On Thu, 2009-10-08 at 02:35 -0700, brucech...@via.com.tw wrote: > Hello Thomas: > > > If I understand the code correctly, the user-space application prepares > > command buffers directly in AGP, and asks the > > drm module to submit them. We can't allow this for security reasons. The > > user-space application could for example fill the buffer with > > commands to texture from arbitrary system memory, getting hold of other > > user's private data. > > The whole ring-buffer stuff and the command verifier was once > > implemented to fix that security problem.
> Thank you very much for your comment. What if we do a security > check in these buffer before submit? Let me check if there is any way > to work around for this security issue. Who would do that security check? Userspace? That doesn't work as userspace is not trusted. The kernel? Ok, but now it's reading commands out of a presumably write-combined AGP buffer, which is slow. You'd have been better off passing the commands to the kernel in regular memory, which is presumably exactly what the existing mechanism does. Keith ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel
