From: Daniel Vetter <daniel@ffwll.ch>
To: Emil Velikov <emil.l.velikov@gmail.com>
Cc: dri-devel@lists.freedesktop.org
Subject: Re: [PATCH 3/3] drm: allow render capable master with DRM_AUTH ioctls
Date: Wed, 19 Dec 2018 21:34:50 +0100 [thread overview]
Message-ID: <20181219203450.GW21184@phenom.ffwll.local> (raw)
In-Reply-To: <20181219192247.29880-4-emil.l.velikov@gmail.com>
On Wed, Dec 19, 2018 at 07:22:47PM +0000, Emil Velikov wrote:
> From: Emil Velikov <emil.velikov@collabora.com>
>
> There are cases (in mesa and applications) where one would open the
> primary node without properly authenticating the client.
>
> Sometimes we don't check if the authentication succeeds, but there's
> also cases we simply forget to do it. Mesa has been fixed recently
> although, there's the question of older drivers or other apps that
> exbibit this behaviour.
Would be good to have links to mesa where these bugs are fixed (or
wherever those bugs where).
>
> To workaround this, some users resort to running their apps under sudo.
> Which admittedly isn't always a good idea.
>
> Since any DRIVER_RENDER driver has sufficient isolation between clients,
> we can use that, for unauthenticated [primary node] ioctls that require
> DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW.
>
> As an added bonus this allows us to use vgem in userspace with zero
> change to some (but not all) existing programs.
How/what/where?
> Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
> ---
> drivers/gpu/drm/drm_ioctl.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
> index 2221c8857fb0..4c775b775395 100644
> --- a/drivers/gpu/drm/drm_ioctl.c
> +++ b/drivers/gpu/drm/drm_ioctl.c
> @@ -521,13 +521,17 @@ int drm_version(struct drm_device *dev, void *data,
> */
> int drm_ioctl_permit(u32 flags, struct drm_file *file_priv)
> {
> + const struct drm_device *dev = file_priv->minor->dev;
> +
> /* ROOT_ONLY is only for CAP_SYS_ADMIN */
> if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)))
> return -EACCES;
>
> - /* AUTH is only for authenticated or render client */
> + /* AUTH is only for authenticated/render capable master or render client */
> if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) &&
> - !file_priv->authenticated))
> + !file_priv->authenticated &&
> + !(drm_core_check_feature(dev, DRIVER_RENDER) &&
> + (flags & DRM_RENDER_ALLOW))))
Gets a bit unreadable but looks correct.
With the commit message improved (since this is new uapi, so needs those
pesky userspace links):
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> return -EACCES;
>
> /* MASTER is only for master or control clients */
> --
> 2.19.2
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2018-12-19 20:34 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-19 19:22 [PATCH 0/3] drm: tweak permission handling Emil Velikov
2018-12-19 19:22 ` [PATCH 1/3] drm: change DROP_MASTER permissions to allow DRM_MASTER Emil Velikov
2018-12-19 20:36 ` Daniel Vetter
2018-12-20 13:50 ` Emil Velikov
2018-12-20 14:45 ` Daniel Vetter
2018-12-20 19:09 ` Emil Velikov
2018-12-19 19:22 ` [PATCH 2/3] drm: annotate drm_core_check_feature() dev arg. as const Emil Velikov
2018-12-19 20:35 ` Daniel Vetter
2018-12-19 19:22 ` [PATCH 3/3] drm: allow render capable master with DRM_AUTH ioctls Emil Velikov
2018-12-19 20:34 ` Daniel Vetter [this message]
2018-12-20 15:16 ` Emil Velikov
2018-12-20 15:34 ` Daniel Vetter
2018-12-19 20:30 ` [PATCH 0/3] drm: tweak permission handling Daniel Vetter
2018-12-19 20:37 ` Daniel Vetter
2018-12-20 12:56 ` Emil Velikov
2018-12-20 14:43 ` Daniel Vetter
2019-07-03 13:31 [PATCH 1/3] drm/vmwgfx: check master authentication in surface_ref ioctls Emil Velikov
2019-07-03 13:31 ` [PATCH 3/3] drm: allow render capable master with DRM_AUTH ioctls Emil Velikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181219203450.GW21184@phenom.ffwll.local \
--to=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=emil.l.velikov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.