On Thu, Mar 20, 2014 at 10:13 PM, Rob Clark robdclark@gmail.com wrote:
Ie. an app that was using the gpu for something secure could simply choose not to if the hw/driver could not guarantee that another process using the gpu could not get access to the buffers..
IMO that should work fine, but we need to provide a way for user-space to determine whether the render node is secure or not. Perhaps a sysfs attribute and / or a drm getparam() parameter?
I'd *assume* that that sort of thing would just be some sort of CL extension?
But no objection to exposing it in a more common way.
I guess it is also an option to keep the bootarg to override default (with the default being 'enabled' for hw w/ per-context/process vm and 'disabled' otherwise).
Imo if we expose this through sysfs we should always enable rendernodes. The udev scripts can then decide what permissions to set on them. -Daniel