From: Gary Thomas <gary@mlbassoc.com>
To: McClintock Matthew-B29882 <B29882@freescale.com>
Cc: Patches and discussions about the oe-core layer
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH v2] Fix X server on PowerPC when built with GCC 4.7.x
Date: Wed, 16 May 2012 12:36:31 -0600 [thread overview]
Message-ID: <4FB3F3AF.4000204@mlbassoc.com> (raw)
In-Reply-To: <CAEsOVNc1rANV_mYhsBm5u0CJjiryXB=9Lo30b4uSYgAbGiG0MA@mail.gmail.com>
On 2012-05-16 12:29, McClintock Matthew-B29882 wrote:
> Gary,
>
> I'm curious what did you test this on?
An internal platform based on MPC8379 using a PCI graphics + touch screen.
> On Wed, May 16, 2012 at 1:12 PM, Gary Thomas<gary@mlbassoc.com> wrote:
>> Incorporate patch from upstream:
>> http://cgit.freedesktop.org/xorg/xserver/patch/Xext/xace.c?id=6dae7f3792611aace1df0cca63bf50c50d93de43
>> Subject: xace: Invalid reference to out-of-scope data.
>> ---
>> .../fix-bogus-stack-variables.patch | 231 ++++++++++++++++++++
>> .../xorg-xserver/xserver-kdrive_1.7.99.2.bb | 3 +-
>> 2 files changed, 233 insertions(+), 1 deletions(-)
>> create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-kdrive-1.7.99.2/fix-bogus-stack-variables.patch
>>
>> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-kdrive-1.7.99.2/fix-bogus-stack-variables.patch b/meta/recipes-graphics/xorg-xserver/xserver-kdrive-1.7.99.2/fix-bogus-stack-variables.patch
>> new file mode 100644
>> index 0000000..d900fc3
>> --- /dev/null
>> +++ b/meta/recipes-graphics/xorg-xserver/xserver-kdrive-1.7.99.2/fix-bogus-stack-variables.patch
>> @@ -0,0 +1,231 @@
>> +From 6dae7f3792611aace1df0cca63bf50c50d93de43 Mon Sep 17 00:00:00 2001
>> +From: Chris Wilson<chris@chris-wilson.co.uk>
>> +Date: Tue, 10 Aug 2010 18:30:20 +0000
>> +Subject: xace: Invalid reference to out-of-scope data.
>> +
>> +The callback data passed by reference to the hook was allocated on stack
>> +within the scope of the case statement. The compiler is free to reuse
>> +any of that stack space whilst making the function call so we may end up
>> +passing garbage into the callback.
>> +
>> +References:
>> +
>> + Bug 18451 - Xorg server 1.5.2 SEGV during XFixesGetCursorImage()
>> + https://bugs.freedesktop.org/show_bug.cgi?id=18451
>> +
>> +v2: Drop the unrelated hunk that snuck in when ammending the commit
>> +message.
>> +
>> +Signed-off-by: Chris Wilson<chris@chris-wilson.co.uk>
>> +Reviewed-by: Alan Coopersmith<alan.coopersmith@oracle.com>
>> +Signed-off-by: Keith Packard<keithp@keithp.com>
>> +---
>> +(limited to 'Xext/xace.c')
>> +
>> +diff --git a/Xext/xace.c b/Xext/xace.c
>> +index e10d837..c757cad 100644
>> +--- a/Xext/xace.c
>> ++++ b/Xext/xace.c
>> +@@ -87,7 +87,18 @@ void XaceHookAuditEnd(ClientPtr ptr, int result)
>> + */
>> + int XaceHook(int hook, ...)
>> + {
>> +- pointer calldata; /* data passed to callback */
>> ++ union {
>> ++ XaceResourceAccessRec res;
>> ++ XaceDeviceAccessRec dev;
>> ++ XaceSendAccessRec send;
>> ++ XaceReceiveAccessRec recv;
>> ++ XaceClientAccessRec client;
>> ++ XaceExtAccessRec ext;
>> ++ XaceServerAccessRec server;
>> ++ XaceScreenAccessRec screen;
>> ++ XaceAuthAvailRec auth;
>> ++ XaceKeyAvailRec key;
>> ++ } u;
>> + int *prv = NULL; /* points to return value from callback */
>> + va_list ap; /* argument list */
>> + va_start(ap, hook);
>> +@@ -99,117 +110,86 @@ int XaceHook(int hook, ...)
