RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-21 17:05:11 +00:00
Code Issues Activity Actions
37460 commits 1 branch 0 tags 227 MiB
Commit graph

4 commits

Author SHA1 Message Date
Sahan Fernando
8601f74d5f Kernel: Fix crash when opening GPU3DDevice without creating a context 2022-03-18 12:56:35 +03:30
Brian Gianforcaro
c0ed656c94 Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..) 
This code attempts to copy the `Protocol::Resource3DSpecification`
struct into request, starting at `Protocol::ResourceCreate3D::target`
member of the `Protocol::ResourceCreate3D` struct.

The problem is that the `Protocol::Resource3DSpecification` struct
does not having the trailing `u32 padding` that the `ResourceCreate3D`
struct has. Leading to memcopy overrunning the struct and corrupting
32 bits of data trailing the struct.

Found by SonarCloud:
 - Memory copy function overflows the destination buffer.
 2022-03-14 22:30:22 +01:00
Sahan Fernando
683de841e5 Kernel: Sandbox each GPU3DDevice file description into own host context 2022-03-14 17:38:18 +03:30
Sahan Fernando
fd6a536c60 Kernel: Implement basic VirGL device 
This commit flips VirtIOGPU back to using a Mutex for its operation
lock (instead of a spinlock). This is necessary for avoiding a few
system hangs when queuing actions on the driver from multiple
processes, which becomes much more of an issue when using VirGL from
multiple userspace process.

This does result in a few code paths where we inevitably have to grab
a mutex from inside a spinlock, the only way to fix both issues is to
move to issuing asynchronous virtio gpu commands.
 2022-03-09 14:58:48 +03:30