From 38e0a542fc4283db99c280dc02200a1055250101 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Fri, 21 Nov 2008 18:50:01 +0100 Subject: [PATCH 1/8] int10: Do an mprotect(..,PROT_EXEC) on shmat()ed memory ranges. When the linux kernel sets the NX bit vm86 segfaults when it tries to execute code in memory that is not marked EXEC. Such code gets called whenever we return from a VBIOS call to signal the calling program that the call is actually finished and that we are not trapping for other reasons (like IO accesses). Use mprotect(2) to set these memory ranges PROT_EXEC. (cherry picked from commit a9e20306fbe3262602f21b876a52a1ef38cdf20a) --- hw/xfree86/os-support/linux/int10/linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hw/xfree86/os-support/linux/int10/linux.c b/hw/xfree86/os-support/linux/int10/linux.c index 9e2c6199c..23061ba15 100644 --- a/hw/xfree86/os-support/linux/int10/linux.c +++ b/hw/xfree86/os-support/linux/int10/linux.c @@ -1,6 +1,6 @@ /* * linux specific part of the int10 module - * Copyright 1999, 2000, 2001, 2002, 2003, 2004 Egbert Eich + * Copyright 1999, 2000, 2001, 2002, 2003, 2004, 2008 Egbert Eich */ #ifdef HAVE_XORG_CONFIG_H #include @@ -357,7 +357,10 @@ MapCurrentInt10(xf86Int10InfoPtr pInt) "shmat(low_mem) error: %s\n",strerror(errno)); return FALSE; } - + if (mprotect((void*)0, V_RAM, PROT_READ|PROT_WRITE|PROT_EXEC) != 0) + xf86DrvMsg(pInt->scrnIndex, X_ERROR, + "Cannot set EXEC bit on low memory: %s\n", strerror(errno)); + if (((linuxInt10Priv*)pInt->private)->highMem >= 0) { addr = shmat(((linuxInt10Priv*)pInt->private)->highMem, (char*)HIGH_MEM, 0); @@ -368,6 +371,11 @@ MapCurrentInt10(xf86Int10InfoPtr pInt) "shmget error: %s\n",strerror(errno)); return FALSE; } + if (mprotect((void*)HIGH_MEM, HIGH_MEM_SIZE, + PROT_READ|PROT_WRITE|PROT_EXEC) != 0) + xf86DrvMsg(pInt->scrnIndex, X_ERROR, + "Cannot set EXEC bit on high memory: %s\n", + strerror(errno)); } else { if ((fd = open(DEV_MEM, O_RDWR, 0)) >= 0) { if (mmap((void *)(V_BIOS), SYS_BIOS - V_BIOS, From 8e1ee573b3b7844b74dd6290dbc5f90caaad2528 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Fri, 7 Nov 2008 18:36:00 +0100 Subject: [PATCH 2/8] mi: Fix infinite loop on regen when swrast_dri.so is missing The swrast DRI provider gets pushed on the glx provider stack at every server generation, so the stack turns into a circular list on regen. X.Org bug#18388 (cherry picked from commit d3d6be4948fa19947fd3b03e6694247109cc0ffb) --- mi/miinitext.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mi/miinitext.c b/mi/miinitext.c index 55faec333..4f252d41f 100644 --- a/mi/miinitext.c +++ b/mi/miinitext.c @@ -661,7 +661,8 @@ InitExtensions(argc, argv) #endif #ifdef GLXEXT - GlxPushProvider(&__glXDRISWRastProvider); + if (serverGeneration == 1) + GlxPushProvider(&__glXDRISWRastProvider); if (!noGlxExtension) GlxExtensionInit(); #endif } From bfe5a1349930a854e232b971459de3d65bab8fef Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Fri, 7 Nov 2008 17:36:38 +0100 Subject: [PATCH 3/8] xfree86: xf86SetDepthBpp needs to respect the driver's depth24flags When setting the depth to 24, leave bpp unset so the logic to pick a supported value is used instead of ignoring the driver's preference and forcing 32 bpp. (cherry picked from commit 991c88b7542164194be73573e7644164416ea90c) --- hw/xfree86/common/xf86Helper.