On 03/21/2014 08:10 AM, Daniel Vetter wrote:
On Thu, Mar 20, 2014 at 10:13 PM, Rob Clark robdclark@gmail.com wrote:
Ie. an app that was using the gpu for something secure could simply choose not to if the hw/driver could not guarantee that another process using the gpu could not get access to the buffers..
IMO that should work fine, but we need to provide a way for user-space to determine whether the render node is secure or not. Perhaps a sysfs attribute and / or a drm getparam() parameter?
I'd *assume* that that sort of thing would just be some sort of CL extension?
But no objection to exposing it in a more common way.
I guess it is also an option to keep the bootarg to override default (with the default being 'enabled' for hw w/ per-context/process vm and 'disabled' otherwise).
Imo if we expose this through sysfs we should always enable rendernodes. The udev scripts can then decide what permissions to set on them.
Agreed. Thomas
-Daniel