FS#72128 - [linux] Add kernel config flag CONFIG_DRM_LEGACY

Attached to Project: Arch Linux
Opened by taz (taz) - Tuesday, 14 September 2021, 11:24 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 19 September 2021, 15:01 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Please add this CONFIG to the default kernel build. Since kernel 5.14, this option is needed when a video driver is using the legacy drm_agp_* functions. In particular, the aur package nvidia-340xx is currently broken and in need of this option to be set in order to be updated for the >= 5.14 kernels.

for a bit more detailed discussion on the issue : https://gitlab.com/taz007/nvidia-340xx/-/merge_requests/1#notes

Additional info:
linux >= 5.14.*
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Sunday, 19 September 2021, 15:01 GMT
Reason for closing:  Won't implement
Comment by Levente Polyak (anthraxx) - Tuesday, 14 September 2021, 12:04 GMT
Those drivers expose unsafe and dangerous APIs to user-space, which can be used to circumvent access restrictions and other security measures. For backwards compatibility those drivers are still available, but their use is highly inadvisable and might harm your system.

You are recommended to use the safe modeset-only drivers instead, and perform 3D emulation in user-space.

Unless you have strong reasons to go rogue, say "N".


This is what upstream says itself about this config. so i object to enabling it.
Comment by taz (taz) - Tuesday, 14 September 2021, 20:02 GMT
Yes I feared that answer. I'm not sure if the possible security issues are within the legacy drm, or within the actual video drivers. If it's the former case it's understandable to not enable it by default. But if it's within the video drivers, then just enabling the CONFIG_DRM_LEGACY should not hurt, provided there are no drivers compiled by default using that legacy framework. That would let the choice to the user who really wants/needs to use one of those legacy drivers to still do so, without requiring to recompile its own complete kernel.

Im not an expert at all regarding that topic. I'm trying to find the best solution on how to keep those(one in particular in fact) legacy drm drivers working.
Comment by Levente Polyak (anthraxx) - Tuesday, 14 September 2021, 22:49 GMT
it is basically the design of those legacy drm api's and how they interact with user space. "just" enabling that config without any in-tree drivers will still result in a lot of general purpose drm structs to expose additional data and pointers plus a multitude of registered ioctl functions. The attack surface needs to simply be cut out to leverage any real advantage from freeing the subsystem of that functionality.

My humble opinion: Your best shot will be to remain on linux-lts until the next tls tree is declared and then potentially maintain a repository for people that are in need of such a kernel.
Comment by taz (taz) - Wednesday, 15 September 2021, 12:44 GMT
Ok, a separate repo will probably be what's going to happen. This issue can be closed I think. Thanks for the quick replies.

Loading...