Replace r300_check_offset() with generic radeon_check_offset(), which doesn't
reject valid offsets when the framebuffer area is at the very end of the card's
32 bit address space. Make radeon_check_and_fixup_offset() use
radeon_check_offset() as well.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=7697 .
This takes up two more ring buffer entries per rectangle blitted but makes sure
the blit is performed top to bottom, reducing the likelyhood of tearing.
Commit 2a47f6bfec caused the CHIP_IS_AGP flag to
get 'restored' with PCI(e) cards. I can't think of a way to fix this without
introducing a (otherwise redundant) CHIP_IS_PCI flag.
Not doing this might waste bus bandwidth or even cause memory corruption or
system crashes on systems that check bus transfers. No such incident has been
reported though.
chips may be problematic). Leave the existing entries for new chips in
though. Remove ids not known by ddx (secondary ids, non-existant,...).
Correct some entries (name/family). Make the radeon family enum look
more alike the ddx/dri versions. See #5413
R200_EMIT_PP_TXCTLALL_0-5 (replaces R200_EMIT_PP_TXFILTER_0-5, 2 more
regs) and R200_EMIT_ATF_TFACTOR (replaces R200_EMIT_TFACTOR_0 (8 consts
instead of 6)
understandable: preinit -> load postinit -> (removed) presetup ->
firstopen postsetup -> (removed) open_helper -> open prerelease ->
preclose free_filp_priv -> postclose pretakedown -> lastclose
postcleanup -> unload release -> reclaim_buffers_locked version ->
(removed)
postinit and version were replaced with generic code in the Linux DRM
(drivers now set their version numbers and description in the driver
structure, like on BSD). postsetup wasn't used at all. Fixes the savage
hooks for initializing and tearing down mappings at the right times.
Testing involved at least starting X, running glxgears, killing
glxgears, exiting X, and repeating.
Tested on: FreeBSD (g200, g400, r200, r128) Linux (r200, savage4)
code duplication, and it also hands you the map pointer so you don't
need to re-find it.
- Remove the permanent maps flag. Instead, for register and framebuffer
maps, we always check whether there's already a map of that type and
offset around. Move the Radeon map initialization into presetup (first
open) so it happens again after every takedown.
- Remove the split cleanup of maps between driver takedown (last close) and
cleanup (module unload). Instead, always tear down maps on takedown,
and drivers can recreate them on first open.
- Make MGA always use addmap, instead of allocating consistent memory in
the PCI case and then faking up a map for it, which accomplished nearly
the same thing, in a different order. Note that the maps are exposed to
the user again: we may want to expose a flag to avoid this, but it's
not a security concern, and saves us a lot of code.
- Remove rmmaps in the MGA driver. Since the function is only called during
takedown anyway, we can let them die a natural death.
- Make removal of maps happen in one function, which is called by both
drm_takedown and drm_rmmap_ioctl.
Reviewed by: idr (previous revision) Tested on: mga (old/new/pci dma),
radeon, savage
privileges on Radeon hardware. Essentially, a malicious program could
submit a packet containing an offset (possibly in main memory) to be
rendered from/to, while a separate thread switched that offset in
userspace rapidly between a valid value and an invalid one.
radeon_check_and_fixup_offset() would pull the offset in from user
space, check it, and spit it back out to user space to be copied in
later by the emit code. It would sometimes catch the bad value, but
sometimes the malicious program could modify it after the check and get
an invalid offset rendered from/to.
Fix this by allocating a temporary buffer and copying the data in at once.
While here, make the cliprects stuff not do the VERIFYAREA_READ and
COPY_FROM_USER_UNCHECKED gymnastics, avoiding a lock order reversal on
FreeBSD. Performance impact is negligible -- no difference on r200 to
~1% improvement on rv200 in quake3 tests (P4 1Ghz, demofour at
1024x768, n=4 or 5).
Dave Airlie
Michel Dänzer
Dave Airlie
Roland Scheidegger
Aapo Tahkola
Eric Anholt
Jon Smirl