Tighten up AGP security. Verify that all uses of AGP are done inside

    buffers that have been allocated from AGP. This includes some new
    capable(CAP_SYS_ADMIN) checks, these functions are also protected by
    the root requirement on the IOCTL macros.