>> + */
>> + switch (hook)
>> + {
>> +- case XACE_RESOURCE_ACCESS: {
>> +- XaceResourceAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.id = va_arg(ap, XID);
>> +- rec.rtype = va_arg(ap, RESTYPE);
>> +- rec.res = va_arg(ap, pointer);
>> +- rec.ptype = va_arg(ap, RESTYPE);
>> +- rec.parent = va_arg(ap, pointer);
>> +- rec.access_mode = va_arg(ap, Mask);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_RESOURCE_ACCESS:
>> ++ u.res.client = va_arg(ap, ClientPtr);
>> ++ u.res.id = va_arg(ap, XID);
>> ++ u.res.rtype = va_arg(ap, RESTYPE);
>> ++ u.res.res = va_arg(ap, pointer);
>> ++ u.res.ptype = va_arg(ap, RESTYPE);
>> ++ u.res.parent = va_arg(ap, pointer);
>> ++ u.res.access_mode = va_arg(ap, Mask);
>> ++ u.res.status = Success; /* default allow */
>> ++ prv =&u.res.status;
>> + break;
>> +- }
>> +- case XACE_DEVICE_ACCESS: {
>> +- XaceDeviceAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.dev = va_arg(ap, DeviceIntPtr);
>> +- rec.access_mode = va_arg(ap, Mask);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_DEVICE_ACCESS:
>> ++ u.dev.client = va_arg(ap, ClientPtr);
>> ++ u.dev.dev = va_arg(ap, DeviceIntPtr);
>> ++ u.dev.access_mode = va_arg(ap, Mask);
>> ++ u.dev.status = Success; /* default allow */
>> ++ prv =&u.dev.status;
>> + break;
>> +- }
>> +- case XACE_SEND_ACCESS: {
>> +- XaceSendAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.dev = va_arg(ap, DeviceIntPtr);
>> +- rec.pWin = va_arg(ap, WindowPtr);
>> +- rec.events = va_arg(ap, xEventPtr);
>> +- rec.count = va_arg(ap, int);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_SEND_ACCESS:
>> ++ u.send.client = va_arg(ap, ClientPtr);
>> ++ u.send.dev = va_arg(ap, DeviceIntPtr);
>> ++ u.send.pWin = va_arg(ap, WindowPtr);
>> ++ u.send.events = va_arg(ap, xEventPtr);
>> ++ u.send.count = va_arg(ap, int);
>> ++ u.send.status = Success; /* default allow */
>> ++ prv =&u.send.status;
>> + break;
>> +- }
>> +- case XACE_RECEIVE_ACCESS: {
>> +- XaceReceiveAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.pWin = va_arg(ap, WindowPtr);
>> +- rec.events = va_arg(ap, xEventPtr);
>> +- rec.count = va_arg(ap, int);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_RECEIVE_ACCESS:
>> ++ u.recv.client = va_arg(ap, ClientPtr);
>> ++ u.recv.pWin = va_arg(ap, WindowPtr);
>> ++ u.recv.events = va_arg(ap, xEventPtr);
>> ++ u.recv.count = va_arg(ap, int);
>> ++ u.recv.status = Success; /* default allow */
>> ++ prv =&u.recv.status;
>> + break;
>> +- }
>> +- case XACE_CLIENT_ACCESS: {
>> +- XaceClientAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.target = va_arg(ap, ClientPtr);
>> +- rec.access_mode = va_arg(ap, Mask);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_CLIENT_ACCESS:
>> ++ u.client.client = va_arg(ap, ClientPtr);
>> ++ u.client.target = va_arg(ap, ClientPtr);
>> ++ u.client.access_mode = va_arg(ap, Mask);
>> ++ u.client.status = Success; /* default allow */
>> ++ prv =&u.client.status;
>> + break;
>> +- }
>> +- case XACE_EXT_ACCESS: {
>> +- XaceExtAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.ext = va_arg(ap, ExtensionEntry*);
>> +- rec.access_mode = DixGetAttrAccess;
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_EXT_ACCESS:
>> ++ u.ext.client = va_arg(ap, ClientPtr);
>> ++ u.ext.ext = va_arg(ap, ExtensionEntry*);
>> ++ u.ext.access_mode = DixGetAttrAccess;
>> ++ u.ext.status = Success; /* default allow */
>> ++ prv =&u.ext.status;
>> + break;
>> +- }
>> +- case XACE_SERVER_ACCESS: {
>> +- XaceServerAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.access_mode = va_arg(ap, Mask);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_SERVER_ACCESS:
