X Window System aperture
On the alpha, amd64, i386, macppc, and sparc64 architectures, the /dev/xf86 driver provides access to the memory and I/O ports of a VGA board and to the PCI configuration registers for use by the X servers when running with a kernel security level greater than 0.
The X servers require the use of this driver for isa(4) or pci(4) video cards on alpha, amd64, i386, macppc, and sparc64.
Access to the /dev/xf86 device is allowed when the sysctl(8) variable machdep.allowaperture is greater than or equal to 1. This variable (which has a default value of 0) can only be raised when the security level is less than or equal to 0, so it should be set in /etc/sysctl.conf. The possible values for machdep.allowaperture are:
- the aperture driver is disabled. Opening it returns
- the aperture driver allows access to standard VGA framebuffer and BIOS. Access to pci(4) configuration registers is also allowed.
- in addition to allowing access to pci(4) configuration registers, the aperture driver allows access to the whole first megabyte of physical memory, permitting use of the int10 emulation in X.Org 6.8 and later. Note that this can cause some security problems, since the process that has access to the aperture driver can also access part of the kernel memory. This mode is not supported on alpha or sparc64.
- the aperture driver allows multiple processes to concurrently access pci(4) configuration registers and the whole first megabyte of physical memory.
Xorg(1), options(4), pci(4), sysctl.conf(5), securelevel(7), config(8), sysctl(8)
/dev/xf86 was integrated as an in-kernel device on OpenBSD 2.3. It is required in order to allow access to I/O ports for all X servers since OpenBSD 2.4.
The aperture driver was written by Matthieu Herrb.
This driver allows access to all addresses above physmem. It should be restricted to the actual address range of the video memory.