From: Jesse Barnes <jbarnes@virtuousgeek.org>
To: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>
Subject: Re: [PATCH] drm/i915: Add OACONTROL to the command parser register whitelist.
Date: Fri, 16 May 2014 12:53:30 -0700 [thread overview]
Message-ID: <20140516125330.040ca508@jbarnes-desktop> (raw)
In-Reply-To: <20140516123408.75e68aed@jbarnes-desktop>
On Fri, 16 May 2014 12:34:08 -0700
Jesse Barnes <jbarnes@virtuousgeek.org> wrote:
> On Fri, 16 May 2014 20:20:50 +0100
> Chris Wilson <chris@chris-wilson.co.uk> wrote:
> > Yes, X only sets the secure bit when it pokes the display registers, and
> > those registers should be privileged even with a cmd parser in place
> > (which they are).
> >
> > Daniel's argument presumes that we haven't been patching out the
> > cmd parser all this time anyway.
>
> Yeah I know we have some perf issues as it is; it would be nice if the
> overhead were so minimal that it didn't matter. But just on principle,
> scanning secure buffers seems wrong, and I'm trying to understand why
> Daniel would want it.
Ok Daniel explained on IRC that we actually have a special whitelist
for the secure batch case. The idea is to allow a DRM_MASTER to submit
secure batches, but still prevent a local root exploit. I suppose that
means preventing access to most commands and registers, but allowing a
few extra things like wait events and display register updates.
I suppose it's not entirely unreasonable, but it does add complexity to
the scanner and overhead to all users; not sure it's worth it.
--
Jesse Barnes, Intel Open Source Technology Center
next prev parent reply other threads:[~2014-05-16 19:53 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-26 5:52 [PATCH] drm/i915: Add OACONTROL to the command parser register whitelist Kenneth Graunke
2014-03-26 6:21 ` Daniel Vetter
2014-03-26 16:03 ` Volkin, Bradley D
2014-03-26 16:38 ` Daniel Vetter
2014-03-26 17:37 ` Kenneth Graunke
2014-03-26 18:26 ` Volkin, Bradley D
2014-03-26 21:48 ` Daniel Vetter
2014-03-26 22:34 ` Kenneth Graunke
2014-03-27 7:57 ` Daniel Vetter
2014-03-27 15:57 ` Volkin, Bradley D
2014-03-27 20:16 ` Daniel Vetter
2014-03-27 21:34 ` Kenneth Graunke
2014-03-27 22:44 ` Daniel Vetter
2014-03-27 23:22 ` Kenneth Graunke
2014-05-16 19:05 ` Jesse Barnes
2014-05-16 19:20 ` Chris Wilson
2014-05-16 19:34 ` Jesse Barnes
2014-05-16 19:49 ` Chris Wilson
2014-05-16 20:12 ` Jesse Barnes
2014-05-16 19:53 ` Jesse Barnes [this message]
2014-05-16 20:12 ` Volkin, Bradley D
2014-05-16 20:14 ` Jesse Barnes
2014-03-27 23:42 ` Volkin, Bradley D
2014-03-28 7:36 ` Chris Wilson
2014-03-26 9:57 ` Jani Nikula
2014-03-26 10:41 ` [PATCH v2] " Kenneth Graunke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140516125330.040ca508@jbarnes-desktop \
--to=jbarnes@virtuousgeek.org \
--cc=daniel.vetter@ffwll.ch \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.