[Intel-gfx] [PATCH] drm/i915: Introduce mapping of user pages into video memory (userptr) ioctl
Daniel Vetter
daniel at ffwll.ch
Wed Jan 29 21:34:42 CET 2014
Actually I've found something else to complain about:
On Tue, Jan 28, 2014 at 2:16 PM, Chris Wilson <chris at chris-wilson.co.uk> wrote:
> +#define I915_USERPTR_READ_ONLY 0x1
This smells like an insta-root-exploit:
1. mmap /lib/ld-linux.so as read-only
2. userptr bind that mmap'ed area as READ_ONLY
3. blit exploit code over it
4. profit
I also don't see a way we could fix this, at least without the
hardware providing read-only modes in the ptes. Which also requires us
to actually trust it to follow them, even when they exists ...
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
More information about the Intel-gfx
mailing list