Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Working Out "Serious Security Flaws" In DRM Drivers

  1. #1
    Join Date
    Jan 2007
    Posts
    14,603

    Default Working Out "Serious Security Flaws" In DRM Drivers

    Phoronix: Working Out "Serious Security Flaws" In DRM Drivers

    While many are still busy working through fallout of the OpenSSL Heartbleed bug within organizations, on a separate but security related note, kernel developers specializing in the Direct Rendering Manager (DRM) graphics drivers are working to beef up their own driver security...

    http://www.phoronix.com/vr.php?view=MTY2MTE

  2. #2
    Join Date
    Jul 2013
    Posts
    369

    Default

    Wayland doesn't use DRM right?
    I mean, ofc it's going to have it's own set of security flaws among other bugs, but this giant mess that is "X.org security" won't affect those of us switching over when it's ready, right?

  3. #3
    Join Date
    Mar 2010
    Location
    Slovenia
    Posts
    389

    Default

    Wayland is using DRM.

  4. #4
    Join Date
    Oct 2010
    Posts
    309

    Default

    Wailand uses DRM as well, DRI is the one specific to X. And I remember this security issues being also mentioned at the latest X.org conf, and they were supposed to be fixed, among other, by the switch to DRI3.

  5. #5
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,876

    Default

    Quote Originally Posted by Daktyl198 View Post
    Wayland doesn't use DRM right?
    I mean, ofc it's going to have it's own set of security flaws among other bugs, but this giant mess that is "X.org security" won't affect those of us switching over when it's ready, right?
    The whole DRM Master thing will affect Wayland, AFAIK. That being said, the split with Render Nodes may help that a little since its delegation of responsibilities. Wayland, however, is not affected by the mess of security issues that may be lurking in the 20+ yr old codebase that is Xorg. DRI3 + Present may have fixed a couple of these issues since now buffers are passed through DMA-BUF via file descriptors of a socket-- which is supposed to be more secure than however DRI2 handled it.

  6. #6
    Join Date
    Jan 2013
    Location
    Ontario, Canada
    Posts
    91

    Default

    I remember in the good old days, flaws in the DRM drivers like not clearing graphics memory and having images appear on the screen at untimely moments. For example while mode switching, or shutting down/restarting that goatse pr0n image might appear

  7. #7
    Join Date
    Jan 2009
    Location
    Vienna, Austria; Germany; hello world :)
    Posts
    629

    Default

    Quote Originally Posted by Grogan View Post
    I remember in the good old days, flaws in the DRM drivers like not clearing graphics memory and having images appear on the screen at untimely moments. For example while mode switching, or shutting down/restarting that goatse pr0n image might appear
    good 'ol times ?

    in what brave new world are you living in ?



    It's still like that

  8. #8
    Join Date
    Dec 2011
    Posts
    2,023

    Default

    Luckily, not so much problem on single-user machines.

    But hopefully Wayland is more secure.

  9. #9
    Join Date
    Sep 2011
    Posts
    234

    Default

    Quote Originally Posted by Ansla View Post
    Wailand uses DRM as well, DRI is the one specific to X. And I remember this security issues being also mentioned at the latest X.org conf, and they were supposed to be fixed, among other, by the switch to DRI3.
    a couple points to make before people get too alarmed (or at least to put this in context):

    1) this is strictly about information leaks. Not root escalation, or anything like that... I think drm and the open src drivers are at quite likely better than the closed src drivers in that regard.

    2) render-nodes and dri3 do address the guessability of other drm-master's buffers (which only effects shared buffers, ie. ones with flink names)

    3) the remaining point that Thomas is trying to make is that, some hardware there may not be isolation between different processes gpu buffers, ie. $evil_userspace could conceivable craft gpu commands to read out all your VRAM/etc. Of the top of my head, I believe intel/radeon/nouveau all support per-process pagetables to stop that, but not sure if it is on all hw generations/etc.

    If you are really paranoid, you probably want to consider not using a gpu at all (on windows or linux, opensrc drivers or (especially) closed src drivers).

    None of this is really news.

  10. #10
    Join Date
    Aug 2011
    Posts
    516

    Default

    Quote Originally Posted by LightBit View Post
    Wayland is using DRM.
    Wayland doesn't know squat about graphics; I think you're talking about Weston.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •