Page MenuHomeFreeBSD
Differential D18516

Remove dead code from radeonkms.
ClosedPublic
Actions

Authored by markj on Dec 11 2018, 8:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 6:10 PM
Unknown Object (File)
Mon, Nov 18, 3:30 AM
Unknown Object (File)
Sun, Nov 17, 6:25 PM
Unknown Object (File)
Oct 14 2024, 5:55 PM
Unknown Object (File)
Oct 11 2024, 9:13 PM
Unknown Object (File)
Oct 5 2024, 8:52 AM
Unknown Object (File)
Sep 19 2024, 7:21 PM
Unknown Object (File)
Sep 10 2024, 1:28 PM
View All 56 Files
Subscribers
imp

Details

Reviewers
dumbbell
Commits
rS342182: Remove UMS support code from radeonkms.
Summary

This is effectively the closure of the ioctl handler table in
radeon_cp.c. That ioctl table is unused (we use the radeon_kms ioctl
table instead), so there is no way for any of the functions referenced
by the table to be called.

This was motivated by a report of an integer overflow vulnerability in
r600_cp_dispatch_texture() (the multiplication of tex->height and
tex->pitch, which are user-controlled). However, I believe the code
in question cannot get invoked.

Test Plan

I verified that radeonkms.ko still loads (i.e., no missing symbols).

Initially, my test was to simply comment out the radeon_ioctls[] table
and kldload, verifying that the ioctl handlers are indeed dead code.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Dec 11 2018, 8:21 PM
Harbormaster completed remote builds in B21499: Diff 51871.Dec 11 2018, 8:21 PM
markj edited the summary of this revision. (Show Details)Dec 11 2018, 8:24 PM
markj edited the test plan for this revision. (Show Details)
markj added a reviewer: dumbbell.
dumbbell requested changes to this revision.Dec 17 2018, 8:17 AM

Hi!

I suppose the int2float() function comes from one of the removed file, is that right? If yes, could you please add a comment indicating the initial source filename?

This revision now requires changes to proceed.Dec 17 2018, 8:17 AM
markj updated this revision to Diff 52109.Dec 17 2018, 4:27 PM
  • Add comment indicating the origin of int2float().
Harbormaster completed remote builds in B21610: Diff 52109.Dec 17 2018, 4:27 PM
markj added a comment.Dec 17 2018, 4:29 PM
In D18516#396189, @dumbbell wrote:

Hi!

I suppose the int2float() function comes from one of the removed file, is that right? If yes, could you please add a comment indicating the initial source filename?

Indeed, r600_blit.c. I added a comment.

dumbbell accepted this revision.Dec 17 2018, 4:33 PM
This revision is now accepted and ready to land.Dec 17 2018, 4:33 PM
Closed by commit rS342182: Remove UMS support code from radeonkms. (authored by markj). · Explain WhyDec 17 2018, 9:48 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: imp. · View Herald TranscriptDec 17 2018, 9:48 PM

Revision Contents
Changeset List

PathSize
head/
sys/
dev/
drm2/
radeon/
1185 lines
876 lines
33 lines
2676 lines
148 lines
2250 lines
329 lines
81 lines
3262 lines
modules/
drm2/
radeonkms/
11 lines

Diff 52131

View Options

head/sys/dev/drm2/radeon/r300_cmdbuf.c

Loading...
View Options

head/sys/dev/drm2/radeon/r600_blit.c

Loading...
View Options

head/sys/dev/drm2/radeon/r600_blit_kms.c

Loading...
View Options

head/sys/dev/drm2/radeon/r600_cp.c

Loading...
View Options

head/sys/dev/drm2/radeon/r600_cs.c

Loading...
View Options

head/sys/dev/drm2/radeon/radeon_cp.c

Loading...
View Options

head/sys/dev/drm2/radeon/radeon_ioc32.c

Loading...
View Options

head/sys/dev/drm2/radeon/radeon_irq.c

Loading...
View Options

head/sys/dev/drm2/radeon/radeon_state.c

Loading...
View Options

head/sys/modules/drm2/radeonkms/Makefile

Loading...