Message ID | 20230605144812.15241-1-tzimmermann@suse.de (mailing list archive) |
---|---|
Headers | show |
Series | fbdev: Make userspace interfaces optional | expand |
Hi Thomas, Thanks for your series! Over the past few days, I have been giving this some thought, that's why I am replying only now... On Mon, Jun 5, 2023 at 4:48 PM Thomas Zimmermann <tzimmermann@suse.de> wrote: > Add the new config option FB_DEVICE. If enabled, fbdev provides > traditional userspace interfaces in devfs, sysfs and procfs, such > as /dev/fb0 or /proc/fb. > > Modern Linux distrobutions have adopted DRM drivers for graphics > output and use fbdev only for the kernel's framebuffer console. > Userspace has also moved on, with no new fbdev code being written > and existing support being removed. > > OTOH, fbdev provides userspace a way of accessing kernel or I/O > memory, which might compromise the system's security. See the recent True, in some form... The amount of "kernel memory" that can be accessed is controlled by the fbdev driver (or by the DRM fbdev emulation). Nothing unsafe here. The I/O memory that can be accessed (if any) is controlled by the fbdev driver, and the full capabilities (e.g. DMA to random addresses) exported depend on the actual hardware. > commit c8687694bb1f ("drm/fbdev-generic: prohibit potential > out-of-bounds access") for an example. Disabling fbdev userspace IMHO that's not a good example for the point you're trying to make, but merely bad bounds checking in kernel copying code... > interfaces is therefore a useful feature to limit unecessary > exposure of fbdev code to processes of low privilegues. This actually depends on the permissions on /dev/fb*... BTW, I am wondering if it would be possible to write a DRM emulation layer on top of (basic, e.g. no MMIO, just fb) fbdev? Gr{oetje,eeting}s, Geert
Am 07.06.23 um 14:06 schrieb Markus Elfring: >> Modern Linux distrobutions have adopted DRM drivers for graphics >> output and use fbdev only for the kernel's framebuffer console. > > Would you like to avoid a typo in subsequent cover letters? Ha! It says 'distrobutions'. > > Regards, > Markus
Hi Am 07.06.23 um 10:35 schrieb Geert Uytterhoeven: [...] > > BTW, I am wondering if it would be possible to write a DRM emulation > layer on top of (basic, e.g. no MMIO, just fb) fbdev? That exists, sort of. I first posted it here: https://patchwork.freedesktop.org/series/58569/ and it has later been transformed into these conversion helpers that I have somewhere on gitlab. Best regards Thomas > > Gr{oetje,eeting}s, > > Geert >