fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-01-01 00:10:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

xwayland: Stop relying on event_id being a valid pointer

Browse source 
On traditional 32-bit and 64-bit architectures, uint64_t can be abused
to hold a uintptr_t and be cast back to a valid pointer. However, on
CHERI, and thus Arm's Morello prototype, pointers are capabilities,
which contain a traditional address alongside additional metadata,
including a tag bit that ensures it cannot be forged (the only way to
get a capability with the tag bit set is by using instructions that take
in another valid capability with sufficient bounds/permissions/etc for
the request, and any other operation, like overwriting individual bytes
in memory, will give a capability whose tag is clear). Casting a pointer
to a uintptr_t is fine as uintptr_t is represented as a capability, but
casting to a uint64_t yields just the address, losing the metadata and
tag. Thus, when cast back to a uintptr_t, the capability remains invalid
and faults on any attempt to dereference.

As with various other places in the tree, address this by searching for
the pointer in a list so that we no longer rely on this undefined
behaviour.

Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
(cherry picked from commit bfe8f54924)
This commit is contained in:
Jessica Clarke 2022-12-05 19:50:41 +00:00 committed by Olivier Fourdan
parent 74ecd7752c
commit 30dc81f4f5
1 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
hw/xwayland/xwayland-present.c
View file

@ -84,9 +84,16 @@ xwl_present_window_get_priv(WindowPtr window)
}
static struct xwl_present_event *
xwl_present_event_from_id(uint64_t event_id)
xwl_present_event_from_id(WindowPtr present_window, uint64_t event_id)
{
return (struct xwl_present_event*)(uintptr_t)event_id;
present_window_priv_ptr window_priv = present_get_window_priv(present_window, TRUE);
struct xwl_present_event *event;
xorg_list_for_each_entry(event, &window_priv->vblank, vblank.window_list) {
if (event->vblank.event_id == event_id)
return event;
}
return NULL;
}
static struct xwl_present_event *
@ -546,7 +553,12 @@ xwl_present_queue_vblank(ScreenPtr screen,
{
struct xwl_present_window *xwl_present_window = xwl_present_window_get_priv(present_window);
struct xwl_window *xwl_window = xwl_window_from_window(present_window);
struct xwl_present_event *event = xwl_present_event_from_id(event_id);
struct xwl_present_event *event = xwl_present_event_from_id(present_window, event_id);
if (!event) {
ErrorF("present: Error getting event\n");
return BadImplementation;
}
event->vblank.exec_msc = msc;