes to the DDX and Mesa drivers are being committed.
code. Remove the "drv" from sisdrv, as it's unnecessary. Use the
drm_pci functions in i915 instead of per-os implementations of the
same. Avoid whitespace within fields in drm_pciids.txt (one of the r300
definitions), since it breaks the bsd pciids script. Tested on sis,
mga, r128. i915 needs more work.