[PATCH xf86-video-ati 0/6] Harden against other DRM masters
Michel Dänzer
michel at daenzer.net
Mon Aug 28 09:23:37 UTC 2017
From: Michel Dänzer <michel.daenzer at amd.com>
While our VT is inactive, so we aren't DRM master, other processes can
become DRM master. A DRM master can access any KMS framebuffer (FB) by
guessing its handle (in practice, it should be easy to find all existing
FBs by brute-forcing through a relatively small number of handles).
This series makes us destroy all FBs created by this driver before
leaving our VT, except for an all-black one created especially for this
purpose. This closes a long-standing potential information leak, which
was made worse by reference-counting the FBs we create.
Patches 1-4 are preparatory. The meat is in patch 5. Patch 6 removes a
function which is no longer used with patch 5.
Michel Dänzer (6):
Create radeon_pixmap_clear helper
Create drmmode_set_mode helper
Create radeon_pixmap_get_fb_ptr helper
Create radeon_master_screen helper
Make all active CRTCs scan out an all-black framebuffer in LeaveVT
Remove drmmode_scanout_free
src/drmmode_display.c | 112 +++++++++++++++++++++++--------------------------
src/drmmode_display.h | 8 +++-
src/radeon.h | 67 ++++++++++++++++-------------
src/radeon_bo_helper.c | 21 ++++++++++
src/radeon_bo_helper.h | 3 ++
src/radeon_kms.c | 98 ++++++++++++++++++++++++++++++++++++++++---
6 files changed, 214 insertions(+), 95 deletions(-)
--
2.14.1
More information about the amd-gfx
mailing list