[Intel-gfx] [PATCH 11/13] drm/i915: Prevent mmap access through the GTT of snooped pages
Chris Wilson
chris at chris-wilson.co.uk
Thu Apr 14 11:03:45 CEST 2011
The docs have a dire warning not to attempt to access snooped (the old
style of cache sharing on pre-SandyBridge chipsets) pages through the GTT.
Prevent userspace from doing so by sending them a SIGBUS if they try.
[Now it is possible with a bit of extra complexity to map the snooped
CPU page into the vma and return that through i915_gem_fault() instead.
The question is: is it simpler to do that workaround in the kernel than
it is to do it in userspace?]
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
---
drivers/gpu/drm/i915/i915_gem.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index dd2dc9d..1f57f99 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -1211,6 +1211,16 @@ int i915_gem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
trace_i915_gem_object_fault(obj, page_offset, true, write);
+ /* The docs warn of dire consequences if we try to write to a snooped
+ * page through the GTT. So kill the driver/app early with a SIGBUS.
+ */
+ if (INTEL_INFO(dev)->gen < 6 && obj->cache_level != I915_CACHE_NONE) {
+ DRM_DEBUG("Attempting to read a snooped page through the GTT, "
+ "this is illegal on pre-SandyBridge chipsets.\n");
+ ret = -EINVAL;
+ goto unlock;
+ }
+
/* Now bind it into the GTT if needed */
if (!obj->map_and_fenceable) {
ret = i915_gem_object_unbind(obj);
--
1.7.4.1
More information about the Intel-gfx
mailing list