lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140620025938.2e80efa0@i7>
Date:	Fri, 20 Jun 2014 02:59:38 +0300
From:	Siarhei Siamashka <siarhei.siamashka@...il.com>
To:	Daniel Kurtz <djkurtz@...omium.org>
Cc:	Inki Dae <inki.dae@...sung.com>, dri-devel@...ts.freedesktop.org,
	Kukjin Kim <kgene.kim@...sung.com>,
	Seung-Woo Kim <sw0312.kim@...sung.com>,
	linux-kernel@...r.kernel.org,
	Kyungmin Park <kyungmin.park@...sung.com>,
	linux-samsung-soc@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH 1/2] drm/exynos/fbdev: don't set
 fix.smem/mmio_{start,len}

On Fri,  4 Apr 2014 17:22:01 +0800
Daniel Kurtz <djkurtz@...omium.org> wrote:

> Kernel access to the eyxnos fbdev framebuffer is via its gem object's
> kernel mapping (kvaddr, stored in info->screen_base).
> 
> User space access is provided by mmap(), read() and write() of /dev/fb/fb0.
> These functions also only use screen_base/screen_size().
> 
> Therefore, it is not necessary to set fix->smem_{start,len} or
> fix->mmio_{start,len} fields.
> 
> This avoids leaking kernel, physical and dma mapped addresses to user
> space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.
> 
> Signed-off-by: Daniel Kurtz <djkurtz@...omium.org>
> ---
>  drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 -------
>  1 file changed, 7 deletions(-)
> 
> diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> index 5fa342e..2dcc589 100644
> --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> @@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
>  
>  	dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr;
>  	fbi->screen_base = buffer->kvaddr + offset;
> -	if (is_drm_iommu_supported(dev))
> -		fbi->fix.smem_start = (unsigned long)
> -			(page_to_phys(sg_page(buffer->sgt->sgl)) + offset);
> -	else
> -		fbi->fix.smem_start = (unsigned long)buffer->dma_addr;
> -
>  	fbi->screen_size = size;
> -	fbi->fix.smem_len = size;

Can we keep proper initialization of 'smem_len'? Some userland
applications use it for calculating the size for mmap:

    http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/fbdevhw/fbdevhw.c?id=xorg-server-1.15.99.903#n571

>  
>  	return 0;
>  }

Basically, this patch breaks the xf86-video-fbdev ddx and some users
are already unhappy.

-- 
Best regards,
Siarhei Siamashka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