[Intel-gfx] [PATCH 1/2] drm/core: Preserve the framebuffer after removing it.
Daniel Vetter
daniel at ffwll.ch
Wed Sep 9 08:29:15 PDT 2015
On Wed, Sep 09, 2015 at 04:18:02PM +0100, Tvrtko Ursulin wrote:
>
> On 09/09/2015 04:04 PM, Daniel Vetter wrote:
> >On Wed, Sep 09, 2015 at 03:51:50PM +0100, Tvrtko Ursulin wrote:
> >>
> >>Hi,
> >>
> >>On 09/09/2015 03:40 PM, Maarten Lankhorst wrote:
> >>>Previously RMFB and fd close chose to disable any plane that had
> >>>an active framebuffer from this file. If it was a primary plane the
> >>>crtc was disabled. However the fbdev code or any system compositor
> >>>should restore the planes anyway so there's no need to do it twice.
> >>>
> >>>The old fb_id is zero'd, so there's no danger of being able to
> >>>restore the fb from fb_id.
> >>
> >>What does this mean, say if the compositor dies last frame will remain on
> >>the screen?
> >
> >Yes, and the commit message should mention that. It should also mention
> >that other applications can't get at the data since we clear fb id still,
> >so no information leak there.
>
> Perhaps I replied to the wrong patch from the series.
>
> Why is all this needed anyway? It sound pretty undesirable from the security
> point of view to me. If it is exploitable to leave something sensitive on
> screen that's not good.
fd close is a super-painful context to do a full-blown modeset. It's
userspace but we can't restart anything because no one ever checks the
return value of close(). We could fix it by pushing this to a work item,
but given that the rule itself seems dubious it's easier to adjust the abi
imo. Framebuffers are somewhat global, so not deleting them makes imo
sense.
The big change is patch 2, which will make them survive for real.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the Intel-gfx
mailing list