port-i386: Re: XFree86 aperture driver

Subject: Re: XFree86 aperture driver
To: None <matthieu@laas.fr>
From: Zdenek Salvet <salvet@nyx.dcs.muni.cz>
List: port-i386
Date: 04/27/1995 12:05:33
Matthieu Herrb wrote:
> Zdenek Salvet <salvet@nyx.dcs.muni.cz> wrote (in his message from Wed 26)
>  > I wonder why "length" argument is not checked/used.
>  > Could be aperture driver secure if it would do such checks ?
>  > (root only allowed to write directly into framebuffer)
> 
> The problem is that every different vga card maps its framebuffer at
> different physical addresses. Since it's usually not documented
> anywhere, XFree86 has made the choice to probe for the physical memory
> adresses. 
> 
> For this probe to be possible, the aperure driver has to allow access
> to every possible physical address. It explain why "length" ain't
> checked. The only restriction is that it tries to deny access to the
> physical CPU memory.
> 
> However, it seems that it's equivalent to use the new 'INSECURE'
> kernel option: using the aperture driver one can modify every byte of
> virutal memory.
> 
> A better approach (but hard to explain to novice users) would be to
> run XFree86 once with an insecure kernel first, let it probe the physical
> memory address range of the particular board it's using, then compile
> an aperture driver restricted to this range and reboot a secure
> kernel.

 Or patch ap.o with the correct ranges.

> If someone wants to modify the code to do that, I'll be happy to
> consider if for inclusion it in the next XFree86 release.

I think the Xserver needs something like

   extern Bool ApertureDriverCustomization;
   static int invocation=0;
    
   if (ApertureDriverCustomization)
   {  if (invocation==0)
         if ((custfile=fopen("ap_customize.c","w"))==NULL)
            FatalError("%s: could not open file in current directory\n",
                       "ApertureDriverCustomization");
      invocation++;
      if (custfile)
         fprintf(custfile,"{ %x, %x },\n",Base,Size);
   }

in xc/programs/Xserver/hw/xfree86/os-support/bsd_video.c:xf86MapVidMem 
routine and a simple code to get command line option for 
ApertureDriverCustomization variable in
xc/programs/Xserver/os/utils.c:ProcessCommandLine
in order to output set of initializers for array of allowed address
ranges. I don't know what aperture driver should do with lengths
(check only ?). 

salvet@nyx.dcs.muni.cz