Hello Harald:
Thank you very much for your education. We should go with better way.
Regards
=================================================
Bruce C. Chang(張祖明)
VIA Technologies, Inc.
Address: 1F, 531, Chung-Cheng Road, Hsin-Tien, 231 Taipei
Tel: +886-2-22185452 Ext 7323
Mobile: +886-968343824
Fax: +886-2-22186282
Skype: Bruce.C.Chang
Email: brucech...@via.com.tw
-----Original Message-----
From: Harald Welte [mailto:haraldwe...@viatech.com]
Sent: Thursday, October 08, 2009 5:56 PM
To: Bruce Chang
Cc: tho...@shipmail.org; dri-devel@lists.sourceforge.net; airl...@gmail.com;
Benjamin Chen; Joseph Chan
Subject: Re: [Patch VIA UniChrome DRM][2/5 Ver1] Add support for video command
flush and interface for V4L kernel module
Dear Bruce,
On Thu, Oct 08, 2009 at 05:35:51PM +0800, brucech...@via.com.tw wrote:
> > If I understand the code correctly, the user-space application
> > prepares
> > command buffers directly in AGP, and asks the
> > drm module to submit them. We can't allow this for security reasons. The
> > user-space application could for example fill the buffer with
> > commands to texture from arbitrary system memory, getting hold of other
> > user's private data.
> > The whole ring-buffer stuff and the command verifier was once
> > implemented to fix that security problem.
>
> Thank you very much for your comment. What if we do a security check
> in these buffer before submit? Let me check if there is any way to
> work around for this security issue.
Bruce, let me clarify: The fundamental assumiptions are:
* the operating system kernel enforces security / permisssion between processes
* DRM is used by an application which is running by one particular user
* thus, the kernel needs to make security checks to ensure that whatever the
application does will not violate the security constraints, i.e.
* DRM api can not allow arbitrary memory read/write to physical addresses
So if you want to add a security check to those buffers, the check has to be
inside the kernel. Only the kernel can be trusted, not the userspace
application that talks to the DRM API/ABI.
Regards,
--
- Harald Welte <haraldwe...@viatech.com> http://linux.via.com.tw/
============================================================================
VIA Free and Open Source Software Liaison
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
--
_______________________________________________
Dri-devel mailing list
Dri-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dri-devel
