From: Jesse Barnes <jbarnes@virtuousgeek.org>
To: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>
Subject: Re: [PATCH] drm/i915: Add OACONTROL to the command parser register whitelist.
Date: Fri, 16 May 2014 12:53:30 -0700 [thread overview]
Message-ID: <20140516125330.040ca508@jbarnes-desktop> (raw)
In-Reply-To: <20140516123408.75e68aed@jbarnes-desktop>
On Fri, 16 May 2014 12:34:08 -0700
Jesse Barnes <jbarnes@virtuousgeek.org> wrote:
> On Fri, 16 May 2014 20:20:50 +0100
> Chris Wilson <chris@chris-wilson.co.uk> wrote:
> > Yes, X only sets the secure bit when it pokes the display registers, and
> > those registers should be privileged even with a cmd parser in place
> > (which they are).
> >
> > Daniel's argument presumes that we haven't been patching out the
> > cmd parser all this time anyway.
>
> Yeah I know we have some perf issues as it is; it would be nice if the
> overhead were so minimal that it didn't matter. But just on principle,
> scanning secure buffers seems wrong, and I'm trying to understand why
> Daniel would want it.
Ok Daniel explained on IRC that we actually have a special whitelist
for the secure batch case. The idea is to allow a DRM_MASTER to submit
secure batches, but still prevent a local root exploit. I suppose that
means preventing access to most commands and registers, but allowing a
few extra things like wait events and display register updates.
I suppose it's not entirely unreasonable, but it does add complexity to
the scanner and overhead to all users; not sure it's worth it.
--
Jesse Barnes, Intel Open Source Technology Center
next prev parent reply other threads:[~2014-05-16 19:53 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-26 5:52 [PATCH] drm/i915: Add OACONTROL to the command parser register whitelist Kenneth Graunke
2014-03-26 6:21 ` Daniel Vetter
2014-03-26 16:03 ` Volkin, Bradley D
2014-03-26 16:38 ` Daniel Vetter
2014-03-26 17:37 ` Kenneth Graunke
2014-03-26 18:26 ` Volkin, Bradley D
2014-03-26 21:48 ` Daniel Vetter
2014-03-26 22:34 ` Kenneth Graunke
2014-03-27 7:57 ` Daniel Vetter
2014-03-27 15:57 ` Volkin, Bradley D
2014-03-27 20:16 ` Daniel Vetter
2014-03-27 21:34 ` Kenneth Graunke
2014-03-27 22:44 ` Daniel Vetter
2014-03-27 23:22 ` Kenneth Graunke
2014-05-16 19:05 ` Jesse Barnes
2014-05-16 19:20 ` Chris Wilson
2014-05-16 19:34 ` Jesse Barnes
2014-05-16 19:49 ` Chris Wilson
2014-05-16 20:12 ` Jesse Barnes
2014-05-16 19:53 ` Jesse Barnes [this message]
2014-05-16 20:12 ` Volkin, Bradley D
2014-05-16 20:14 ` Jesse Barnes
2014-03-27 23:42 ` Volkin, Bradley D
2014-03-28 7:36 ` Chris Wilson
2014-03-26 9:57 ` Jani Nikula
2014-03-26 10:41 ` [PATCH v2] " Kenneth Graunke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140516125330.040ca508@jbarnes-desktop \
--to=jbarnes@virtuousgeek.org \
--cc=daniel.vetter@ffwll.ch \
--cc=intel-gfx@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox