frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xwayland: Stop relying on event_id being a valid pointer 

On traditional 32-bit and 64-bit architectures, uint64_t can be abused
to hold a uintptr_t and be cast back to a valid pointer. However, on
CHERI, and thus Arm's Morello prototype, pointers are capabilities,
which contain a traditional address alongside additional metadata,
including a tag bit that ensures it cannot be forged (the only way to
get a capability with the tag bit set is by using instructions that take
in another valid capability with sufficient bounds/permissions/etc for
the request, and any other operation, like overwriting individual bytes
in memory, will give a capability whose tag is clear). Casting a pointer
to a uintptr_t is fine as uintptr_t is represented as a capability, but
casting to a uint64_t yields just the address, losing the metadata and
tag. Thus, when cast back to a uintptr_t, the capability remains invalid
and faults on any attempt to dereference.

As with various other places in the tree, address this by searching for
the pointer in a list so that we no longer rely on this undefined
behaviour.

Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
This commit is contained in:
Jessica Clarke 2022-12-05 19:50:41 +00:00 committed by Olivier Fourdan
parent 42d2d9c1d4
commit bfe8f54924
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hw/xwayland/xwayland-present.c
View File

@ -84,9 +84,16 @@ xwl_present_window_get_priv(WindowPtr window)
} }
static struct xwl_present_event * static struct xwl_present_event *
xwl_present_event_from_id(uint64_t event_id) xwl_present_event_from_id(WindowPtr present_window, uint64_t event_id)
{ {
return (struct xwl_present_event*)(uintptr_t)event_id; present_window_priv_ptr window_priv = present_get_window_priv(present_window, TRUE);
struct xwl_present_event *event;
xorg_list_for_each_entry(event, &window_priv->vblank, vblank.window_list) {
if (event->vblank.event_id == event_id)
return event;
}
return NULL;
} }
static struct xwl_present_event * static struct xwl_present_event *
@ -546,7 +553,12 @@ xwl_present_queue_vblank(ScreenPtr screen,
{ {
struct xwl_present_window *xwl_present_window = xwl_present_window_get_priv(present_window); struct xwl_present_window *xwl_present_window = xwl_present_window_get_priv(present_window);
struct xwl_window *xwl_window = xwl_window_from_window(present_window); struct xwl_window *xwl_window = xwl_window_from_window(present_window);
struct xwl_present_event *event = xwl_present_event_from_id(event_id); struct xwl_present_event *event = xwl_present_event_from_id(present_window, event_id);
if (!event) {
ErrorF("present: Error getting event\n");
return BadImplementation;
}
event->vblank.exec_msc = msc; event->vblank.exec_msc = msc;