R300 idling (new subject)

Adam Jackson ajax at nwnk.net
Sat Dec 18 11:39:58 PST 2004


On Saturday 18 December 2004 13:53, Vladimir Dergachev wrote:
> On Sat, 18 Dec 2004, Adam Jackson wrote:
> > Our security model is, if you have access to /dev/dri/card? and the X
> > server let you connect, then you can write directly to the hardware. 
> > There are plenty of other DoS attacks you can perform once you have a
> > connection to the server.
>
> I thought that we only let the Mesa driver access "safe" registers and the
> rest was done through DRM driver. I understand that many drivers access
> video memory directly, but my impression was that this was a compromise to
> deliver a working driver earlier and/or for suboptimal hardware.

There's a difference between safe and safe.  The DRM is responsible for 
anything that, if done in userspace, could lead to a root escalation.  For 
example, if your card can DMA to arbitrary system memory, then DMA triggers 
need to be done on the kernel side so you don't write a 0 to current->euid.

The DRM is not responsible for making sure you don't halt the GPU or the 
machine.

> > Don't like it?  Help me figure out accelerated indirect rendering, which
> > would let you restrict drm device access to root (the server) and still
> > get accelerated 3d.
>
> This might be fun :) What are the current issues ? Is there a place I can
> read about them ?

The issue is basically teaching the glx component in the server to load DRI 
drivers.  I don't know much more than that at the moment.

- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20041218/1b7e4410/attachment.pgp>


More information about the xorg mailing list