The attack surface for indirect GLX is huge, and it's of no use to most people (if you get an indirect GL context, you're better served by a immediate X error than actually trying to use an indirect GL context and finding out that it doesn't support doing anything you want, slowly). This flag gives you a chance to disable indirect GLX in environments where you just don't need it.
I put in both the '+' and '-' arguments right now, so that it's easy to patch the value to change the default policy. Signed-off-by: Eric Anholt <[email protected]> Acked-by: Julien Cristau <[email protected]> --- glx/glxcmds.c | 10 ++++++++++ include/opaque.h | 1 + os/utils.c | 8 ++++++++ 3 files changed, 19 insertions(+) diff --git a/glx/glxcmds.c b/glx/glxcmds.c index 187e426..ded7aca 100644 --- a/glx/glxcmds.c +++ b/glx/glxcmds.c @@ -232,6 +232,16 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId, LEGAL_NEW_RESOURCE(gcId, client); + /* Only allow creating indirect GLX contexts if allowed by server + * command line. Indirect GLX is of limited use (since it's only + * GL 1.4), it's slower than direct contexts, and it's a massive + * attack surface for buffer overflow type errors. + */ + if (!enableIndirectGLX && !isDirect) { + client->errorValue = isDirect; + return BadMatch; + } + /* ** Find the display list space that we want to share. ** diff --git a/include/opaque.h b/include/opaque.h index 6b8071c..a2c54aa 100644 --- a/include/opaque.h +++ b/include/opaque.h @@ -56,6 +56,7 @@ extern _X_EXPORT Bool explicit_display; extern _X_EXPORT int defaultBackingStore; extern _X_EXPORT Bool disableBackingStore; extern _X_EXPORT Bool enableBackingStore; +extern _X_EXPORT Bool enableIndirectGLX; extern _X_EXPORT Bool PartialNetwork; extern _X_EXPORT Bool RunFromSigStopParent; diff --git a/os/utils.c b/os/utils.c index 83d85cd..bc5e7df 100644 --- a/os/utils.c +++ b/os/utils.c @@ -194,6 +194,8 @@ Bool noGEExtension = FALSE; Bool CoreDump; +Bool enableIndirectGLX = TRUE; + #ifdef PANORAMIX Bool PanoramiXExtensionDisabledHack = FALSE; #endif @@ -538,6 +540,8 @@ UseMsg(void) ErrorF("-fn string default font name\n"); ErrorF("-fp string default font path\n"); ErrorF("-help prints message with these options\n"); + ErrorF("+iglx Allow creating indirect GLX contexts (default)\n"); + ErrorF("-iglx Prohibit creating indirect GLX contexts\n"); ErrorF("-I ignore all remaining arguments\n"); #ifdef RLIMIT_DATA ErrorF("-ld int limit data space to N Kb\n"); @@ -784,6 +788,10 @@ ProcessCommandLine(int argc, char *argv[]) UseMsg(); exit(0); } + else if (strcmp(argv[i], "+iglx") == 0) + enableIndirectGLX = TRUE; + else if (strcmp(argv[i], "-iglx") == 0) + enableIndirectGLX = FALSE; else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) { if (skip > 0) i += skip - 1; -- 1.9.2 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
