Subject: Re: radeon driver design (was Re: generic virtual consoles)
To: None <garrett_damore@tadpole.com, thorpej@shagadelic.org>
From: List Mail User <track@Plectere.com>
List: tech-kern
Date: 01/03/2006 11:11:18
>...
>On Dec 28, 2005, at 12:08 PM, Garrett D'Amore wrote:
>
>> What I don't want to have to expose to userland is the intricate  
>> details
>> of the chip, otherwise we wind up writing multiple graphics drivers --
>> one for user space and one for kernel space.
>
>There are also security benefits of not exposing all of the chip's  
>details to user space.
>
>-- thorpej
>
	Even better is to design the graphics chips in the first place
so that security sensitive registers are in different parts of the
address space (i.e. on separate pages, where page size is the largest
size for any processor you expect to be using with the chip), so that
some parts can be exposed and other not (i.e. privilege separation by
PMAP).

	BTW.  This has been done on at least a few vendors chips or
chips sets (at least some of this is mentioned in some SGI documentation,
so that a user space implementation of GL didn't allow anyone to crash
the machine or read arbitrary physical addresses by means of DMA).

	Unfortunately, the industry as a whole has never learned this
lesson and it has been "forgotten" by a few vendors who did.


	Paul Shupak
	track@plectere.com