diff options
| author | Alistair Strachan <alistair.strachan@imgtec.com> | 2012-06-14 22:41:52 -0700 |
|---|---|---|
| committer | JP Abgrall <jpa@google.com> | 2012-06-14 22:42:18 -0700 |
| commit | ce3815df4836c1f8e10f7a71213b4d2d7615c496 (patch) | |
| tree | 0121157401454281ad8441c2a592ff900c4af2c5 | |
| parent | 0e96457f9a5ed033769a06c14653994f8e28ed1e (diff) | |
| download | samsung-ce3815df4836c1f8e10f7a71213b4d2d7615c496.tar.gz | |
gpu: pvr: Intentionally leak SGX MMU PTs.
When page tables would normally be freed, leak them instead.
This experiment is to try to prove a distinction between a use-after-free
type bug and another driver corrupting our page tables. At the point the
asserts go off, we don't expect the page to have been freed yet. So it
should contain only valid PTEs. If however the PT is being used after
free, it might contain junk from other kernel drivers. If we don't free
the PTs, the latter should never happen.
Change-Id: I69714cfd0ee81adb9a60a996d11e8373e209dfa9
| -rw-r--r-- | drivers/gpu/pvr/sgx/mmu.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/drivers/gpu/pvr/sgx/mmu.c b/drivers/gpu/pvr/sgx/mmu.c index 825ed8472ea..0847312502b 100644 --- a/drivers/gpu/pvr/sgx/mmu.c +++ b/drivers/gpu/pvr/sgx/mmu.c @@ -698,14 +698,17 @@ _FreePageTableMemory (MMU_HEAP *pMMUHeap, MMU_PT_INFO *psPTInfoList) if(pMMUHeap->psDevArena->psDeviceMemoryHeapInfo->psLocalDevMemArena == IMG_NULL) { - MakeKernelPageReadWrite(psPTInfoList->PTPageCpuVAddr); - +#if 0 OSFreePages(PVRSRV_HAP_WRITECOMBINE | PVRSRV_HAP_KERNEL_ONLY, pMMUHeap->ui32PTSize, psPTInfoList->PTPageCpuVAddr, psPTInfoList->hPTPageOSMemHandle); +#else + OSMemSet(psPTInfoList->PTPageCpuVAddr, 0, pMMUHeap->ui32PTSize); + MakeKernelPageReadOnly(psPTInfoList->PTPageCpuVAddr); +#endif } else { |