On Fri, Feb 13, 2004 at 01:31:59AM +0000, Dave Airlie wrote: > > > > So should we just work on getting everything running on newtree then and not > > worry about the security issues for now? > > > > Sounds good to me, I'll look into disabling DMA by default, if we have the > option we are okay, my only issue is though should there be something in > the DRM that it affects? I can't see how XF86Config could make it safe, if
The thing with normal DMA in Mach64 is that the DMA buffers can have not only geometry, textures, but also bus mastering commands which almost give access of the system full physical memory to the client. But the current DRM has a pseudo-DMA mode which from the client POV works just like the normal DMS, except that is syncronous. That pseudo-DMA mode was original written as a debugging aiding tool to help transition for the full DMA. It sends the commands to the card one by one using MMIO. If we add a simple sanity/security check to the mach64_do_dispatch_pseudo_dma() in mach64_dma.c then client no longer can issue naughty commands. > I have a DRM that allows it I can access it from userspace process without > DRI or XFree86... That's not correct. Many DRM IOCTLs can only be used by root (such as the one to enable/disable DMA). [...] > > And Jose if you have any work done on the DRM interface change in any > state or any ideas, could you drop it somewhere so I can start looking at > it maybe.. I don't care if it does anything I'm more trying to get the > ideas you were proposing than a working DRM ... I'm afraid I have many ideas but not work in the same proportion... There is a newdrm-0-0-1-branch which has some of the necessary infrastuture (especially the DMA pool mangament code is complete). Unfortunately at the time I got carried away and also tried to make the DRM common code in a true library (replacing DRM_* macros by functions like a mania) and eventually didn't finish either task. I'll see if I have any uncommited code in my hard-drive and generate the doxygen documentation for you this weekend. But to avoid past mistakes I strongly advise you to take this slowly, with one little step at a time. Having Mach64 on the trunk seems a step big enough, without any prejudice to your goals. Jose Fonseca ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click -- _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel
