Kernel access to the eyxnos fbdev framebuffer is via its gem object's kernel mapping (kvaddr, stored in info->screen_base).
User space access is provided by mmap(), read() and write() of /dev/fb/fb0. These functions also only use screen_base/screen_size().
Therefore, it is not necessary to set fix->smem_{start,len} or fix->mmio_{start,len} fields.
This avoids leaking kernel, physical and dma mapped addresses to user space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.
Signed-off-by: Daniel Kurtz djkurtz@chromium.org --- drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c index 5fa342e..2dcc589 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c @@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr; fbi->screen_base = buffer->kvaddr + offset; - if (is_drm_iommu_supported(dev)) - fbi->fix.smem_start = (unsigned long) - (page_to_phys(sg_page(buffer->sgt->sgl)) + offset); - else - fbi->fix.smem_start = (unsigned long)buffer->dma_addr; - fbi->screen_size = size; - fbi->fix.smem_len = size;
return 0; }
AFAICT, the fb_base of a drm_device's mode_config is never used. It isn't accessed by core drm, it isn't used by fbmem, and it isn't exposed to user space.
Furthermore, it is probably supposed to be a physical address, not the dma address mapped to the display controller, so this is just wrong.
Signed-off-by: Daniel Kurtz djkurtz@chromium.org --- drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c index 2dcc589..3270a36 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c @@ -121,7 +121,6 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper, offset = fbi->var.xoffset * (fb->bits_per_pixel >> 3); offset += fbi->var.yoffset * fb->pitches[0];
- dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr; fbi->screen_base = buffer->kvaddr + offset; fbi->screen_size = size;
On Fri, 4 Apr 2014 17:22:01 +0800 Daniel Kurtz djkurtz@chromium.org wrote:
Kernel access to the eyxnos fbdev framebuffer is via its gem object's kernel mapping (kvaddr, stored in info->screen_base).
User space access is provided by mmap(), read() and write() of /dev/fb/fb0. These functions also only use screen_base/screen_size().
Therefore, it is not necessary to set fix->smem_{start,len} or fix->mmio_{start,len} fields.
This avoids leaking kernel, physical and dma mapped addresses to user space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.
Signed-off-by: Daniel Kurtz djkurtz@chromium.org
drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c index 5fa342e..2dcc589 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c @@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr; fbi->screen_base = buffer->kvaddr + offset;
- if (is_drm_iommu_supported(dev))
fbi->fix.smem_start = (unsigned long)(page_to_phys(sg_page(buffer->sgt->sgl)) + offset);- else
fbi->fix.smem_start = (unsigned long)buffer->dma_addr;- fbi->screen_size = size;
- fbi->fix.smem_len = size;
Can we keep proper initialization of 'smem_len'? Some userland applications use it for calculating the size for mmap:
http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/fbdevhw/fbdevhw.c?i...
return 0; }
Basically, this patch breaks the xf86-video-fbdev ddx and some users are already unhappy.
On Fri, Jun 20, 2014 at 7:59 AM, Siarhei Siamashka siarhei.siamashka@gmail.com wrote:
On Fri, 4 Apr 2014 17:22:01 +0800 Daniel Kurtz djkurtz@chromium.org wrote:
Kernel access to the eyxnos fbdev framebuffer is via its gem object's kernel mapping (kvaddr, stored in info->screen_base).
User space access is provided by mmap(), read() and write() of /dev/fb/fb0. These functions also only use screen_base/screen_size().
Therefore, it is not necessary to set fix->smem_{start,len} or fix->mmio_{start,len} fields.
This avoids leaking kernel, physical and dma mapped addresses to user space via the ioctls FBIOGET_VSCREENINFO and FBIOGET_FSCREENINFO.
Signed-off-by: Daniel Kurtz djkurtz@chromium.org
drivers/gpu/drm/exynos/exynos_drm_fbdev.c | 7 ------- 1 file changed, 7 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c index 5fa342e..2dcc589 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_fbdev.c +++ b/drivers/gpu/drm/exynos/exynos_drm_fbdev.c @@ -123,14 +123,7 @@ static int exynos_drm_fbdev_update(struct drm_fb_helper *helper,
dev->mode_config.fb_base = (resource_size_t)buffer->dma_addr; fbi->screen_base = buffer->kvaddr + offset;
if (is_drm_iommu_supported(dev))fbi->fix.smem_start = (unsigned long)(page_to_phys(sg_page(buffer->sgt->sgl)) + offset);elsefbi->fix.smem_start = (unsigned long)buffer->dma_addr;fbi->screen_size = size;fbi->fix.smem_len = size;Can we keep proper initialization of 'smem_len'? Some userland applications use it for calculating the size for mmap:
http://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/fbdevhw/fbdevhw.c?id=xorg-server-1.15.99.903#n571return 0;}
Basically, this patch breaks the xf86-video-fbdev ddx and some users are already unhappy.
I'm so sorry this patch broke things for some users. Can you upload a patch to correct it? I'll happily review it.
-djk
-- Best regards, Siarhei Siamashka
dri-devel@lists.freedesktop.org
-
Daniel Kurtz -
Siarhei Siamashka