20 Mar
2014
20 Mar
'14
7:36 a.m.
Hi
On Thu, Mar 20, 2014 at 7:43 AM, Thomas Hellstrom thomas@shipmail.org wrote:
On 03/17/2014 05:43 PM, David Herrmann wrote:
We introduced render-nodes about 1/2 year ago and no problems showed up. Remove the drm_rnodes argument and enable them by default now.
So what about the malicious execbuf command stream problem? Do we require all drivers that enable render-nodes to have a mechanism to prevent this in place?
No, that's no requirement. Render-nodes provide a secure API, if the underlying driver does no command-stream validation (I guess for performance-reasons and lack of VM), it's an implementation detail, not an API. Furthermore, you can always set higher restrictions on the render-node char-dev in case this bothers you.
Cheers David