[Intel-gfx] [PATCH] drm/i915: Add OACONTROL to the command parser register whitelist.
Jesse Barnes
jbarnes at virtuousgeek.org
Fri May 16 21:53:30 CEST 2014
On Fri, 16 May 2014 12:34:08 -0700
Jesse Barnes <jbarnes at virtuousgeek.org> wrote:
> On Fri, 16 May 2014 20:20:50 +0100
> Chris Wilson <chris at chris-wilson.co.uk> wrote:
> > Yes, X only sets the secure bit when it pokes the display registers, and
> > those registers should be privileged even with a cmd parser in place
> > (which they are).
> >
> > Daniel's argument presumes that we haven't been patching out the
> > cmd parser all this time anyway.
>
> Yeah I know we have some perf issues as it is; it would be nice if the
> overhead were so minimal that it didn't matter. But just on principle,
> scanning secure buffers seems wrong, and I'm trying to understand why
> Daniel would want it.
Ok Daniel explained on IRC that we actually have a special whitelist
for the secure batch case. The idea is to allow a DRM_MASTER to submit
secure batches, but still prevent a local root exploit. I suppose that
means preventing access to most commands and registers, but allowing a
few extra things like wait events and display register updates.
I suppose it's not entirely unreasonable, but it does add complexity to
the scanner and overhead to all users; not sure it's worth it.
--
Jesse Barnes, Intel Open Source Technology Center
More information about the Intel-gfx
mailing list