2014-04-04 09:22:21

by Daniel Kurtz

[permalink] [raw]
Subject: [PATCH 1/2] drm/exynos/fbdev: don't set fix.smem/mmio_{start,len}

Kernel access to the eyxnos fbdev framebuffer is via its gem object's
kernel mapping (kvaddr, stored in info->screen_base).

User space access is provided by mmap(), read() and write() of /dev/fb/fb0.
These functions also only use screen_base/screen_size().

Therefore, it is not necessary to set fix->smem_{start,len} or
fix->mmio_{start,len} fields.

This avoids leaking kernel, physical and dma mapped addresses to user
space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.

Signed-off-by: Daniel Kurtz <[email protected]>
---
drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 -------
1 file changed, 7 deletions(-)

diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
index 5fa342e..2dcc589 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
@@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,

dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr;
fbi->screen_base = buffer->kvaddr + offset;
- if (is_drm_iommu_supported(dev))
- fbi->fix.smem_start = (unsigned long)
- (page_to_phys(sg_page(buffer->sgt->sgl)) + offset);
- else
- fbi->fix.smem_start = (unsigned long)buffer->dma_addr;
-
fbi->screen_size = size;
- fbi->fix.smem_len = size;

return 0;
}
--
1.9.1.423.g4596e3a


2014-04-04 09:22:40

by Daniel Kurtz

[permalink] [raw]
Subject: [PATCH 2/2] drm/exynos/fbdev: don't set mode_config.fb_base

AFAICT, the fb_base of a drm_device's mode_config is never used. It isn't
accessed by core drm, it isn't used by fbmem, and it isn't exposed to user
space.

Furthermore, it is probably supposed to be a physical address, not the
dma address mapped to the display controller, so this is just wrong.

Signed-off-by: Daniel Kurtz <[email protected]>
---
drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
index 2dcc589..3270a36 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
@@ -121,7 +121,6 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
offset = fbi->var.xoffset * (fb->bits_per_pixel >> 3);
offset += fbi->var.yoffset * fb->pitches[0];

- dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr;
fbi->screen_base = buffer->kvaddr + offset;
fbi->screen_size = size;

--
1.9.1.423.g4596e3a

2014-06-19 23:59:46

by Siarhei Siamashka

[permalink] [raw]
Subject: Re: [PATCH 1/2] drm/exynos/fbdev: don't set fix.smem/mmio_{start,len}

On Fri, 4 Apr 2014 17:22:01 +0800
Daniel Kurtz <[email protected]> wrote:

> Kernel access to the eyxnos fbdev framebuffer is via its gem object's
> kernel mapping (kvaddr, stored in info->screen_base).
>
> User space access is provided by mmap(), read() and write() of /dev/fb/fb0.
> These functions also only use screen_base/screen_size().
>
> Therefore, it is not necessary to set fix->smem_{start,len} or
> fix->mmio_{start,len} fields.
>
> This avoids leaking kernel, physical and dma mapped addresses to user
> space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.
>
> Signed-off-by: Daniel Kurtz <[email protected]>
> ---
> drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 -------
> 1 file changed, 7 deletions(-)
>
> diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> index 5fa342e..2dcc589 100644
> --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> @@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
>
> dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr;
> fbi->screen_base = buffer->kvaddr + offset;
> - if (is_drm_iommu_supported(dev))
> - fbi->fix.smem_start = (unsigned long)
> - (page_to_phys(sg_page(buffer->sgt->sgl)) + offset);
> - else
> - fbi->fix.smem_start = (unsigned long)buffer->dma_addr;
> -
> fbi->screen_size = size;
> - fbi->fix.smem_len = size;

Can we keep proper initialization of 'smem_len'? Some userland
applications use it for calculating the size for mmap:

http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/fbdevhw/fbdevhw.c?id=xorg-server-1.15.99.903#n571

>
> return 0;
> }

Basically, this patch breaks the xf86-video-fbdev ddx and some users
are already unhappy.

--
Best regards,
Siarhei Siamashka

2014-06-20 12:15:29

by Daniel Kurtz

[permalink] [raw]
Subject: Re: [PATCH 1/2] drm/exynos/fbdev: don't set fix.smem/mmio_{start,len}

On Fri, Jun 20, 2014 at 7:59 AM, Siarhei Siamashka
<[email protected]> wrote:
>
> On Fri, 4 Apr 2014 17:22:01 +0800
> Daniel Kurtz <[email protected]> wrote:
>
> > Kernel access to the eyxnos fbdev framebuffer is via its gem object's
> > kernel mapping (kvaddr, stored in info->screen_base).
> >
> > User space access is provided by mmap(), read() and write() of /dev/fb/fb0.
> > These functions also only use screen_base/screen_size().
> >
> > Therefore, it is not necessary to set fix->smem_{start,len} or
> > fix->mmio_{start,len} fields.
> >
> > This avoids leaking kernel, physical and dma mapped addresses to user
> > space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.
> >
> > Signed-off-by: Daniel Kurtz <[email protected]>
> > ---
> > drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 -------
> > 1 file changed, 7 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> > index 5fa342e..2dcc589 100644
> > --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> > +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c
> > @@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
> >
> > dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr;
> > fbi->screen_base = buffer->kvaddr + offset;
> > - if (is_drm_iommu_supported(dev))
> > - fbi->fix.smem_start = (unsigned long)
> > - (page_to_phys(sg_page(buffer->sgt->sgl)) + offset);
> > - else
> > - fbi->fix.smem_start = (unsigned long)buffer->dma_addr;
> > -
> > fbi->screen_size = size;
> > - fbi->fix.smem_len = size;
>
> Can we keep proper initialization of 'smem_len'? Some userland
> applications use it for calculating the size for mmap:
>
> http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/fbdevhw/fbdevhw.c?id=xorg-server-1.15.99.903#n571
>
> >
> > return 0;
> > }
>
> Basically, this patch breaks the xf86-video-fbdev ddx and some users
> are already unhappy.


I'm so sorry this patch broke things for some users.
Can you upload a patch to correct it?
I'll happily review it.

-djk

>
>
> --
> Best regards,
> Siarhei Siamashka