• Jerome Glisse's avatar
    drm/radeon/kms: r600/r700 command stream checker · 961fb597
    Jerome Glisse authored
    This patch add cs checker to r600/r700 hw. Command stream checking
    will rewrite some of the cs value in order to restrict GPU access
    to BO size. This doesn't break old userspace but just enforce safe
    value. It should break any things that was using the r600/r700 cs
    ioctl to do forbidden things (malicious software), though we are
    not aware of such things.
    
    Here is the list of thing we check :
    - enforcing resource size
    - enforcing color buffer slice tile max, will restrict cb access
    - enforcing db buffer slice tile max, will restrict db access
    
    We don't check for shader bigger than the BO in which they are
    supposed to be, such use would lead to GPU lockup and is harmless
    from security POV, as far as we can tell (note that even checking
    for this wouldn't prevent someone to write bogus shader that lead
    to lockup).
    
    This patch has received as much testing as humanly possible with
    old userspace to check that it didn't break such configuration.
    However not all the applications out there were tested, thus it
    might broke some odd, rare applications.
    
    [airlied: fix rules for cs checker for parallel builds]
    Signed-off-by: default avatarJerome Glisse <jglisse@redhat.com>
    Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
    961fb597
r600.c 79.1 KB