[Intel-gfx] [PATCH] drm/i915: Introduce mapping of user pages into video memory (userptr) ioctl
Chris Wilson
chris at chris-wilson.co.uk
Wed Jan 29 22:52:44 CET 2014
On Wed, Jan 29, 2014 at 09:34:42PM +0100, Daniel Vetter wrote:
> Actually I've found something else to complain about:
>
> On Tue, Jan 28, 2014 at 2:16 PM, Chris Wilson <chris at chris-wilson.co.uk> wrote:
> > +#define I915_USERPTR_READ_ONLY 0x1
>
> This smells like an insta-root-exploit:
> 1. mmap /lib/ld-linux.so as read-only
> 2. userptr bind that mmap'ed area as READ_ONLY
> 3. blit exploit code over it
> 4. profit
>
> I also don't see a way we could fix this, at least without the
> hardware providing read-only modes in the ptes. Which also requires us
> to actually trust it to follow them, even when they exists ...
Allow it for root only code then, unless we can expose it on supported
hw ;-)
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
More information about the Intel-gfx
mailing list