On 2019-06-21 9:12 a.m., Koenig, Christian wrote: > > First of all I tried to disable DRM authentication completely with a > kernel config option. Surprisingly that actually works out of the box at > least on the AMDGPU stack. > > This effectively allows us to get rid of DRI2 and the related security > problems. Only thing left for that is that I'm just not sure how to > signal this to userspace so that the DDX wouldn't advertise DRI2 at all > any more. FWIW, getting rid of DRI2 also needs to be discussed with amdgpu-pro OpenGL driver folks. > As a next step I looked into if we can disable the command submission > for DRM master. Turned out that this is relatively easy as well. > > All we have to do is to fix the bug Michel pointed out about KMS handles > for display I'm working on that, consider it fixed. > and let the DDX use a render node instead of the DRM master for Glamor. > Still need to sync up with Michel and/or Marek whats the best way of > doing this. My suggestion was to add a new variant of amdgpu_device_initialize. When the new variant is called, libdrm_amdgpu internally uses a render node for command submission etc. whenever possible. -- Earthling Michel Dänzer | https://www.amd.com Libre software enthusiast | Mesa and X developer _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
