[Intel-gfx] [PATCH] drm/i915: Introduce mapping of user pages into video memory (userptr) ioctl

Tvrtko Ursulin tvrtko.ursulin at linux.intel.com
Mon Feb 3 16:28:37 CET 2014


On 01/29/2014 08:34 PM, Daniel Vetter wrote:
> Actually I've found something else to complain about:
>
> On Tue, Jan 28, 2014 at 2:16 PM, Chris Wilson <chris at chris-wilson.co.uk> wrote:
>> +#define I915_USERPTR_READ_ONLY 0x1
>
> This smells like an insta-root-exploit:
> 1. mmap /lib/ld-linux.so as read-only
> 2. userptr bind that mmap'ed area as READ_ONLY
> 3. blit exploit code over it
> 4. profit
>
> I also don't see a way we could fix this, at least without the
> hardware providing read-only modes in the ptes. Which also requires us
> to actually trust it to follow them, even when they exists ...

Would disallowing mapping of shared pages help and be acceptable 
considering intended use cases?

Tvrtko



More information about the Intel-gfx mailing list