aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/gpu/pvr
diff options
context:
space:
mode:
authorAlistair Strachan <alistair.strachan@imgtec.com>2012-06-14 10:26:48 +0100
committerAndroid Partner Code Review <android-gerrit-partner@google.com>2012-06-14 21:39:59 -0700
commitcc92b070b828b739cb5653407f8d22ca04762de2 (patch)
tree60f2bfe50d795f4efca2e4f8b7f832d2ba85aa16 /drivers/gpu/pvr
parent5a7b9539f5c1a9bb35131014907929a2da3fa723 (diff)
downloadkernel_samsung_crespo-cc92b070b828b739cb5653407f8d22ca04762de2.zip
kernel_samsung_crespo-cc92b070b828b739cb5653407f8d22ca04762de2.tar.gz
kernel_samsung_crespo-cc92b070b828b739cb5653407f8d22ca04762de2.tar.bz2
gpu: pvr: Intentionally leak SGX MMU PTs.
When page tables would normally be freed, leak them instead. This experiment is to try to prove a distinction between a use-after-free type bug and another driver corrupting our page tables. At the point the asserts go off, we don't expect the page to have been freed yet. So it should contain only valid PTEs. If however the PT is being used after free, it might contain junk from other kernel drivers. If we don't free the PTs, the latter should never happen. Change-Id: I3046bb81896ed6ae4ea1f2de19a62a0e5e89e063
Diffstat (limited to 'drivers/gpu/pvr')
-rw-r--r--drivers/gpu/pvr/sgx/mmu.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c
index c069bd8..75dc436 100644
--- a/drivers/gpu/pvr/sgx/mmu.c
+++ b/drivers/gpu/pvr/sgx/mmu.c
@@ -689,14 +689,17 @@ _FreePageTableMemory (MMU_HEAP *pMMUHeap, MMU_PT_INFO *psPTInfoList)
if(pMMUHeap->psDevArena->psDeviceMemoryHeapInfo->psLocalDevMemArena == IMG_NULL)
{
-
MakeKernelPageReadWrite(psPTInfoList->PTPageCpuVAddr);
-
+#if 0
OSFreePages(PVRSRV_HAP_WRITECOMBINE | PVRSRV_HAP_KERNEL_ONLY,
pMMUHeap->ui32PTSize,
psPTInfoList->PTPageCpuVAddr,
psPTInfoList->hPTPageOSMemHandle);
+#else
+ OSMemSet(psPTInfoList->PTPageCpuVAddr, 0, pMMUHeap->ui32PTSize);
+ MakeKernelPageReadOnly(psPTInfoList->PTPageCpuVAddr);
+#endif
}
else
{