[PATCH] glx: add GLX_ARB_create_context_no_error support

Adam Jackson ajax at nwnk.net
Thu Aug 31 17:05:51 UTC 2017


On Thu, 2017-08-03 at 20:07 +0200, Grigori Goronzy wrote:
> Add the necessary bits to parse the attribute, convert the value
> to DRI context flags where needed and enforce the rules outlined in
> the specification.

I'm a little hesitant to merge this. I think, if the server is running
with privileges, that we really don't want to allow no-error indirect
contexts, that seems like an easy way to provoke security bugs.

As of this change:

    commit db0dd06ddf47d5190f2349ed8b0e71caa9e8e1eb
    Author: Adam Jackson <ajax at redhat.com>
    Date:   Thu Jul 27 16:02:33 2017 -0400

        glx: Allow arbitrary context attributes for direct contexts

the server doesn't really need to explicitly know about this context
attribute; if the corresponding patch to mesa/src/glx/glxextensions.c
marked ARB_create_context_no_error's direct_only flag as Y, that would
enable this extension for direct contexts but not indirect.

I think that should happen in any case. If we also want to enable this
for indirect contexts, then:

> @@ -894,6 +914,15 @@ initializeExtensions(__GLXscreen * screen)
>                         "AIGLX: enabled GLX_ARB_create_context_robustness\n");
>          }
>  
> +#ifdef __DRI2_NO_ERROR
> +        if (strcmp(extensions[i]->name, __DRI2_NO_ERROR) == 0) {
> +            __glXEnableExtension(screen->glx_enable_bits,
> +                                 "GLX_ARB_create_context_no_error");
> +            LogMessage(X_INFO,
> +                        "AIGLX: enabled GLX_ARB_create_context_no_error\n");
> +        }
> +#endif
> +

This bit should also check whether we're running with elevated
privileges.

- ajax


More information about the xorg-devel mailing list