OpenBSD Journal

s2k15 Hackathon Report: Jonathan Gray on X Graphic Acceleration Improvements, afl fuzzer

Contributed by pitrh on from the now to really display those cockatoos dept.

Our third report from the s2k15 hackathon comes from Jonathan Gray (jsg@):

During the recent s2k15 hackathon in Brisbane I made another attempt to get acceleration working on newer Southern Islands/Graphics Core Next Radeon parts. As there is no traditional EXA acceleration provided by the xf86-video-ati driver for these the only option is glamor. Glamor used to be an external library but is now distributed as part of the Xorg X server. It works by creating an EGL context and provides OpenGL based 2D acceleration.

A new requirement of glamor after it was integrated into the X server is the "libepoxy" library that abstracts dealing with the function pointers in OpenGL, OpenGLES and EGL. As libepoxy has a build time requirement on python it can't be built in xenocara with a simple wrapper Makefile. So I wrote a simple build system for libepoxy that only requires python to regenerate some files when updating the version of libepoxy.

The X server with glamor enabled does not compile when the DRI3 proto is not installed. Patches were made to glamor and related parts of the X server to build correctly with "--enable-glamor" in xenocara's Makefile.bsd-wrapper. To make use of the glamor integrated in the X server a currently uncommitted update to xf86-video-ati 7.5.0 was made locally, with the configure arguments modified to build with glamor. This in turn required a libdrm update, so I updated libdrm in xenocara to version 2.4.59 which was later committed.

With all of these changes on a "Northern Islands" Radeon opting into glamor acceleration the X session loads but does not paint correctly. Many parts of the screen are black when they shouldn't be. As attempts to make further progress weren't getting anywhere at this point I started looking into other things. Southern Islands Radeons are also a bit different in that ioctl submitted command streams are required to make use of the device's own virtual memory ("GPU VM"). It is possible that even with glamor working on older R600 class Radeons more work may be needed to make Southern Islands and later Radeons work.

As schwarze@ fixed some previously reported crashes found with the American Fuzzy Lop (afl) fuzzer I made another afl run with the updated code, with crashes triaged by comparing gdb backtraces and then the results were sent back to Ingo. xsetroot and the xbm parsing libraries were fuzzed by converting one of the sample afl images to xbm. This resulted in the root window of the test machine displaying tiled images of hello kitty in various forms of corruption much to the amusement of blambert@. sudo's parsing of /etc/sudoers was also fuzzed by patching sudo to take an argument to specify it's file path. Neither of these two runs turned up any problems though they were by no means complete in code coverage. I committed a fix to ksh for a crash previously found with afl where unwinding multiple errors could result in a use after free due to the use of long jumps. Various problems cppcheck pointed out were also fixed. Some memory leaks in ssh error paths, fd leaks in ldomctl error paths. A problem in systat's pf view was found were modulate states were displayed as "Syn" instead of synproxy states being displayed as "Syn".

Towards the end of the hackathon some work was done to continue to minimise the difference between OpenBSD's drm code and the original Linux code from which it is derived. Initially when porting the Intel drm code calls to external kernel functions were directly converted, static removed to gain symbol names in ddb, functions changed to have types on a separate line and things generally adapted to look less alien to the rest of the kernel. While porting the radeon drm code Mark Kettenis and I decided to start making use of macros and functions to mimic kernel interfaces the drm code expected to deal with. During s2k15 nearly all of the locking calls switched back to how they looked originally along with the various memory barrier calls. Mark renamed the struct device member of inteldrm's softc to sc_dev so the drm device struct could change name from drmdev to dev. These changes should hopefully make it easier to pull in newer drm code in future.

It was great to catch up with everyone in the same room and timezone again. Thanks to the OpenBSD foundation for funding the accommodation and to dlg@, jmatthew@ and friends at UQ for organising and hosting the hackathon and explaining strange Queensland oddities like bush turkeys which seem convinced the best place to build a giant nest is on a footpath.

Thanks for the report, Jonathan! Now we know a bit more about what will be on that next CD set. And you heard the man: The OpenBSD Foundation helped make this happen.

(Comments are closed)

  1. By tbert (tbert) blambert@ on

    II was mostly amused that he was trying to pretend that that's not the background he has at home.

    1. By Stefan Sperling (stsp) on

      > II was mostly amused that he was trying to pretend that that's not the background he has at home.

      I just now got a very inspirational idea regarding wallpapering that bare room in your new place, Bret!


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]