xserver: Branch 'master'
Keith Packard
keithp at kemper.freedesktop.org
Wed Apr 23 13:25:53 PDT 2014
glx/glxcmds.c | 11 +++++++++++
include/opaque.h | 1 +
os/utils.c | 8 ++++++++
3 files changed, 20 insertions(+)
New commits:
commit 99f0365b1fbdfd9238b9f5cc28491e4e6c7324f1
Author: Eric Anholt <eric at anholt.net>
Date: Wed Apr 23 09:52:17 2014 -0700
Add a command line argument for disabling indirect GLX.
The attack surface for indirect GLX is huge, and it's of no use to
most people (if you get an indirect GL context, you're better served
by a immediate X error than actually trying to use an indirect GL
context and finding out that it doesn't support doing anything you
want, slowly). This flag gives you a chance to disable indirect GLX
in environments where you just don't need it.
I put in both the '+' and '-' arguments right now, so that it's easy
to patch the value to change the default policy.
Signed-off-by: Eric Anholt <eric at anholt.net>
Acked-by: Julien Cristau <jcristau at debian.org>
Reviewed-by: Keith Packard <keithp at keithp.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index fb236b6..2fc3f4c 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -275,6 +275,17 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId,
** Allocate memory for the new context
*/
if (!isDirect) {
+ /* Only allow creating indirect GLX contexts if allowed by
+ * server command line. Indirect GLX is of limited use (since
+ * it's only GL 1.4), it's slower than direct contexts, and
+ * it's a massive attack surface for buffer overflow type
+ * errors.
+ */
+ if (!enableIndirectGLX) {
+ client->errorValue = isDirect;
+ return BadValue;
+ }
+
/* Without any attributes, the only error that the driver should be
* able to generate is BadAlloc. As result, just drop the error
* returned from the driver on the floor.
diff --git a/include/opaque.h b/include/opaque.h
index 6b8071c..a2c54aa 100644
--- a/include/opaque.h
+++ b/include/opaque.h
@@ -56,6 +56,7 @@ extern _X_EXPORT Bool explicit_display;
extern _X_EXPORT int defaultBackingStore;
extern _X_EXPORT Bool disableBackingStore;
extern _X_EXPORT Bool enableBackingStore;
+extern _X_EXPORT Bool enableIndirectGLX;
extern _X_EXPORT Bool PartialNetwork;
extern _X_EXPORT Bool RunFromSigStopParent;
diff --git a/os/utils.c b/os/utils.c
index 83d85cd..bc5e7df 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -194,6 +194,8 @@ Bool noGEExtension = FALSE;
Bool CoreDump;
+Bool enableIndirectGLX = TRUE;
+
#ifdef PANORAMIX
Bool PanoramiXExtensionDisabledHack = FALSE;
#endif
@@ -538,6 +540,8 @@ UseMsg(void)
ErrorF("-fn string default font name\n");
ErrorF("-fp string default font path\n");
ErrorF("-help prints message with these options\n");
+ ErrorF("+iglx Allow creating indirect GLX contexts (default)\n");
+ ErrorF("-iglx Prohibit creating indirect GLX contexts\n");
ErrorF("-I ignore all remaining arguments\n");
#ifdef RLIMIT_DATA
ErrorF("-ld int limit data space to N Kb\n");
@@ -784,6 +788,10 @@ ProcessCommandLine(int argc, char *argv[])
UseMsg();
exit(0);
}
+ else if (strcmp(argv[i], "+iglx") == 0)
+ enableIndirectGLX = TRUE;
+ else if (strcmp(argv[i], "-iglx") == 0)
+ enableIndirectGLX = FALSE;
else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) {
if (skip > 0)
i += skip - 1;
More information about the xorg-commit
mailing list