> On Mar 28, Marek Habersack wrote:
>
> > > CLI/STI and stuff. IOPL < CPL means that the I/O permission bitmap is
> > > consulted, and CLI/STI trap.
> > And that's the sane situation - as long the bitmap is used, the kernel is
> > safe.
>
> but you'd need a huge bitmap for 64k ports for many (not too recent) cards
> because of the great sparse IBM 8514A register layout:(
Well, that's the price you pay for security. And it isn't very high today.
> and in/out instructions take quite a few more cycles for every bitmap access.
That's also not a very big problem with today's hardware. The register access
would be limited to two areas: a) mode setting - this doesn't have to be fast
at all as it is done very rarely, b) accel regs acces - this can be sped up by
queuing the accel requests (a'la Win32 GDI batching) and "flushing" the
complete job to the kernel all at once. Provided that the kernel provides the
accelerator interface, there's almost no speed penalty.
> and this all won't protect your system from graphics chips going cracy and
> locking up e.g. the PCI bus due to bad values in correct registers
> (not an uncommon problem at least for S3 chip;)
That's right, but nothing's perfect - at the least you've got one problem
solved - no setuid root graphics apps.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu