bsd-core/drm_drv.c | 2 +-
bsd-core/drm_fops.c | 2 +-
bsd-core/drm_lock.c | 10 ++++------
debian/changelog | 20 ++++++++++++++++++++
debian/control | 15 ++++++++-------
debian/control.modules.in | 2 +-
libdrm/intel/intel_bufmgr_fake.c | 17 +++++++++--------
libdrm/intel/intel_bufmgr_gem.c | 2 +-
shared-core/i915_dma.c | 2 +-
9 files changed, 46 insertions(+), 26 deletions(-)
New commits:
commit 815c43bece7c32708d91c1f8f8dad708aa790a44
Author: Chris Lamb <[EMAIL PROTECTED]>
Date: Mon Oct 27 01:39:52 2008 +0000
Add ${misc:Depends} to libdrm-dev package dependencies.
Signed-off-by: Chris Lamb <[EMAIL PROTECTED]>
diff --git a/debian/changelog b/debian/changelog
index 5620109..03a2f01 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,7 @@ drm-snapshot (2.3.1+git+20081027+1d930fc-1) experimental;
urgency=low
installation failure now that /usr/share/modass is in drm-modules-source
instead of libdrm2. (Closes: #503154)
* Add reference to "rendering" on short descriptions. (Closes: #503192)
+ * Add ${misc:Depends} to libdrm-dev package dependencies.
-- Chris Lamb <[EMAIL PROTECTED]> Mon, 27 Oct 2008 01:03:23 +0000
diff --git a/debian/control b/debian/control
index 0c1467b..2ab90ab 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Vcs-Browser:
http://git.debian.org/?=pkg-xorg/lib/drm-snapshot.git
Package: libdrm-dev
Section: libdevel
Architecture: any
-Depends: libdrm2 (= ${binary:Version})
+Depends: libdrm2 (= ${binary:Version}), ${misc:Depends}
Description: Userspace interface to kernel rendering services (snapshot) --
dev files
This library implements the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portion
commit 8e7b62676f2c0b4a3099d5afcd3929c19474b937
Author: Chris Lamb <[EMAIL PROTECTED]>
Date: Mon Oct 27 01:36:48 2008 +0000
Add reference to "rendering" on short descriptions. (Closes: #503192)
Signed-off-by: Chris Lamb <[EMAIL PROTECTED]>
diff --git a/debian/changelog b/debian/changelog
index 0e5a8f6..5620109 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,7 @@ drm-snapshot (2.3.1+git+20081027+1d930fc-1) experimental;
urgency=low
* drm-modules-source: Add versioned Replaces on libdrm2 to prevent
installation failure now that /usr/share/modass is in drm-modules-source
instead of libdrm2. (Closes: #503154)
+ * Add reference to "rendering" on short descriptions. (Closes: #503192)
-- Chris Lamb <[EMAIL PROTECTED]> Mon, 27 Oct 2008 01:03:23 +0000
diff --git a/debian/control b/debian/control
index 808f4cb..0c1467b 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Package: libdrm-dev
Section: libdevel
Architecture: any
Depends: libdrm2 (= ${binary:Version})
-Description: Userspace interface to kernel DRM services (Development snapshot)
-- dev files
+Description: Userspace interface to kernel rendering services (snapshot) --
dev files
This library implements the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portion
of the "Direct Rendering Infrastructure" (DRI). The DRI is currently used on
@@ -29,7 +29,7 @@ Package: libdrm2
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: Userspace interface to kernel DRM services (Development snapshot)
-- runtime
+Description: Userspace interface to kernel rendering services (snapshot) --
runtime
This library implements the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portion
of the "Direct Rendering Infrastructure" (DRI). The DRI is currently used on
@@ -46,7 +46,7 @@ Section: libdevel
Priority: extra
Architecture: any
Depends: libdrm2 (= ${binary:Version}), ${misc:Depends}
-Description: Userspace interface to kernel DRM services (snapshot) --
debugging symbols
+Description: Userspace interface to kernel rendering services (snapshot) --
debug symbols
This library implements the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portion
of the "Direct Rendering Infrastructure" (DRI). The DRI is currently used on
@@ -62,7 +62,7 @@ Package: libdrm-intel1
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
-Description: Userspace interface to intel-specific kernel DRM services --
runtime
+Description: Userspace interface to Intel-specific kernel rendering services
-- runtime
This library implements the userspace interface to the intel-specific kernel
DRM services. DRM stands for "Direct Rendering Manager", which is the
kernelspace portion of the "Direct Rendering Infrastructure" (DRI). The DRI is
@@ -77,7 +77,7 @@ Section: libdevel
Priority: extra
Architecture: any
Depends: libdrm-intel1 (= ${binary:Version}), ${misc:Depends}
-Description: Userspace interface to intel-specific kernel DRM services --
debugging symbols
+Description: Userspace interface to Intel-specific kernel rendering --
debugging symbols
This library implements the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portion
of the "Direct Rendering Infrastructure" (DRI). The DRI is currently used on
@@ -94,7 +94,7 @@ Architecture: all
Depends: debhelper (>= 7), quilt, make, git-core, module-assistant,
${misc:Depends}
Suggests: kernel-package, linux-headers | linux-source
Replaces: libdrm2 (<= 2.3.1+git+20081015+458e2d5-1)
-Description: Source for the drm kernel modules
+Description: Source for the DRM kernel rendering modules
This package provides the source code for the DRM kernel modules. The DRM
library requires these kernel modules for correct operation.
.
diff --git a/debian/control.modules.in b/debian/control.modules.in
index a8c511b..fa7f491 100644
--- a/debian/control.modules.in
+++ b/debian/control.modules.in
@@ -9,7 +9,7 @@ Standards-Version: 3.8.0
Package: drm-modules-_KVERS_
Architecture: any
Provides: drm-modules, linux-nouveau-modules
-Description: DRM modules for Linux (kernel _KVERS_).
+Description: DRM rendering modules for Linux (kernel _KVERS_).
This package provides the source code for the DRM kernel modules. The DRM
library requires these kernel modules for correct operation.
.
commit 95e41995411ce6727da7ca4210d9d8c74575501f
Author: Chris Lamb <[EMAIL PROTECTED]>
Date: Mon Oct 27 01:14:57 2008 +0000
drm-modules-source: Add versioned Replaces on libdrm2
Signed-off-by: Chris Lamb <[EMAIL PROTECTED]>
diff --git a/debian/changelog b/debian/changelog
index d3084a0..0e5a8f6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,9 @@ drm-snapshot (2.3.1+git+20081027+1d930fc-1) experimental;
urgency=low
to lockup.
- a59ea02... intel: ioctl is not defined to return -errno
- 769197c... intel: avoid deadlock in intel_bufmgr_fake.
+ * drm-modules-source: Add versioned Replaces on libdrm2 to prevent
+ installation failure now that /usr/share/modass is in drm-modules-source
+ instead of libdrm2. (Closes: #503154)
-- Chris Lamb <[EMAIL PROTECTED]> Mon, 27 Oct 2008 01:03:23 +0000
diff --git a/debian/control b/debian/control
index 65f7696..808f4cb 100644
--- a/debian/control
+++ b/debian/control
@@ -93,6 +93,7 @@ Package: drm-modules-source
Architecture: all
Depends: debhelper (>= 7), quilt, make, git-core, module-assistant,
${misc:Depends}
Suggests: kernel-package, linux-headers | linux-source
+Replaces: libdrm2 (<= 2.3.1+git+20081015+458e2d5-1)
Description: Source for the drm kernel modules
This package provides the source code for the DRM kernel modules. The DRM
library requires these kernel modules for correct operation.
commit 9eeb483a44949dcb8cc0606b9dd4eb2e8fc9786b
Author: Chris Lamb <[EMAIL PROTECTED]>
Date: Mon Oct 27 01:04:59 2008 +0000
New upstream snapshot (1d930fc..)
Signed-off-by: Chris Lamb <[EMAIL PROTECTED]>
diff --git a/debian/changelog b/debian/changelog
index 0024445..d3084a0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+drm-snapshot (2.3.1+git+20081027+1d930fc-1) experimental; urgency=low
+
+ * New upstream snapshot:
+ - 1d930fc... drm/i915: fix ioremap of a user address for non-root
+ (CVE-2008-3831)
+ - b7d54b1... intel: Also total child_size of the target_bos. Partial fix
+ #17964.
+ - 8256c34... [FreeBSD] We should use dev2unit() rather than minor()
+ - 7dbeb18... [FreeBSD] This check isn't correct and causes at least mga
+ to lockup.
+ - a59ea02... intel: ioctl is not defined to return -errno
+ - 769197c... intel: avoid deadlock in intel_bufmgr_fake.
+
+ -- Chris Lamb <[EMAIL PROTECTED]> Mon, 27 Oct 2008 01:03:23 +0000
+
drm-snapshot (2.3.1+git+20081015+458e2d5-1) experimental; urgency=low
[ Julien Cristau ]
commit 1d930fc75b99a89fc77d35d8f95f2877cfd5d7f0
Author: Matthias Hopf <[EMAIL PROTECTED]>
Date: Sat Oct 25 12:11:44 2008 -0400
drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)
Olaf Kirch noticed that the i915_set_status_page() function of the i915
kernel driver calls ioremap with an address offset that is supplied by
userspace via ioctl. The function zeroes the mapped memory via memset
and tells the hardware about the address. Turns out that access to that
ioctl is not restricted to root so users could probably exploit that to
do nasty things. We haven't tried to write actual exploit code though.
