[Mesa-dev] [PATCH] svga: add missing padding to SVGA3dSize
Sinclair Yeh
syeh at vmware.com
Fri Feb 20 10:18:23 PST 2015
On Fri, Feb 20, 2015 at 09:22:20AM +0000, Van Der Wath, DanielX J wrote:
> From: Daniel van der Wath <danielx.j.van.der.wath at intel.com>
>
> The kernel side equivalent of struct SVGA3dSize (struct drm_vmw_size) has an
> extra padding word that SVGA3dSize lacks. This was causing data to be written
> past the end of "size" in vmw_drm_surface_from_handle(), corrupting other data
The drm_vmw_* types are used to exchange data with the VMW DRM so none of the
DRM IOCTL functions, e.g. drmCommandWriteRead(), should be using the SVGA3d*
types.
In vmw_drm_surface_from_handle(), "size" is of type "struct drm_vmw_size",
and is being used here: rep->size_addr = (unsigned long)&size, to call
drmCommandWriteRead(). So there shouldn't be a user/kernel mismatch here.
At which point during this function do you see handle being over written?
Also, which version of MESA are you seeing this on?
I'll see if I can see this on my end.
> and in this case leading to Weston being unable to render anything on screen.
> ---
> src/gallium/drivers/svga/include/svga3d_types.h | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/gallium/drivers/svga/include/svga3d_types.h b/src/gallium/drivers/svga/include/svga3d_types.h
> index fc4a6b9..3ce6814 100644
> --- a/src/gallium/drivers/svga/include/svga3d_types.h
> +++ b/src/gallium/drivers/svga/include/svga3d_types.h
> @@ -1280,6 +1280,7 @@ struct {
> uint32 width;
> uint32 height;
> uint32 depth;
> + uint32 pad64;
> }
> #include "vmware_pack_end.h"
> SVGA3dSize;
> --
> 1.7.11.7
>
More information about the mesa-dev
mailing list