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hw/xfree86/common/xf86Helper.c b/hw/xfree86/common/xf86Helper.c index 282eb49f9..d72a359e1 100644 --- a/hw/xfree86/common/xf86Helper.c +++ b/hw/xfree86/common/xf86Helper.c @@ -448,10 +448,6 @@ xf86AddPixFormat(ScrnInfoPtr pScrn, int depth, int bpp, int pad) #define GLOBAL_DEFAULT_DEPTH 24 #endif -#ifndef GLOBAL_DEFAULT_FBBPP -#define GLOBAL_DEFAULT_FBBPP 32 -#endif - _X_EXPORT Bool xf86SetDepthBpp(ScrnInfoPtr scrp, int depth, int dummy, int fbbpp, int depth24flags) @@ -529,7 +525,6 @@ xf86SetDepthBpp(ScrnInfoPtr scrp, int depth, int dummy, int fbbpp, if (depth > 0) scrp->depth = depth; } else { - scrp->bitsPerPixel = GLOBAL_DEFAULT_FBBPP; scrp->depth = GLOBAL_DEFAULT_DEPTH; } } From 244e960bb0997eb96374899d1ecaefa865f1013d Mon Sep 17 00:00:00 2001 From: Luc Verhaegen Date: Fri, 7 Nov 2008 19:11:11 +0100 Subject: [PATCH 4/8] XAA PixmapOps: Sync before accessing unwrapped callbacks. When using any XAAPixmapOps, we call into unknown but freshly unwrapped callbacks (like fb ones). Unlike the XAA*Fallback calls, we did so without syncing first, exposing us to all kinds of synchronisation issues. I believe that the rendering errors appeared now because *PaintWindow vanished (e4d11e58), and we just use miPaintWindow instead. This takes a less direct route to the hw and ends up at PolyFillRectPixmap, which very often left drawing artifacts. We now sync accordingly, and no longer get the rendering artifacts i was methodically reproducing on radeonhd, radeon, unichrome... Also, in order to allow driver authors to remove extensive syncing or flushing to hide this issue, create XAA_VERSION_ defines, put them in xaa.h and bump the patchlevel. (novell bug #435791) (cherry picked from commit 59f9fb4b8c031df69b3592a26b77e744ff4a556e) --- hw/xfree86/xaa/xaa.h | 4 ++++ hw/xfree86/xaa/xaaInitAccel.c | 4 +++- hw/xfree86/xaa/xaawrap.h | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/hw/xfree86/xaa/xaa.h b/hw/xfree86/xaa/xaa.h index 1dc7ed2d5..d6ccc31e2 100644 --- a/hw/xfree86/xaa/xaa.h +++ b/hw/xfree86/xaa/xaa.h @@ -2,6 +2,10 @@ #ifndef _XAA_H #define _XAA_H +#define XAA_VERSION_MAJOR 1 +#define XAA_VERSION_MINOR 2 +#define XAA_VERSION_RELEASE 1 + /* ******** OPERATION SPECIFIC FLAGS ********* diff --git a/hw/xfree86/xaa/xaaInitAccel.c b/hw/xfree86/xaa/xaaInitAccel.c index 00483e3ed..7ca1f45a4 100644 --- a/hw/xfree86/xaa/xaaInitAccel.c +++ b/hw/xfree86/xaa/xaaInitAccel.c @@ -103,7 +103,9 @@ static XF86ModuleVersionInfo xaaVersRec = MODINFOSTRING1, MODINFOSTRING2, XORG_VERSION_CURRENT, - 1, 2, 0, + XAA_VERSION_MAJOR, + XAA_VERSION_MINOR, + XAA_VERSION_RELEASE, ABI_CLASS_VIDEODRV, /* requires the video driver ABI */ ABI_VIDEODRV_VERSION, MOD_CLASS_NONE, diff --git a/hw/xfree86/xaa/xaawrap.h b/hw/xfree86/xaa/xaawrap.h index 38c97d70b..857dbc3ed 100644 --- a/hw/xfree86/xaa/xaawrap.h +++ b/hw/xfree86/xaa/xaawrap.h @@ -48,8 +48,8 @@ XAAPixmapPtr pixPriv = XAA_GET_PIXMAP_PRIVATE((PixmapPtr)(pDraw));\ GCFuncs *oldFuncs = pGC->funcs;\ pGC->funcs = pGCPriv->wrapFuncs;\ - pGC->ops = pGCPriv->wrapOps - + pGC->ops = pGCPriv->wrapOps; \ + SYNC_CHECK(pGC) #define XAA_PIXMAP_OP_EPILOGUE(pGC)\ pGCPriv->wrapOps = pGC->ops;\ From 1e3f8913c58150a8cb38134dcbe2ba8b81cad4c6 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Wed, 5 Nov 2008 18:25:57 -0800 Subject: [PATCH 5/8] Use OsSignal in Popen/Pclose to avoid SysV signal() stupidity (cherry picked from commit c9051b684b524549eab6d5b88ee3e195a6f6fbe8) --- os/utils.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/os/utils.c b/os/utils.c index f58c76366..7fc2029f7 100644 --- a/os/utils.c +++ b/os/utils.c @@ -1702,7 +1702,7 @@ static struct pid { int pid; } *pidlist; -void (*old_alarm)(int) = NULL; /* XXX horrible awful hack */ +OsSigHandlerPtr old_alarm = NULL; /* XXX horrible awful hack */ pointer Popen(char *command, char *type) @@ -1726,7 +1726,7 @@ Popen(char *command, char *type) } /* Ignore the smart scheduler while this is going on */ - old_alarm = signal(SIGALRM, SIG_IGN); + old_alarm = OsSignal(SIGALRM, SIG_IGN); if (old_alarm == SIG_ERR) { perror("signal"); return NULL; @@ -1737,7 +1737,7 @@ Popen(char *command, char *type) close(pdes[0]); close(pdes[1]); xfree(cur); - if (signal(SIGALRM, old_alarm) == SIG_ERR) + if (OsSignal(SIGALRM, old_alarm) == SIG_ERR) perror("signal"); return NULL; case 0: /* child */ @@ -1914,7 +1914,7 @@ Pclose(pointer iop) /* allow EINTR again */ OsReleaseSignals (); - if (old_alarm && signal(SIGALRM, old_alarm) == SIG_ERR) { + if (old_alarm && OsSignal(SIGALRM, old_alarm) == SIG_ERR) { perror("signal"); return -1; } From cd15136dc129a7aa7d40ca327708c4e887f5eb9d Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Wed, 5 Nov 2008 14:52:29 -0800 Subject: [PATCH 6/8] Non-Linux OS'es should default to kbd driver, not now-dead keyboard driver (cherry picked from commit d63ea510138c8b6de66184c78cda39ed9981fc1f) --- config/x11-input.fdi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/x11-input.fdi b/config/x11-input.fdi index f2e2d50ab..6c4a1e325 100644 --- a/config/x11-input.fdi +++ b/config/x11-input.fdi @@ -64,8 +64,8 @@ base - keyboard + kbd otherwise). --> + kbd pc105 From 336df75f12ff9ba1d210f24285a8d5f54341001d Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Mon, 17 Nov 2008 10:24:39 +1000 Subject: [PATCH 7/8] EXA: avoid copy operations if no boxes in use Simple fix for now, I'm sure damage shouldn't be calling us with nbox = 0. (cherry picked from commit 8f8a9c19ad58768b07461a3f4bccea98f7c4f958) --- exa/exa_accel.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/exa/exa_accel.c b/exa/exa_accel.c index 3ec96253d..5b33ef78a 100644 --- a/exa/exa_accel.c +++ b/exa/exa_accel.c @@ -398,6 +398,10 @@ exaCopyNtoN (DrawablePtr pSrcDrawable, RegionPtr srcregion = NULL, dstregion = NULL; xRectangle *rects; + /* avoid doing copy operations if no boxes */ + if (nbox == 0) + return; + pSrcPixmap = exaGetDrawablePixmap (pSrcDrawable); pDstPixmap = exaGetDrawablePixmap (pDstDrawable); From 4970d757a7364c1d2fb4db4e404e88e8ad989ddb Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Fri, 28 Nov 2008 14:55:15 +1000 Subject: [PATCH 8/8] xkb: Extra sanity checks to prevent dev->key == NULL dereferencing. (cherry picked from commit 95fc59a199f99bf167fbb09297a9bb0e33e31869) --- xkb/xkbEvents.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c index 49725d065..36084cc02 100644 --- a/xkb/xkbEvents.c +++ b/xkb/xkbEvents.c @@ -109,7 +109,7 @@ Time time; register CARD16 changed,bState; interest = kbd->xkb_interest; - if (!interest) + if (!interest || !kbd->key || !kbd->key->xkbInfo) return; xkbi = kbd->key->xkbInfo; state= &xkbi->state; @@ -168,6 +168,9 @@ XkbSrvInfoPtr xkbi; unsigned time = 0,initialized; CARD16 changed; + if (!kbd->key || !kbd->key->xkbInfo) + return; + xkbi = kbd->key->xkbInfo; initialized= 0; @@ -291,7 +294,7 @@ XkbInterestPtr interest; Time time = 0; interest = kbd->xkb_interest; - if (!interest) + if (!interest || !kbd->key || !kbd->key->xkbInfo) return; xkbi = kbd->key->xkbInfo; @@ -401,6 +404,9 @@ CARD16 pitch,duration; Time time = 0; XID winID = 0; + if (!kbd->key || !kbd->key->xkbInfo) + return; + xkbi = kbd->key->xkbInfo; if ((force||(xkbi->desc->ctrls->enabled_ctrls&XkbAudibleBellMask))&& @@ -616,11 +622,12 @@ XkbSrvInfoPtr xkbi; XkbInterestPtr interest; Time time = 0; - xkbi = kbd->key->xkbInfo; interest = kbd->xkb_interest; - if (!interest) + if (!interest || !kbd->key || !kbd->key->xkbInfo) return; + xkbi = kbd->key->xkbInfo; + initialized = 0; pEv->mods= xkbi->state.mods; pEv->group= xkbi->state.group; @@ -996,6 +1003,10 @@ unsigned long autoCtrls,autoValues; ClientPtr client = NULL; found= False; + + if (!dev->key || !dev->key->xkbInfo) + return found; + autoCtrls= autoValues= 0; if ( dev->xkb_interest ) { interest = dev->xkb_interest;