Commit d10571fc authored Aug 04, 2016 by David Herrmann Committed by Daniel Vetter Aug 25, 2016

drm: make DRI1 drivers depend on BROKEN



The legacy DRI1 drivers expose highly broken interfaces to user-space. No
modern system should enable them, or you will effectively allow user-space
to circumvent most of your kernel security measures. The DRI1 kernel APIs
are simply broken.

User-space can always use vesafb/efifb/simplefb and friends to get working
graphics.

Lets hide the old drivers behind CONFIG_BROKEN. In case they turn out to
be still used (really?), we can easily revert this and figure out a way to
move them out of sight (e.g., moving all DRI1 drivers to
drivers/gpu/dri1/).

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20160804080657.9664-2-dh.herrmann@gmail.com

parent d92d9c3a

drivers/gpu/drm/Kconfig

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -231,6 +231,7 @@ source "drivers/gpu/drm/mediatek/Kconfig"
	menuconfig DRM_LEGACY		menuconfig DRM_LEGACY
	bool "Enable legacy drivers (DANGEROUS)"		bool "Enable legacy drivers (DANGEROUS)"
	depends on DRM		depends on DRM
			depends on BROKEN
	help		help
	Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous		Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
	APIs to user-space, which can be used to circumvent access		APIs to user-space, which can be used to circumvent access