aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlistair Strachan <alistair.strachan@imgtec.com>2012-06-14 10:26:48 +0100
committerAndroid Partner Code Review <android-gerrit-partner@google.com>2012-06-14 21:39:59 -0700
commitcc92b070b828b739cb5653407f8d22ca04762de2 (patch)
tree60f2bfe50d795f4efca2e4f8b7f832d2ba85aa16
parent5a7b9539f5c1a9bb35131014907929a2da3fa723 (diff)
downloadkernel_samsung_aries-cc92b070b828b739cb5653407f8d22ca04762de2.zip
kernel_samsung_aries-cc92b070b828b739cb5653407f8d22ca04762de2.tar.gz
kernel_samsung_aries-cc92b070b828b739cb5653407f8d22ca04762de2.tar.bz2
gpu: pvr: Intentionally leak SGX MMU PTs.
When page tables would normally be freed, leak them instead. This experiment is to try to prove a distinction between a use-after-free type bug and another driver corrupting our page tables. At the point the asserts go off, we don't expect the page to have been freed yet. So it should contain only valid PTEs. If however the PT is being used after free, it might contain junk from other kernel drivers. If we don't free the PTs, the latter should never happen. Change-Id: I3046bb81896ed6ae4ea1f2de19a62a0e5e89e063
-rw-r--r--drivers/gpu/pvr/sgx/mmu.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c
index c069bd8..75dc436 100644
--- a/drivers/gpu/pvr/sgx/mmu.c
+++ b/drivers/gpu/pvr/sgx/mmu.c
@@ -689,14 +689,17 @@ _FreePageTableMemory (MMU_HEAP *pMMUHeap, MMU_PT_INFO *psPTInfoList)
if(pMMUHeap->psDevArena->psDeviceMemoryHeapInfo->psLocalDevMemArena == IMG_NULL)
{
-
MakeKernelPageReadWrite(psPTInfoList->PTPageCpuVAddr);
-
+#if 0
OSFreePages(PVRSRV_HAP_WRITECOMBINE | PVRSRV_HAP_KERNEL_ONLY,
pMMUHeap->ui32PTSize,
psPTInfoList->PTPageCpuVAddr,
psPTInfoList->hPTPageOSMemHandle);
+#else
+ OSMemSet(psPTInfoList->PTPageCpuVAddr, 0, pMMUHeap->ui32PTSize);
+ MakeKernelPageReadOnly(psPTInfoList->PTPageCpuVAddr);
+#endif
}
else
{