>> ++ u.server.client = va_arg(ap, ClientPtr);
>> ++ u.server.access_mode = va_arg(ap, Mask);
>> ++ u.server.status = Success; /* default allow */
>> ++ prv =&u.server.status;
>> + break;
>> +- }
>> + case XACE_SCREEN_ACCESS:
>> +- case XACE_SCREENSAVER_ACCESS: {
>> +- XaceScreenAccessRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.screen = va_arg(ap, ScreenPtr);
>> +- rec.access_mode = va_arg(ap, Mask);
>> +- rec.status = Success; /* default allow */
>> +- calldata =&rec;
>> +- prv =&rec.status;
>> ++ case XACE_SCREENSAVER_ACCESS:
>> ++ u.screen.client = va_arg(ap, ClientPtr);
>> ++ u.screen.screen = va_arg(ap, ScreenPtr);
>> ++ u.screen.access_mode = va_arg(ap, Mask);
>> ++ u.screen.status = Success; /* default allow */
>> ++ prv =&u.screen.status;
>> + break;
>> +- }
>> +- case XACE_AUTH_AVAIL: {
>> +- XaceAuthAvailRec rec;
>> +- rec.client = va_arg(ap, ClientPtr);
>> +- rec.authId = va_arg(ap, XID);
>> +- calldata =&rec;
>> ++ case XACE_AUTH_AVAIL:
>> ++ u.auth.client = va_arg(ap, ClientPtr);
>> ++ u.auth.authId = va_arg(ap, XID);
>> + break;
>> +- }
>> +- case XACE_KEY_AVAIL: {
>> +- XaceKeyAvailRec rec;
>> +- rec.event = va_arg(ap, xEventPtr);
>> +- rec.keybd = va_arg(ap, DeviceIntPtr);
>> +- rec.count = va_arg(ap, int);
>> +- calldata =&rec;
>> ++ case XACE_KEY_AVAIL:
>> ++ u.key.event = va_arg(ap, xEventPtr);
>> ++ u.key.keybd = va_arg(ap, DeviceIntPtr);
>> ++ u.key.count = va_arg(ap, int);
>> + break;
>> +- }
>> +- default: {
>> ++ default:
>> + va_end(ap);
>> + return 0; /* unimplemented hook number */
>> +- }
>> + }
>> + va_end(ap);
>> +
>> + /* call callbacks and return result, if any. */
>> +- CallCallbacks(&XaceHooks[hook], calldata);
>> ++ CallCallbacks(&XaceHooks[hook],&u);
>> + return prv ? *prv : Success;
>> + }
>> +
>> +--
>> +cgit v0.9.0.2-2-gbebe
>> diff --git a/meta/recipes-graphics/xorg-xserver/xserver-kdrive_1.7.99.2.bb b/meta/recipes-graphics/xorg-xserver/xserver-kdrive_1.7.99.2.bb
>> index 360a0f3..d90dc25 100644
>> --- a/meta/recipes-graphics/xorg-xserver/xserver-kdrive_1.7.99.2.bb
>> +++ b/meta/recipes-graphics/xorg-xserver/xserver-kdrive_1.7.99.2.bb
>> @@ -7,7 +7,7 @@ RDEPENDS_${PN} += "xkeyboard-config"
>> EXTRA_OECONF += "--disable-glx"
>>
>> PE = "1"
>> -PR = "r29"
>> +PR = "r30"
>>
>> SRC_URI = "${XORG_MIRROR}/individual/xserver/xorg-server-${PV}.tar.bz2 \
>> file://extra-kmodes.patch \
>> @@ -20,6 +20,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/xorg-server-${PV}.tar.bz2 \
>> file://fix-newer-xorg-headers.patch \
>> file://crosscompile.patch \
>> file://error-address-work-around.patch \
>> + file://fix-bogus-stack-variables.patch \
>> file://nodolt.patch"
>> # file://kdrive-evdev.patch
>> # file://kdrive-use-evdev.patch
>> --
>> 1.7.7.6
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
--
------------------------------------------------------------
Gary Thomas | Consulting for the
MLB Associates | Embedded world
------------------------------------------------------------
prev parent reply other threads:[~2012-05-16 18:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-16 18:12 [PATCH v2] Fix X server on PowerPC when built with GCC 4.7.x Gary Thomas
2012-05-16 18:28 ` Saul Wold
2012-05-16 18:30 ` Martin Jansa
2012-05-16 18:29 ` McClintock Matthew-B29882
2012-05-16 18:36 ` Gary Thomas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FB3F3AF.4000204@mlbassoc.com \
--to=gary@mlbassoc.com \
--cc=B29882@freescale.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.