Patch to make the via DRM secure.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi!

Attached is a patch, that based on the info I have should make the via DRM
ok to go into the mainstream kernel, (save 64-bit problems in the memory 
manager?)

It implements a simple command verifier for agp and pci writes to the 
MMIO area.

Currently no 3D commands are implemented, but since the unichrome Mesa 
driver does
not yet use these IOCTLS, it should be OK. When it does, the pci command 
parser and the
command verifier needs to be updated or even replaced.

In combination with this, the MMIO drmAddMap in the DDX needs 
modification to export
read-only. I believe this should provide enough security.

Implications for clients is that XvMC will work as before, since it uses 
the new IOCTLS,
Current 3D OpenGL will segfault when run as a normal user, since MMIO 
mapping fails.
It will work when run as root.

I think this is the best to do until someone has time to update the 3D 
driver to use the
AGP ring-buffer.

Comments would be welcome.

Erdi, Alan, Dave?

/Thomas