From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jesse Barnes <jbarnes@virtuousgeek.org>
Subject: Re: [PATCH] drm/i915: Add OACONTROL to the command
 parser register whitelist.
Date: Fri, 16 May 2014 12:53:30 -0700
Message-ID: <20140516125330.040ca508@jbarnes-desktop>
References: <20140326163820.GV26878@phenom.ffwll.local>
 <53331068.7090007@whitecape.org>
 <20140326182605.GA28133@bdvolkin-ubuntu-desktop>
 <20140327075721.GA26878@phenom.ffwll.local>
 <20140327155708.GA4690@bdvolkin-ubuntu-desktop>
 <CAKMK7uGiHGx=PDAoiLFidVr34=FZ2-p1NTh5y-99TXR+dVp42w@mail.gmail.com>
 <53349971.3000806@whitecape.org>
 <CAKMK7uEXx00NaP7oZoP-PUUy4zK_0dqtQgPWGV0bs-AvpEJkmw@mail.gmail.com>
 <5334B2C4.5000702@whitecape.org>
 <20140516120545.23ddf6d7@jbarnes-desktop>
 <20140516192050.GA4495@nuc-i3427.alporthouse.com>
 <20140516123408.75e68aed@jbarnes-desktop>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <intel-gfx-bounces@lists.freedesktop.org>
Received: from gproxy2-pub.mail.unifiedlayer.com
 (gproxy2-pub.mail.unifiedlayer.com [69.89.18.3])
 by gabe.freedesktop.org (Postfix) with SMTP id 683E06E28A
 for <intel-gfx@lists.freedesktop.org>; Fri, 16 May 2014 12:53:33 -0700 (PDT)
In-Reply-To: <20140516123408.75e68aed@jbarnes-desktop>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
To: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>, "intel-gfx@lists.freedesktop.org" <intel-gfx@lists.freedesktop.org>
List-Id: intel-gfx@lists.freedesktop.org

On Fri, 16 May 2014 12:34:08 -0700
Jesse Barnes <jbarnes@virtuousgeek.org> wrote:

> On Fri, 16 May 2014 20:20:50 +0100
> Chris Wilson <chris@chris-wilson.co.uk> wrote:
> > Yes, X only sets the secure bit when it pokes the display registers, and
> > those registers should be privileged even with a cmd parser in place
> > (which they are).
> > 
> > Daniel's argument presumes that we haven't been patching out the
> > cmd parser all this time anyway.
> 
> Yeah I know we have some perf issues as it is; it would be nice if the
> overhead were so minimal that it didn't matter.  But just on principle,
> scanning secure buffers seems wrong, and I'm trying to understand why
> Daniel would want it.

Ok Daniel explained on IRC that we actually have a special whitelist
for the secure batch case.  The idea is to allow a DRM_MASTER to submit
secure batches, but still prevent a local root exploit.  I suppose that
means preventing access to most commands and registers, but allowing a
few extra things like wait events and display register updates.

I suppose it's not entirely unreasonable, but it does add complexity to
the scanner and overhead to all users; not sure it's worth it.

-- 
Jesse Barnes, Intel Open Source Technology Center