[oe-commits] Martin Jansa : xf86-video-glamo: fix stack corruption from overflowing cmdq

git version control git at git.openembedded.org
Mon Nov 15 21:08:19 UTC 2010 

Module: openembedded.git
Branch: master
Commit: a02d3d0eefe03576c33294b4201fdbe6bde21cde
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=a02d3d0eefe03576c33294b4201fdbe6bde21cde

Author: Martin Jansa <Martin.Jansa at gmail.com>
Date:   Mon Nov 15 21:58:14 2010 +0100

xf86-video-glamo: fix stack corruption from overflowing cmdq

Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>

---

 ...efine-GLAMO_CMDQ_MAX_COUNT-instead-of-mag.patch |   66 ++++++++++++++++++++
 recipes/xorg-driver/xf86-video-glamo_git.bb        |    3 +-
 2 files changed, 68 insertions(+), 1 deletions(-)

diff --git a/recipes/xorg-driver/xf86-video-glamo/0001-glamo-drm-define-GLAMO_CMDQ_MAX_COUNT-instead-of-mag.patch b/recipes/xorg-driver/xf86-video-glamo/0001-glamo-drm-define-GLAMO_CMDQ_MAX_COUNT-instead-of-mag.patch
new file mode 100644
index 0000000..0c7350f
--- /dev/null
+++ b/recipes/xorg-driver/xf86-video-glamo/0001-glamo-drm-define-GLAMO_CMDQ_MAX_COUNT-instead-of-mag.patch
@@ -0,0 +1,66 @@
+From e2d0f9a3ba7f36b0b8ac8d736dd76da6e5e07f38 Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa at gmail.com>
+Date: Fri, 29 Oct 2010 11:19:08 +0200
+Subject: [PATCH] glamo-drm: define GLAMO_CMDQ_MAX_COUNT instead of magic constant 1024
+
+* fix check for full queue, because size != count here
+* make sure we have enough space in queue for 2 resp. 4 more commands in
+  GlamoDRMAddCommand resp. GlamoDRMAddCommandBO
+
+Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
+---
+ src/glamo-drm.c |   16 +++++++++++-----
+ 1 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/src/glamo-drm.c b/src/glamo-drm.c
+index aac93bb..01e8510 100644
+--- a/src/glamo-drm.c
++++ b/src/glamo-drm.c
+@@ -32,6 +32,8 @@
+ 
+ #include "glamo.h"
+ 
++/* How many commands can be stored before forced dispatch */
++#define GLAMO_CMDQ_MAX_COUNT 1024
+ 
+ /* Submit the prepared command sequence to the kernel */
+ void GlamoDRMDispatch(GlamoPtr pGlamo)
+@@ -60,7 +62,7 @@ void GlamoDRMDispatch(GlamoPtr pGlamo)
+ 
+ void GlamoDRMAddCommand(GlamoPtr pGlamo, uint16_t reg, uint16_t val)
+ {
+-	if ( pGlamo->cmdq_drm_used == pGlamo->cmdq_drm_size ) {
++	if ( pGlamo->cmdq_drm_used >= GLAMO_CMDQ_MAX_COUNT - 2 ) {
+ 		xf86DrvMsg(pGlamo->pScreen->myNum, X_INFO,
+ 		           "Forced command cache flush.\n");
+ 		GlamoDRMDispatch(pGlamo);
+@@ -74,7 +76,8 @@ void GlamoDRMAddCommand(GlamoPtr pGlamo, uint16_t reg, uint16_t val)
+ 
+ void GlamoDRMAddCommandBO(GlamoPtr pGlamo, uint16_t reg, struct glamo_bo *bo)
+ {
+-	if ( pGlamo->cmdq_drm_used == pGlamo->cmdq_drm_size ) {
++	if ( pGlamo->cmdq_drm_used >= GLAMO_CMDQ_MAX_COUNT - 4 ||
++	       pGlamo->cmdq_obj_used >= GLAMO_CMDQ_MAX_COUNT) {
+ 		xf86DrvMsg(pGlamo->pScreen->myNum, X_INFO,
+ 		           "Forced command cache flush.\n");
+ 		GlamoDRMDispatch(pGlamo);
+@@ -98,10 +101,13 @@ void GlamoDRMAddCommandBO(GlamoPtr pGlamo, uint16_t reg, struct glamo_bo *bo)
+ 
+ void GlamoDRMInit(GlamoPtr pGlamo)
+ {
+-	pGlamo->cmdq_objs = malloc(1024);
+-	pGlamo->cmdq_obj_pos = malloc(1024);
++	pGlamo->cmdq_objs = malloc(GLAMO_CMDQ_MAX_COUNT);
++	pGlamo->cmdq_obj_pos = malloc(GLAMO_CMDQ_MAX_COUNT);
+ 	pGlamo->cmdq_obj_used = 0;
+ 	pGlamo->cmdq_drm_used = 0;
+-	pGlamo->cmdq_drm_size = 4 * 1024;
++	/* we're using 2bytes per entry (uint16_t) that's why we need to allocate
++	 * GLAMO_CMDQ_MAX_COUNT * 2 bytes
++	 */
++	pGlamo->cmdq_drm_size = 2 * GLAMO_CMDQ_MAX_COUNT;
+ 	pGlamo->cmdq_drm = malloc(pGlamo->cmdq_drm_size);
+ }
+-- 
+1.7.3.2
+
diff --git a/recipes/xorg-driver/xf86-video-glamo_git.bb b/recipes/xorg-driver/xf86-video-glamo_git.bb
index d080181..4279ea2 100644
--- a/recipes/xorg-driver/xf86-video-glamo_git.bb
+++ b/recipes/xorg-driver/xf86-video-glamo_git.bb
@@ -4,9 +4,10 @@ DEPENDS += "libdrm"
 RDEPENDS_${PN} = "xserver-xorg-extension-dri xserver-xorg-extension-dri2 xserver-xorg-extension-glx mesa-dri"
 PE = "2"
 PV = "1.0.0+gitr${SRCPV}"
-PR = "${INC_PR}.4"
+PR = "${INC_PR}.5"
 
 SRC_URI = "git://git.openmoko.org/git/xf86-video-glamo.git;protocol=git;branch=master \
+           file://0001-glamo-drm-define-GLAMO_CMDQ_MAX_COUNT-instead-of-mag.patch \
           "
 
 S = "${WORKDIR}/git"

More information about the Openembedded-commits mailing list