I'm currently trying to evaluate the security concept of the various OpenGL implementations and GPU drivers on Android, as compared to the Linux DRI/DRM infrastructure.
How does the system guarantee that an application can only access its own address space when submitting commands to the GPU?Since the drivers seem to mainly reside in the user space as shared libraries, I suppose that there can't be any verification of the command buffers, which is how it is done in the DRM in the mainline Linux kernel.
My guess is that this is done in hardware with an IOMMU on the platforms that support it. Is that correct? And what happens on systems that don't have an IOMMU, or is that a requirement for Android?