-
由 Jerome Glisse 提交于
This patch add cs checker to r600/r700 hw. Command stream checking will rewrite some of the cs value in order to restrict GPU access to BO size. This doesn't break old userspace but just enforce safe value. It should break any things that was using the r600/r700 cs ioctl to do forbidden things (malicious software), though we are not aware of such things. Here is the list of thing we check : - enforcing resource size - enforcing color buffer slice tile max, will restrict cb access - enforcing db buffer slice tile max, will restrict db access We don't check for shader bigger than the BO in which they are supposed to be, such use would lead to GPU lockup and is harmless from security POV, as far as we can tell (note that even checking for this wouldn't prevent someone to write bogus shader that lead to lockup). This patch has received as much testing as humanly possible with old userspace to check that it didn't break such configuration. However not all the applications out there were tested, thus it might broke some odd, rare applications. [airlied: fix rules for cs checker for parallel builds] Signed-off-by: NJerome Glisse <jglisse@redhat.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
961fb597