Date: Sun, 9 Jul 2017 06:50:15 +0000 (UTC) From: Alexander Leidinger <netchild@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r320827 - head/sys/dev/drm Message-ID: <201707090650.v696oFW5040443@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: netchild Date: Sun Jul 9 06:50:15 2017 New Revision: 320827 URL: https://svnweb.freebsd.org/changeset/base/320827 Log: Switch prison check from PROV_DRIVER to PRIV_KMEM_WRITE (like /dev/mem). Access to the dri device gives effectively access to the entire memory of the machine (you can program the graphic card to do DMA). For current/stable/release this is a NOP, as access to memory is not allowed in a jail. This puts the dri device into the same (in)security class than /dev/mem for future use. Discussed with: anholt(?) several years ago Sponsored by: Hackathon Essen 2017 Modified: head/sys/dev/drm/drmP.h Modified: head/sys/dev/drm/drmP.h ============================================================================== --- head/sys/dev/drm/drmP.h Sun Jul 9 06:40:16 2017 (r320826) +++ head/sys/dev/drm/drmP.h Sun Jul 9 06:50:15 2017 (r320827) @@ -220,7 +220,7 @@ enum { #define PAGE_ALIGN(addr) round_page(addr) /* DRM_SUSER returns true if the user is superuser */ -#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0) +#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0) #define DRM_AGP_FIND_DEVICE() agp_find_device() #define DRM_MTRR_WC MDF_WRITECOMBINE #define jiffies ticks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707090650.v696oFW5040443>