On 01/29/2014 08:34 PM, Daniel Vetter wrote:
Actually I've found something else to complain about:
On Tue, Jan 28, 2014 at 2:16 PM, Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> wrote:
+#define I915_USERPTR_READ_ONLY 0x1
This smells like an insta-root-exploit:
1. mmap /lib/ld-linux.so as read-only
2. userptr bind that mmap'ed area as READ_ONLY
3. blit exploit code over it
4. profit
I also don't see a way we could fix this, at least without the
hardware providing read-only modes in the ptes. Which also requires us
to actually trust it to follow them, even when they exists ...
Would disallowing mapping of shared pages help and be acceptable
considering intended use cases?
Tvrtko
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
