From Brian Paul
02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc in mainline Mesa
"A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
creating shared memory regions with permission mode 0777 could allow
any user to access that memory. Several Mesa drivers use shared-
memory XImages to implement back buffers for improved performance.
This path changes the shmget() calls to use 0600 (user r/w).
Tested with legacy Xlib driver and llvmpipe."
The intel driver can be used with inteldrm on ivy bridge or newer.
The radeon driver only works with amdgpu not radeondrm.
As we can't use python in xenocara add phony targets to create the
same output as python scripts which create json files for the loader.
This is just the ICDs, to use vulkan the loader and additional ports
are required.
ok mpi@ on an earlier version. Changed to call shm_unlink()
directly after shm_mkstemp() as suggested by kettenis@
avoid a text relocation fixing the build with lld.
This time store the address of the GOT in ebx as required before calling
the PLT stub and change .balign value to match X86_ENTRY_SIZE as suggested
by naddy.
ok naddy@
Mesa 18.x needs an ld with build-id for at least the intel code
Mesa 18.2 assumes linux only memfd syscalls in intel code
Tested by matthieu@, kettenis@ and myself on a variety of hardware and
architectures. ok kettenis@
Corruption has again been reported on Intel hardware running Xorg with
the modesetting driver (which uses OpenGL based acceleration instead of
SNA acceleration the intel driver defaults to).
Reported in various forms on Sandy Bridge (X220), Ivy Bridge (X230) and
Haswell (X240). Confirmed to not occur with the intel driver but the
xserver was changed to default to the modesetting driver on >= gen4
hardware (except Ironlake).
One means of triggering this is to open a large pdf with xpdf on an
idle machine and highlight a section of the document.
There have been reports of gpu hangs on gen4 intel hardware
(T500 with GM45, X61 with 965GM) when starting Xorg as well.
After a cvs import timestamps change which triggers rules that attempt
to call python to regenerate files. When python is not found this
generates empty files that override those from the distfile, breaking
the build.
When building inside xenocara python is never found as the pkg paths
are not searched.
gets used if allocating W|X memory fails, which is probably a bit slower.
However, that is much better than commit a W^X violation which currently
gets you killed.
ok jca@
