[Intel-gfx] [PATCH 11/13] drm/i915: Prevent mmap access through the GTT of snooped pages

Chris Wilson chris at chris-wilson.co.uk
Thu Apr 14 11:03:45 CEST 2011


The docs have a dire warning not to attempt to access snooped (the old
style of cache sharing on pre-SandyBridge chipsets) pages through the GTT.
Prevent userspace from doing so by sending them a SIGBUS if they try.

[Now it is possible with a bit of extra complexity to map the snooped
CPU page into the vma and return that through i915_gem_fault() instead.
The question is: is it simpler to do that workaround in the kernel than
it is to do it in userspace?]

Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
---
 drivers/gpu/drm/i915/i915_gem.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index dd2dc9d..1f57f99 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -1211,6 +1211,16 @@ int i915_gem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
 
 	trace_i915_gem_object_fault(obj, page_offset, true, write);
 
+	/* The docs warn of dire consequences if we try to write to a snooped
+	 * page through the GTT. So kill the driver/app early with a SIGBUS.
+	 */
+	if (INTEL_INFO(dev)->gen < 6 && obj->cache_level != I915_CACHE_NONE) {
+		DRM_DEBUG("Attempting to read a snooped page through the GTT, "
+			  "this is illegal on pre-SandyBridge chipsets.\n");
+		ret = -EINVAL;
+		goto unlock;
+	}
+
 	/* Now bind it into the GTT if needed */
 	if (!obj->map_and_fenceable) {
 		ret = i915_gem_object_unbind(obj);
-- 
1.7.4.1




More information about the Intel-gfx mailing list