svn commit: r320827 - head/sys/dev/drm
Alexander Leidinger
netchild at FreeBSD.org
Sun Jul 9 06:50:16 UTC 2017
Author: netchild
Date: Sun Jul 9 06:50:15 2017
New Revision: 320827
URL: https://svnweb.freebsd.org/changeset/base/320827
Log:
Switch prison check from PROV_DRIVER to PRIV_KMEM_WRITE (like /dev/mem).
Access to the dri device gives effectively access to the entire memory of the machine (you can program
the graphic card to do DMA).
For current/stable/release this is a NOP, as access to memory is not allowed in a jail. This puts the dri
device into the same (in)security class than /dev/mem for future use.
Discussed with: anholt(?) several years ago
Sponsored by: Hackathon Essen 2017
Modified:
head/sys/dev/drm/drmP.h
Modified: head/sys/dev/drm/drmP.h
==============================================================================
--- head/sys/dev/drm/drmP.h Sun Jul 9 06:40:16 2017 (r320826)
+++ head/sys/dev/drm/drmP.h Sun Jul 9 06:50:15 2017 (r320827)
@@ -220,7 +220,7 @@ enum {
#define PAGE_ALIGN(addr) round_page(addr)
/* DRM_SUSER returns true if the user is superuser */
-#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
+#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0)
#define DRM_AGP_FIND_DEVICE() agp_find_device()
#define DRM_MTRR_WC MDF_WRITECOMBINE
#define jiffies ticks
More information about the svn-src-all
mailing list