It only affects the Intel G33 series and newer.
diff --git a/shared-core/i915_dma.c b/shared-core/i915_dma.c
index 619e6ac..93bfcba 100644
--- a/shared-core/i915_dma.c
+++ b/shared-core/i915_dma.c
@@ -1225,7 +1225,7 @@ struct drm_ioctl_desc i915_ioctls[] = {
DRM_IOCTL_DEF(DRM_I915_GET_VBLANK_PIPE, i915_vblank_pipe_get, DRM_AUTH
),
DRM_IOCTL_DEF(DRM_I915_VBLANK_SWAP, i915_vblank_swap, DRM_AUTH),
DRM_IOCTL_DEF(DRM_I915_MMIO, i915_mmio, DRM_AUTH),
- DRM_IOCTL_DEF(DRM_I915_HWS_ADDR, i915_set_status_page, DRM_AUTH),
+ DRM_IOCTL_DEF(DRM_I915_HWS_ADDR, i915_set_status_page,
DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
#ifdef I915_HAVE_BUFFER
DRM_IOCTL_DEF(DRM_I915_EXECBUFFER, i915_execbuffer, DRM_AUTH),
#endif
commit b7d54b1dba8eba24da1b9cdd2116a26b98365b81
Author: Xiang, Haihao <[EMAIL PROTECTED]>
Date: Fri Oct 24 16:35:00 2008 +0800
intel: Also total child_size of the target_bos. Partial fix #17964.
diff --git a/libdrm/intel/intel_bufmgr_fake.c b/libdrm/intel/intel_bufmgr_fake.c
index c82ce5a..c9545b3 100644
--- a/libdrm/intel/intel_bufmgr_fake.c
+++ b/libdrm/intel/intel_bufmgr_fake.c
@@ -1193,9 +1193,10 @@ dri_fake_emit_reloc(dri_bo *reloc_buf,
dri_fake_bo_reference_locked(target_buf);
- if (!target_fake->is_static)
+ if (!target_fake->is_static) {
reloc_fake->child_size += ALIGN(target_buf->size,
target_fake->alignment);
-
+ reloc_fake->child_size += target_fake->child_size;
+ }
r->target_buf = target_buf;
r->offset = offset;
r->last_target_offset = target_buf->offset;
commit 8256c347cc80db0371b40b34ee8a163908d50079
Author: Robert Noland <[EMAIL PROTECTED]>
Date: Thu Oct 23 15:46:32 2008 -0400
[FreeBSD] We should use dev2unit() rather than minor()
diff --git a/bsd-core/drm_drv.c b/bsd-core/drm_drv.c
index 725e5a9..afcad19 100644
--- a/bsd-core/drm_drv.c
+++ b/bsd-core/drm_drv.c
@@ -534,7 +534,7 @@ int drm_open(struct cdev *kdev, int flags, int fmt,
DRM_STRUCTPROC *p)
struct drm_device *dev = NULL;
int retcode = 0;
- dev = DRIVER_SOFTC(minor(kdev));
+ dev = DRIVER_SOFTC(dev2unit(kdev));
DRM_DEBUG("open_count = %d\n", dev->open_count);
diff --git a/bsd-core/drm_fops.c b/bsd-core/drm_fops.c
index c6a8d19..e4cf846 100644
--- a/bsd-core/drm_fops.c
+++ b/bsd-core/drm_fops.c
@@ -41,7 +41,7 @@ int drm_open_helper(struct cdev *kdev, int flags, int fmt,
DRM_STRUCTPROC *p,
struct drm_device *dev)
{
struct drm_file *priv;
- int m = minor(kdev);
+ int m = dev2unit(kdev);
int retcode;
if (flags & O_EXCL)
commit 7dbeb18777a4dc1e7eb3c6bc4da3e72456afc8fc
Author: Robert Noland <[EMAIL PROTECTED]>
Date: Thu Oct 23 15:42:49 2008 -0400
[FreeBSD] This check isn't correct and causes at least mga to lockup.
diff --git a/bsd-core/drm_lock.c b/bsd-core/drm_lock.c
index 685b0ea..dec7281 100644
--- a/bsd-core/drm_lock.c
+++ b/bsd-core/drm_lock.c
@@ -102,17 +102,15 @@ int drm_unlock(struct drm_device *dev, void *data, struct
drm_file *file_priv)
{
struct drm_lock *lock = data;
+ DRM_DEBUG("%d (pid %d) requests unlock (0x%08x), flags = 0x%08x\n",
+ lock->context, DRM_CURRENTPID, dev->lock.hw_lock->lock,
+ lock->flags);
+
if (lock->context == DRM_KERNEL_CONTEXT) {
DRM_ERROR("Process %d using kernel context %d\n",
DRM_CURRENTPID, lock->context);
return EINVAL;
}
- /* Check that the context unlock being requested actually matches
- * who currently holds the lock.
