diff options
author | Alistair Strachan <alistair.strachan@imgtec.com> | 2012-06-14 22:41:52 -0700 |
---|---|---|
committer | JP Abgrall <jpa@google.com> | 2012-06-14 22:42:18 -0700 |
commit | ce3815df4836c1f8e10f7a71213b4d2d7615c496 (patch) | |
tree | 0121157401454281ad8441c2a592ff900c4af2c5 /drivers | |
parent | 0e96457f9a5ed033769a06c14653994f8e28ed1e (diff) | |
download | kernel_samsung_crespo-ce3815df4836c1f8e10f7a71213b4d2d7615c496.zip kernel_samsung_crespo-ce3815df4836c1f8e10f7a71213b4d2d7615c496.tar.gz kernel_samsung_crespo-ce3815df4836c1f8e10f7a71213b4d2d7615c496.tar.bz2 |
gpu: pvr: Intentionally leak SGX MMU PTs.
When page tables would normally be freed, leak them instead.
This experiment is to try to prove a distinction between a use-after-free
type bug and another driver corrupting our page tables. At the point the
asserts go off, we don't expect the page to have been freed yet. So it
should contain only valid PTEs. If however the PT is being used after
free, it might contain junk from other kernel drivers. If we don't free
the PTs, the latter should never happen.
Change-Id: I69714cfd0ee81adb9a60a996d11e8373e209dfa9
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/gpu/pvr/sgx/mmu.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c index 825ed84..0847312 100644 --- a/drivers/gpu/pvr/sgx/mmu.c +++ b/drivers/gpu/pvr/sgx/mmu.c @@ -698,14 +698,17 @@ _FreePageTableMemory (MMU_HEAP *pMMUHeap, MMU_PT_INFO *psPTInfoList) if(pMMUHeap->psDevArena->psDeviceMemoryHeapInfo->psLocalDevMemArena == IMG_NULL) { - MakeKernelPageReadWrite(psPTInfoList->PTPageCpuVAddr); - +#if 0 OSFreePages(PVRSRV_HAP_WRITECOMBINE | PVRSRV_HAP_KERNEL_ONLY, pMMUHeap->ui32PTSize, psPTInfoList->PTPageCpuVAddr, psPTInfoList->hPTPageOSMemHandle); +#else + OSMemSet(psPTInfoList->PTPageCpuVAddr, 0, pMMUHeap->ui32PTSize); + MakeKernelPageReadOnly(psPTInfoList->PTPageCpuVAddr); +#endif } else { |