From: Stephane M. <mar...@ic...> - 2006-09-17 18:54:36
|
Hello, Before explaining the issue, let me first introduce the context a bit. We are working on hardware that supports multiple contexts. By allocating one context to each application, we can achieve full graphics command submission from user space (each context is actually simply a command fifo and its control registers which are both mapped into the application space). Obviously, we are interested in making use of the new DRM memory manager on that hardware. Now if I understand how it works correctly, this new memory manager allocates opaque handles which are not to be used as offset in memory, because they are not. Therefore, a translation from the handle into a proper memory adress has to be done before the commands are sent to the hardware. This is easy to add when the DRM validates all the commands. However in our model the drm does can not do so, since it does not validates each and every command that is sent. So we need to be able to translate the handles into real offsets from user space, and know for sure that these offsets will remain valid for as long as the hardware will need them. And that's where we're out of ideas. Do you guys think it's possible to work around that ? Stephane PS : before everyone jumps in and says that this model is insecure, let me add that the hardware can enforce memory access |