[Nouveau] offer to help, DCB

Andy Ritger aritger at nvidia.com
Fri Sep 27 10:52:05 PDT 2013 

On Wed, Sep 25, 2013 at 12:46:12AM -0700, Marcin Kościelnicki wrote:
> > Does Nouveau reimplement Falcon microcode due to particular deficiencies
> > in NVIDIA's microcode, or because you couldn't get permission in the past
> > to redistribute the firmware extracted from NVIDIA's proprietary driver?
> > If the latter, I think we can get to the point of solving that with more
> > amenable licensing.  If the former, I'd like to report the deficiencies
> > from your point of view back to NVIDIA's firmware team, so that we can
> > improve the firmware for Nouveau use.
> 
> While I'm personally one of the guys who wouldn't like to see a binary 
> blob in nouveau, no matter the terms, I've read the firmware blobs 
> decompilation and I'm quite concerned about possible security implications.
> 
> The PGRAPH context switch microcode allows user to read/write arbitrary 
> MMIO registers by submitting the firmware methods. The GF100+ video 
> decoding etc. falcon microcodes allow you to just ask for physical 
> instead of virtual addressing, and that includes physical system memory. 
> Why did nVidia include such obviously security-breaking functionality in 
> the firmware images? As I understand it, a user having access to just 
> the FIFO submission interface should only have access to his own VM 
> area, and not have enough power to take over the machine. Is there any 
> security model for nVidia hardware/firmware/kernel driver system?
> 
> Marcin Kościelnicki

Hi Marcin.

I'm not personally familiar with the current implementation of any
of NVIDIA's microcode, but what you describe sounds quite serious.
I'm taking this up with the correct groups within NVIDIA.  Thank you
for raising those concerns.

Given that, I need to retract my suggestion of Nouveau using NVIDIA's
binary-only microcode, at least until we get to a point where NVIDIA
has earned some trust from Nouveau in our microcode implementations.

Incidentally, if you have additional security concerns with NVIDIA's
proprietary driver, please feel free to report them to NVIDIA through
unix-security at nvidia.com.  I admit that NVIDIA hasn't always been the most
responsible in the past, and we definitely have some architectural work
to do in the proprietary driver (e.g., moving kickoffs to kernel-space,
less brain dead usage of the MMU, etc), but we are trying to take security
more seriously.

Thanks,
- Andy

More information about the Nouveau mailing list