Dear Bruce, On Thu, Oct 08, 2009 at 05:35:51PM +0800, brucech...@via.com.tw wrote: > > If I understand the code correctly, the user-space application prepares > > command buffers directly in AGP, and asks the > > drm module to submit them. We can't allow this for security reasons. The > > user-space application could for example fill the buffer with > > commands to texture from arbitrary system memory, getting hold of other > > user's private data. > > The whole ring-buffer stuff and the command verifier was once > > implemented to fix that security problem. > > Thank you very much for your comment. What if we do a security check in these > buffer before submit? Let me check if there is any way to work around for > this security issue.
Bruce, let me clarify: The fundamental assumiptions are: * the operating system kernel enforces security / permisssion between processes * DRM is used by an application which is running by one particular user * thus, the kernel needs to make security checks to ensure that whatever the application does will not violate the security constraints, i.e. * DRM api can not allow arbitrary memory read/write to physical addresses So if you want to add a security check to those buffers, the check has to be inside the kernel. Only the kernel can be trusted, not the userspace application that talks to the DRM API/ABI. Regards, -- - Harald Welte <haraldwe...@viatech.com> http://linux.via.com.tw/ ============================================================================ VIA Free and Open Source Software Liaison ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference -- _______________________________________________ Dri-devel mailing list Dri-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dri-devel
