As I was studying the specs and code to be able to understand and reply to Leif's previous post (which I haven't completed yet..), I noticed at the same time a bug and a feature which could mean that blind client buffering could be insecure after all.
The bug is that we should be using MACH64_BM_GUI_TABLE and not MACH64_BM_GUI_TABLE_CMD when setting up the GUI master operation. The difference between the two is that the later is queued in the FIFO and the former not, and we really don't want this as it could get in the way later. Only commands which are on block 0 of MMIO region can be streamed into a GUI master operation, as said in the BM_DATA register spec (8-11). The MACH64_BM_GUI_TABLE_CMD is an alias in this block exactly for this purpose, i.e., to be streamed trhough the GUI command FIFO, as said in its spec (8-12). Doesn't this means that we can initiate further GUI master operations from a command buffer since, once the first GUI master operation is setup, it's only necessary to set MACH64_BM_GUI_TABLE_CMD and MACH64_DST_HEIGHT_WIDTH to fire it up - both accessible from GUI FIFO. Although firing up a stream of arbitrary commands shouldn't be a reason for concern since the commands are only innocent(?) GUI operations, this gives the ability of setting up any descriptor table. One consequence is that if this table is invalid the whole DMA engine is unnoperational until a cold reset. Another is that they can access to any register... I plan to build a test case for this, but I would like to hear preliminary opinions about this, in case I'm missing something. Frank, have you tested this before? José Fonseca _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel