From: Jon S. <jon...@gm...> - 2005-06-29 14:16:52
|
On 6/29/05, Thomas Hellstr=F6m <uni...@sh...> wrote: > > Currently the drivers are AddMap'ing multiple little maps over the AGP > > area, but the area is basically split into two area: private for the > > master and public for the DRI clients to write to. > > > > So to get around the root priv requirement of AddMap I could have DRM > > initially create a map which only allows master access to AGP space. > > Then the non-root master could safely AddMap sub-maps which must exist > > inside of the predefined AGP map. These sub-maps would lower the priv > > requirements for parts of AGP space and allow the clients to run. > > >=20 > The via drm module needs a kernel 2MB _RESTRICTED AGP map for the command > stream. The master must not have access to that part, since it will allow > a non-root master to modify the command stream once it has been > security-checked. >=20 > How will drmAgpAlloc be handled? I mean, how will DRM know how big the > initial map will be? drmAgpAlloc() allocs drm_agp_mem structures which track the agp allocs. I could change the map system to allow a single map to be paired with each struct drm_agp_mem. The 2MB restricted you are using was allocated with a call to drmAgpAlloc(), right? You would then add a _RESTRICTED map which would bind to the struct drm_agp_mem and stop further maps. We need to a check to make sure a normal user can't free and reallocate a piece of AGP memory marked restricted. The drivers would then be changed to alloc the various parts of AGP space instead of allocing one big chunk and carving it up. By allocing multiple pieces the master can set different privs on each piece. Backwards compatibility is maintained since root can make any maps that it wants ignoring the one map per struct drm_agp_mem restriction. --=20 Jon Smirl jon...@gm... |