[PATCH v2] drm: enable render-nodes by default

David Herrmann dh.herrmann at gmail.com
Thu Mar 20 00:36:38 PDT 2014


Hi

On Thu, Mar 20, 2014 at 7:43 AM, Thomas Hellstrom <thomas at shipmail.org> wrote:
> On 03/17/2014 05:43 PM, David Herrmann wrote:
>> We introduced render-nodes about 1/2 year ago and no problems showed up.
>> Remove the drm_rnodes argument and enable them by default now.
>
> So what about the malicious execbuf command stream problem? Do we
> require all drivers that enable
> render-nodes to have a mechanism to prevent this in place?

No, that's no requirement. Render-nodes provide a secure API, if the
underlying driver does no command-stream validation (I guess for
performance-reasons and lack of VM), it's an implementation detail,
not an API. Furthermore, you can always set higher restrictions on the
render-node char-dev in case this bothers you.

Cheers
David


More information about the dri-devel mailing list