From patchwork Fri Nov 15 15:32:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Wu X-Patchwork-Id: 11246629 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7580E13BD for ; Fri, 15 Nov 2019 15:49:40 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4FD792073A for ; Fri, 15 Nov 2019 15:49:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4FD792073A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lekensteyn.nl Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=intel-gfx-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id C42E06E8FD; Fri, 15 Nov 2019 15:49:39 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org X-Greylist: delayed 1005 seconds by postgrey-1.36 at gabe; Fri, 15 Nov 2019 15:49:36 UTC Received: from mail.lekensteyn.nl (mail.lekensteyn.nl [IPv6:2a02:2308::360:1:25]) by gabe.freedesktop.org (Postfix) with ESMTPS id F1C7C6E902 for ; Fri, 15 Nov 2019 15:49:36 +0000 (UTC) Received: by lekensteyn.nl with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1iVdaY-0006g7-MP; Fri, 15 Nov 2019 16:32:47 +0100 From: Peter Wu To: =?utf-8?b?VmlsbGUgU3lyasOkbMOk?= , Chris Wilson Date: Fri, 15 Nov 2019 16:32:47 +0100 Message-Id: <20191115153247.372989-1-peter@lekensteyn.nl> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Status: No, hits=-0.0 required=5.0 tests=NO_RELAYS=-0.001 autolearn=unavailable autolearn_force=no X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lekensteyn.nl; s=s2048-2015-q1; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From; bh=w/nwO8JZ+MnwVvuCdNrlkjO9VC8WIK3U6NEujoCsXu0=; b=szAEaFRAZK+zKev7j0g4AJx40XsuHJoyYGfp0gYzvzCCz6TBDO3pZAxKmVgMdHPiFPN6QH9+9ufPlDuOW3rwdHNoQhbh+YSqUDc4KqKkQrcq6r2kl1odQDtfgoH4gqtRBcz91oyi4Yz6fKlI1weXhJzzAs2XnZvLaTUivo0Dv903bBkhHKIQQDJUenA2UuvDowC3WSfQwArerdO8d0cxnmRK/8WrjkcOoMWpU1bVNsknvfFPWHf2K+PQte+EijPMbPzsepYINiqLsOBrQ0FSqw4h6ZqEcd54Hnu3220wVkUNU4keTWZJIl4EB1Jy0Id+D5m/zml4mZ/kiJM0cqqKlA==; Subject: [Intel-gfx] [PATCH xf86-video-intel v2] SNA: fix PRIME output support since xserver 1.20 X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: intel-gfx@lists.freedesktop.org Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" Since "Make PixmapDirtyUpdateRec::src a DrawablePtr" in xserver, the "src" pointer might point to the root window (created by the server) instead of a pixmap (as created by xf86-video-intel). Use get_drawable_pixmap to handle both cases. When built with -fsanitize=address, the following test on a hybrid graphics laptop will trigger a heap-buffer-overflow error due to to_sna_from_pixmap receiving a window instead of a pixmap: xrandr --setprovideroutputsource modesetting Intel xrandr --output DP-1-1 --mode 2560x1440 # should not crash glxgears # should display gears on both screens With nouveau instead of modesetting, it does not crash but the external monitor remains blank aside from a mouse cursor. This patch fixes both. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100086 Signed-off-by: Peter Wu Reviewed-by: Ville Syrjälä --- v1: https://lists.freedesktop.org/archives/intel-gfx/2018-August/173522.html v2: rebased on current master (2.99.917-893-gbff5eca4), reworded commit. This patch has been tested at https://bugs.archlinux.org/task/64238, I have additionally tested it with both modesetting and nouveau under ASAN, the modesetting ASAN trace for unpatched intel can be found at: https://bugs.freedesktop.org/show_bug.cgi?id=100086#c24 commit 2.99.917-891-g581ddc5d ("sna: Fix compiler warnings due to DrawablePtr vs. PixmapPtr") incorporated all compiler warning fixes from v1 of this patch, but unfortunately lacks this crucial bugfix. --- src/sna/sna_accel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/sna/sna_accel.c b/src/sna/sna_accel.c index fa386ff6..ee857a14 100644 --- a/src/sna/sna_accel.c +++ b/src/sna/sna_accel.c @@ -17684,10 +17684,10 @@ static void sna_accel_post_damage(struct sna *sna) continue; #ifdef HAS_DIRTYTRACKING_DRAWABLE_SRC - assert(dirty->src->type == DRAWABLE_PIXMAP); + src = get_drawable_pixmap(dirty->src); +#else + src = dirty->src; #endif - - src = (PixmapPtr)dirty->src; dst = dirty->slave_dst->master_pixmap; region.extents.x1 = dirty->x;