17-19 October 2023
Palexco
Europe/Madrid timezone

Defense in Depth: Isolating mesa from the kernel

18 Oct 2023, 15:15
20m
Palexco

Palexco

Muelle de Trasatlánticos, s/n, 15003 A Coruña, A Coruña, Spain
Talk (half slot) Main Track

Speaker

Rob Clark (Google)

Description

In the context of a web browser, GL and Vulkan drivers are exposed to hostile content, in the form of webgl and webgpu. In the case of Vulkan, the spec explicitly declares that invalid usage is undefined behavior. But even for a GL driver it isn't so hard to find a way to trigger a potentially exploitable crash. The browser can sandbox the usermode gl/vk driver (UMD) into it's own process with limited privileges. But the UMD still needs access the drm kernel driver (KMD).

Or does it? Building on, and re-using, the drm native-context approach for running native UMD in a VM guest, tunneling the interface to host KMD over virtgpu, we can split kernel access into a hardened helper process with minimal performance penalty. In this way, if (when) an attacker achieves code execution in the UMD, they do not have a clear path to chain that exploit with a kernel bug to achieve code execution in the kernel.

Code of Conduct Yes
In-person or virtual presentation In-person
GSoC, EVoC or Outreachy No

Primary author

Rob Clark (Google)

Presentation Materials

2024 Platinum Sponsor
Collabora
2024 Gold Sponsors
Arm
Google
Microsoft
NVIDIA
2024 Silver Sponsors
AMD
FEX-Emu
Igalia
Qualcomm
The Linux Foundation
2024 Bronze Sponsors
CodeWeavers
Khronos Group
Libre Computer