From ce3815df4836c1f8e10f7a71213b4d2d7615c496 Mon Sep 17 00:00:00 2001 From: Alistair Strachan Date: Thu, 14 Jun 2012 22:41:52 -0700 Subject: gpu: pvr: Intentionally leak SGX MMU PTs. When page tables would normally be freed, leak them instead. This experiment is to try to prove a distinction between a use-after-free type bug and another driver corrupting our page tables. At the point the asserts go off, we don't expect the page to have been freed yet. So it should contain only valid PTEs. If however the PT is being used after free, it might contain junk from other kernel drivers. If we don't free the PTs, the latter should never happen. Change-Id: I69714cfd0ee81adb9a60a996d11e8373e209dfa9 --- drivers/gpu/pvr/sgx/mmu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'drivers/gpu') diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c index 825ed84..0847312 100644 --- a/drivers/gpu/pvr/sgx/mmu.c +++ b/drivers/gpu/pvr/sgx/mmu.c @@ -698,14 +698,17 @@ _FreePageTableMemory (MMU_HEAP *pMMUHeap, MMU_PT_INFO *psPTInfoList) if(pMMUHeap->psDevArena->psDeviceMemoryHeapInfo->psLocalDevMemArena == IMG_NULL) { - MakeKernelPageReadWrite(psPTInfoList->PTPageCpuVAddr); - +#if 0 OSFreePages(PVRSRV_HAP_WRITECOMBINE | PVRSRV_HAP_KERNEL_ONLY, pMMUHeap->ui32PTSize, psPTInfoList->PTPageCpuVAddr, psPTInfoList->hPTPageOSMemHandle); +#else + OSMemSet(psPTInfoList->PTPageCpuVAddr, 0, pMMUHeap->ui32PTSize); + MakeKernelPageReadOnly(psPTInfoList->PTPageCpuVAddr); +#endif } else { -- cgit v1.1