Re: [PATCH] drm/radeon: evergreen/cayman indirect draw support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 09 Nov 2014 00:15:49 +0100, Jerome Glisse <j.glisse@xxxxxxxxx> wrote: 


On Sat, Nov 08, 2014 at 11:51:30PM +0100, Glenn Kennard wrote:

Signed-off-by: Glenn Kennard <glenn.kennard@xxxxxxxxx>


NAK insecure. This is missing any kind of boundary checking for the
indirect buffer and thus can be abuse.
The indirect command buffer is a fixed format 16 or 20 bytes size, read by fixed function hardware, which only contains the following: 

For PACKET3_DRAW_INDIRECT:

  typedef struct {
    GLuint count;
    GLuint primCount;
    GLuint first;
    GLuint reservedMustBeZero;
  } DrawArraysIndirectCommand;

or PACKET3_DRAW_INDEX_INDIRECT:

  typedef struct {
    GLuint count;
    GLuint primCount;
    GLuint firstIndex;
    GLint  baseVertex;
    GLuint reservedMustBeZero;
  } DrawElementsIndirectCommand;


Please outline an example of how this would be abused.


/Glenn
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux