1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking.org

DRM Render Nodes Published, Better Graphics Security

X.Org

Published on 18 December 2012 11:56 AM EST
Written by Michael Larabel in X.Org
Comment On This Article

A complete but experimental implementation of "render nodes" for the open-source Linux graphics stack has been published. After being discussed in months prior for advancing the Linux graphics stack to take care of some security holes, this render node implementation is slowly but surely nearing a state for merging to mainline.

There was some render node patches published earlier in the year, but not a complete implementation and a slightly different aim. In September during XDC2012 in Germany, the render nodes work was discussed again to take care of longstanding security holes within the DRM graphics stack.

The XDC2012 discussions led to an ad-hoc proposal for DRM2 with render nodes.
Improvements to the Direct Rendering Manager were proposed on Friday during XDC2012.

Kristian Høgsberg, Martin Peres, Timothée Ravier, and Daniel Vetter shared their views on what they're calling DRM2.

For the basics of what DRM2 comes down to it attempts to fix the DRM authentication policy and improve buffer sharing. One benefit for what this would allow for non-technical readers is that it would allow for GPGPU (OpenCL/Compute) support without an X.Org Server running for the graphics drivers. While no patches have yet to materialize, DRM2 would rework the "master" handling by splitting DRM master into MASTER and GEM_MASTER while allowing multiple GEM_MASTER.

DRM2 would not break user-space interfaces compared to the current driver handling today.
In late September, some of the patches were published. As Kristian Høgsberg explained, "the core problem is that DRM security is compromised in the face of VT switching and multiple DRM masters. Any local user can access all shared buffers from within any X server on the system, even when that user doesn't have access to any of those X servers."

Martin Peres has now come to the table with a complete implementation of render nodes. His patches, which he's currently requesting comments on and aren't intended to be merged immediately, touch the Linux kernel DRM, libdrm (DRM library), DRI2Proto, the X.Org Server, xf86-video-nouveau (the other DDX drivers will also need to be touched too), and Mesa.
Following to my shared talk with krh, danvet and Timothée Ravier @ XDC2012, I have actually taken the time to start fixing some security holes found in the graphics stack.

Today, I would like to request your comments on the render node patchset. Keep in mind that I am not asking for inclusion. However, I know this patchset works on my nvidia card and I would like to know if anyone has anything against this architecture.
While it depends how the comments turn out on the code and how much further work is needed before the code is polished and ready for merging, the Direct Rendering Manager changes for the kernel won't land before the Linux 3.9 kernel, the X.Org Server 1.14 merge window is closing so this isn't a candidate until X.Org Server 1.15 in H2'2013, and the Mesa changes could be done for Mesa 9.1/10.0. Simply put, this render nodes work likely isn't to become a widespread reality on the Linux desktop until at least the second half of next year.

Martin's mailing list post with links to the different Git repositories for the experimental code can be found on the dri-devel list.

About The Author
Michael Larabel is the principal author of Phoronix.com and founded the web-site in 2004 with a focus on enriching the Linux hardware experience and being the largest web-site devoted to Linux hardware reviews, particularly for products relevant to Linux gamers and enthusiasts but also commonly reviewing servers/workstations and embedded Linux devices. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics hardware drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated testing software. He can be followed via and or contacted via .
Latest Linux Hardware Reviews
  1. Rosewill RS-MI-01: An Ultra Low-Cost Mini-ITX Chassis
  2. D-Link DCS-2330L HD Wireless Network Camera
  3. Gigabyte AM1M-S2H
  4. AMD's New Athlon/Semprons Give Old Phenom CPUs A Big Run For The Money
Latest Linux Articles
  1. AMD Catalyst 14.4 Brings Few Linux Performance Improvements
  2. The Performance Of Fedora 20 Updated
  3. Clang Fights GCC On AMD's Athlon AM1 APU With Jaguar Cores
  4. Ubuntu 14.04 LTS vs. Oracle Linux vs. CentOS vs. openSUSE
Latest Linux News
  1. PC-BSD Is Developing Its Own Desktop Environment
  2. Valve Is Bringing VOGL To Windows & Working On Regression Tests
  3. Canonical Is Taking Over Linux 3.13 Kernel Maintenance
  4. Google Web Designer Is Now Natively Available On Linux
  5. Ubuntu 14.10 Is Codenamed The Utopic Unicorn
  6. Audacious 3.5 Lightweight Audio Player Released
  7. Steam Updated For Ubuntu 14.04 LTS, SteamOS
  8. DNF 0.5 Yum Replacement Now Supports Groups
  9. Red Hat Enterprise Linux 7.0 Is Looking Fantastic
  10. Intel Is Launching An Interesting Bay Trail NUC Next Week
  11. Another X.Org EVoC Proposed For OpenGL 4+ Tests
  12. The Best Features Coming With Qt 5.3
Latest Forum Discussions
  1. Linux Kernel Developers Fed Up With Ridiculous Bugs In Systemd
  2. The Most Amazing OpenGL Tech Demo In 64kb
  3. Announcing radeontop, a tool for viewing the GPU usage
  4. HTPC-upgrade advice: AMD Richland A8-7600 or Kaveri A10-6700T ???
  5. New card. Open source drivers only.
  6. The GNOME Foundation Is Running Short On Money
  7. Script for Fan Speed Control
  8. Torvalds Is Unconvinced By LTO'ing A Linux Kernel