[Intel-gfx] [PATCH] drm/i915: Add OACONTROL to the command parser register whitelist.

Jesse Barnes jbarnes at virtuousgeek.org
Fri May 16 21:53:30 CEST 2014


On Fri, 16 May 2014 12:34:08 -0700
Jesse Barnes <jbarnes at virtuousgeek.org> wrote:

> On Fri, 16 May 2014 20:20:50 +0100
> Chris Wilson <chris at chris-wilson.co.uk> wrote:
> > Yes, X only sets the secure bit when it pokes the display registers, and
> > those registers should be privileged even with a cmd parser in place
> > (which they are).
> > 
> > Daniel's argument presumes that we haven't been patching out the
> > cmd parser all this time anyway.
> 
> Yeah I know we have some perf issues as it is; it would be nice if the
> overhead were so minimal that it didn't matter.  But just on principle,
> scanning secure buffers seems wrong, and I'm trying to understand why
> Daniel would want it.

Ok Daniel explained on IRC that we actually have a special whitelist
for the secure batch case.  The idea is to allow a DRM_MASTER to submit
secure batches, but still prevent a local root exploit.  I suppose that
means preventing access to most commands and registers, but allowing a
few extra things like wait events and display register updates.

I suppose it's not entirely unreasonable, but it does add complexity to
the scanner and overhead to all users; not sure it's worth it.

-- 
Jesse Barnes, Intel Open Source Technology Center



More information about the Intel-gfx mailing list