- */
- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock) ||
- _DRM_LOCKING_CONTEXT(dev->lock.hw_lock->lock) != lock->context)
- return EINVAL;
DRM_SPINLOCK(&dev->tsk_lock);
if (dev->locked_task_call != NULL) {
commit a59ea02ff839fa0801763a90beb8b232b933c746
Author: Keith Packard <[EMAIL PROTECTED]>
Date: Thu Oct 16 21:15:01 2008 -0700
intel: ioctl is not defined to return -errno
Don't count on ioctl returning -errno; use errno directly.
Signed-off-by: Keith Packard <[EMAIL PROTECTED]>
Signed-off-by: Eric Anholt <[EMAIL PROTECTED]>
diff --git a/libdrm/intel/intel_bufmgr_gem.c b/libdrm/intel/intel_bufmgr_gem.c
index 33853c4..081eb2a 100644
--- a/libdrm/intel/intel_bufmgr_gem.c
+++ b/libdrm/intel/intel_bufmgr_gem.c
@@ -790,7 +790,7 @@ dri_gem_bo_exec(dri_bo *bo, int used,
do {
ret = ioctl(bufmgr_gem->fd, DRM_IOCTL_I915_GEM_EXECBUFFER, &execbuf);
- } while (ret == -EAGAIN);
+ } while (ret != 0 && errno == EAGAIN);
intel_update_buffer_offsets (bufmgr_gem);
commit 769197c8f16eaf3c0a476a4459e535afd4a939cb
Author: Xiang, Haihao <[EMAIL PROTECTED]>
Date: Thu Oct 16 10:37:30 2008 +0800
intel: avoid deadlock in intel_bufmgr_fake.
diff --git a/libdrm/intel/intel_bufmgr_fake.c b/libdrm/intel/intel_bufmgr_fake.c
index 8e476c4..c82ce5a 100644
--- a/libdrm/intel/intel_bufmgr_fake.c
+++ b/libdrm/intel/intel_bufmgr_fake.c
@@ -1053,12 +1053,10 @@ dri_fake_bo_unmap(dri_bo *bo)
}
static void
-dri_fake_kick_all(dri_bufmgr_fake *bufmgr_fake)
+dri_fake_kick_all_locked(dri_bufmgr_fake *bufmgr_fake)
{
struct block *block, *tmp;
- pthread_mutex_lock(&bufmgr_fake->lock);
-
bufmgr_fake->performed_rendering = 0;
/* okay for ever BO that is on the HW kick it off.
seriously not afraid of the POLICE right now */
@@ -1073,7 +1071,6 @@ dri_fake_kick_all(dri_bufmgr_fake *bufmgr_fake)
bo_fake->dirty = 1;
}
- pthread_mutex_unlock(&bufmgr_fake->lock);
}
static int
@@ -1358,7 +1355,7 @@ dri_fake_bo_exec(dri_bo *bo, int used,
if (bufmgr_fake->fail == 1) {
if (retry_count == 0) {
retry_count++;
- dri_fake_kick_all(bufmgr_fake);
+ dri_fake_kick_all_locked(bufmgr_fake);
bufmgr_fake->fail = 0;
goto restart;
} else /* dump out the memory here */
@@ -1369,8 +1366,10 @@ dri_fake_bo_exec(dri_bo *bo, int used,
if (bufmgr_fake->exec != NULL) {
int ret = bufmgr_fake->exec(bo, used, bufmgr_fake->exec_priv);
- if (ret != 0)
+ if (ret != 0) {
+ pthread_mutex_unlock(&bufmgr_fake->lock);
return ret;
+ }
} else {
batch.start = bo->offset;
batch.used = used;
@@ -1382,6 +1381,7 @@ dri_fake_bo_exec(dri_bo *bo, int used,
if (drmCommandWrite(bufmgr_fake->fd, DRM_I915_BATCHBUFFER, &batch,
sizeof(batch))) {
drmMsg("DRM_I915_BATCHBUFFER: %d\n", -errno);
+ pthread_mutex_unlock(&bufmgr_fake->lock);
return -errno;
}
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
