diff options
| author | Alistair Strachan <alistair.strachan@imgtec.com> | 2012-06-14 10:26:48 +0100 | 
|---|---|---|
| committer | Android Partner Code Review <android-gerrit-partner@google.com> | 2012-06-14 21:39:59 -0700 | 
| commit | cc92b070b828b739cb5653407f8d22ca04762de2 (patch) | |
| tree | 60f2bfe50d795f4efca2e4f8b7f832d2ba85aa16 | |
| parent | 5a7b9539f5c1a9bb35131014907929a2da3fa723 (diff) | |
| download | kernel_samsung_crespo-cc92b070b828b739cb5653407f8d22ca04762de2.zip kernel_samsung_crespo-cc92b070b828b739cb5653407f8d22ca04762de2.tar.gz kernel_samsung_crespo-cc92b070b828b739cb5653407f8d22ca04762de2.tar.bz2 | |
gpu: pvr: Intentionally leak SGX MMU PTs.
When page tables would normally be freed, leak them instead.
This experiment is to try to prove a distinction between a use-after-free
type bug and another driver corrupting our page tables. At the point the
asserts go off, we don't expect the page to have been freed yet. So it
should contain only valid PTEs. If however the PT is being used after
free, it might contain junk from other kernel drivers. If we don't free
the PTs, the latter should never happen.
Change-Id: I3046bb81896ed6ae4ea1f2de19a62a0e5e89e063
| -rw-r--r-- | drivers/gpu/pvr/sgx/mmu.c | 7 | 
1 files changed, 5 insertions, 2 deletions
| diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c index c069bd8..75dc436 100644 --- a/drivers/gpu/pvr/sgx/mmu.c +++ b/drivers/gpu/pvr/sgx/mmu.c @@ -689,14 +689,17 @@ _FreePageTableMemory (MMU_HEAP *pMMUHeap, MMU_PT_INFO *psPTInfoList)  	if(pMMUHeap->psDevArena->psDeviceMemoryHeapInfo->psLocalDevMemArena == IMG_NULL)  	{ -		  		MakeKernelPageReadWrite(psPTInfoList->PTPageCpuVAddr); -		 +#if 0  		OSFreePages(PVRSRV_HAP_WRITECOMBINE | PVRSRV_HAP_KERNEL_ONLY,  					  pMMUHeap->ui32PTSize,  					  psPTInfoList->PTPageCpuVAddr,  					  psPTInfoList->hPTPageOSMemHandle); +#else +		OSMemSet(psPTInfoList->PTPageCpuVAddr, 0, pMMUHeap->ui32PTSize); +		MakeKernelPageReadOnly(psPTInfoList->PTPageCpuVAddr); +#endif  	}  	else  	{ | 
