Re: [PATCH] remove need for root to run DRM

Wed, 03 Aug 2005 11:41:11 -0700 

On 8/3/05, Eric Anholt <[EMAIL PROTECTED]> wrote:
> > @@ -163,6 +164,19 @@ int drm_addmap(drm_device_t * dev, unsig
> >                       map->handle = drm_ioremap(map->offset, map->size, 
> > dev);
> >               break;
> >       case _DRM_SHM:
> > +             found_map = drm_find_matching_map(dev, map);
> > +             if (found_map != NULL) {
> > +                     if (found_map->size != map->size) {
> > +                             DRM_DEBUG("Matching maps of type %d with "
> > +                                "mismatched sizes, (%ld vs %ld)\n",
> > +                                 map->type, map->size, found_map->size);
> > +                             found_map->size = map->size;
> > +                     }
> > +
> > +                     drm_free(map, sizeof(*map), DRM_MEM_MAPS);
> > +                     *map_ptr = found_map;
> > +                     return 0;
> > +             }
> 
> I'm uncomfortable with this "matching maps with mismatched sizes" code
> that now exists in 2 places, and would like to see what the reasoning is
> behind it.

Existing Xservers ask for maps that are not the correct size. This
lets them keep working.

> 
> > diff --git a/shared-core/radeon_cp.c b/shared-core/radeon_cp.c
> > --- a/shared-core/radeon_cp.c
> > +++ b/shared-core/radeon_cp.c
> > @@ -1245,7 +1245,7 @@ static void radeon_set_pciegart(drm_rade
> >       u32 tmp = RADEON_READ_PCIE(dev_priv, RADEON_PCIE_TX_GART_CNTL);
> >       if (on) {
> >
> > -             DRM_DEBUG("programming pcie %08X %08lX %08X\n",
> > dev_priv->gart_vm_start, dev_priv->bus_pci_gart,dev_priv->gart_size);
> > +             DRM_DEBUG("programming pcie %08X %08X %08X\n",
> > dev_priv->gart_vm_start, dev_priv->bus_pci_gart,dev_priv->gart_size);
> >               RADEON_WRITE_PCIE(RADEON_PCIE_TX_DISCARD_RD_ADDR_LO,
> > dev_priv->gart_vm_start);
> >               RADEON_WRITE_PCIE(RADEON_PCIE_TX_GART_BASE, 
> > dev_priv->bus_pci_gart);
> >               RADEON_WRITE_PCIE(RADEON_PCIE_TX_GART_START_LO, 
> > dev_priv->gart_vm_start);
> 
> A dma_addr_t (dev_priv->bus_pci_gart) is a long on at least some
> systems.  While we may know that it's 32 bits here, a cast will be
> needed to avoid warnings.

I was getting a warning in my build.

> 
> ioctls where removing the root check introduces privelege escalation for
> users with read access to the DRM device (at least):
> - DRM_R128_INDIRECT
> - DRM_RADEON_INDIRECT

How do we secure these?

-- 
Jon Smirl
[EMAIL PROTECTED]


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
--
_______________________________________________
Dri-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dri-devel

Reply via email to