R300 idling (new subject)

Vladimir Dergachev volodya at mindspring.com
Sat Dec 18 12:28:21 PST 2004 


On Sat, 18 Dec 2004, Adam Jackson wrote:

> On Saturday 18 December 2004 13:53, Vladimir Dergachev wrote:
>> On Sat, 18 Dec 2004, Adam Jackson wrote:
>>> Our security model is, if you have access to /dev/dri/card? and the X
>>> server let you connect, then you can write directly to the hardware.
>>> There are plenty of other DoS attacks you can perform once you have a
>>> connection to the server.
>>
>> I thought that we only let the Mesa driver access "safe" registers and the
>> rest was done through DRM driver. I understand that many drivers access
>> video memory directly, but my impression was that this was a compromise to
>> deliver a working driver earlier and/or for suboptimal hardware.
>
> There's a difference between safe and safe.  The DRM is responsible for
> anything that, if done in userspace, could lead to a root escalation.  For
> example, if your card can DMA to arbitrary system memory, then DMA triggers
> need to be done on the kernel side so you don't write a 0 to current->euid.
>
> The DRM is not responsible for making sure you don't halt the GPU or the
> machine.
>

I guess I don't see it as black and white as this. A GPU lockup usually 
results from hardware entering a configuration outside normal operating 
procedures. If this happens, strictly speaking, we do not know what the 
effect may be. In particular, if one can trigger an unexplained lockup
it may mean that there is an intermediate state that activates DMA engine.

Sure, this is pure speculation, but paranoia is a foundation of good 
security model, isn't it ?

>>> Don't like it?  Help me figure out accelerated indirect rendering, which
>>> would let you restrict drm device access to root (the server) and still
>>> get accelerated 3d.
>>
>> This might be fun :) What are the current issues ? Is there a place I can
>> read about them ?
>
> The issue is basically teaching the glx component in the server to load DRI
> drivers.  I don't know much more than that at the moment.

I see - thank you !

                     best

                        Vladimir Dergachev

>
> - ajax
>

More information about the xorg mailing list