From: Thomas Zimmermann <tzimmermann@suse.de>
To: Rob Clark <robdclark@gmail.com>,
Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: Rob Clark <robdclark@chromium.org>,
open list <linux-kernel@vger.kernel.org>,
dri-devel@lists.freedesktop.org,
Gurchetan Singh <gurchetansingh@chromium.org>,
Gerd Hoffmann <kraxel@redhat.com>,
Ryan Neph <ryanneph@chromium.org>,
David Airlie <airlied@redhat.com>,
"open list:VIRTIO GPU DRIVER"
<virtualization@lists.linux-foundation.org>
Subject: Re: [PATCH v3] drm/virtio: Add option to disable KMS support
Date: Tue, 28 Feb 2023 13:34:52 +0100 [thread overview]
Message-ID: <fb70356e-4e13-1858-9e1a-e886f5918030@suse.de> (raw)
In-Reply-To: <CAF6AEGsT8_o+v0vzGu1nyh6Z82pj8FnGUdMFc0Lq+4OWoSjRBQ@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 2158 bytes --]
Hi
Am 27.02.23 um 19:15 schrieb Rob Clark:
> On Mon, Feb 27, 2023 at 9:57 AM Dmitry Osipenko
> <dmitry.osipenko@collabora.com> wrote:
>>
>> On 2/27/23 20:38, Rob Clark wrote:
>> ...
>>> + if (IS_ENABLED(CONFIG_DRM_VIRTIO_GPU_KMS)) {
>>> + /* get display info */
>>> + virtio_cread_le(vgdev->vdev, struct virtio_gpu_config,
>>> + num_scanouts, &num_scanouts);
>>> + vgdev->num_scanouts = min_t(uint32_t, num_scanouts,
>>> + VIRTIO_GPU_MAX_SCANOUTS);
>>> + if (!vgdev->num_scanouts) {
>>> + /*
>>> + * Having an EDID but no scanouts is non-sensical,
>>> + * but it is permitted to have no scanouts and no
>>> + * EDID (in which case DRIVER_MODESET and
>>> + * DRIVER_ATOMIC are not advertised)
>>> + */
>>> + if (vgdev->has_edid) {
>>> + DRM_ERROR("num_scanouts is zero\n");
>>> + ret = -EINVAL;
>>> + goto err_scanouts;
>>> + }
>>> + dev->driver_features &= ~(DRIVER_MODESET | DRIVER_ATOMIC);
>>
>> If it's now configurable by host, why do we need the
>> CONFIG_DRM_VIRTIO_GPU_KMS?
>
> Because a kernel config option makes it more obvious that
> modeset/atomic ioctls are blocked. Which makes it more obvious about
> where any potential security issues apply and where fixes need to get
> backported to. The config option is the only thing _I_ want,
> everything else is just a bonus to help other people's use-cases.
I find this very vague. What's the security thread?
And if the config option is useful, shouldn't it be DRM-wide? The
modesetting ioctl calls are shared among all drivers.
Best regards
Thomas
>
> BR,
> -R
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
next prev parent reply other threads:[~2023-02-28 12:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-27 17:38 [PATCH v3] drm/virtio: Add option to disable KMS support Rob Clark
2023-02-27 17:57 ` Dmitry Osipenko
2023-02-27 18:15 ` Rob Clark
2023-02-28 12:34 ` Thomas Zimmermann [this message]
2023-02-28 12:47 ` Thomas Zimmermann
2023-02-28 15:43 ` Rob Clark
2023-02-27 18:44 ` Dmitry Osipenko
2023-02-28 12:46 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb70356e-4e13-1858-9e1a-e886f5918030@suse.de \
--to=tzimmermann@suse.de \
--cc=airlied@redhat.com \
--cc=dmitry.osipenko@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gurchetansingh@chromium.org \
--cc=kraxel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=robdclark@chromium.org \
--cc=robdclark@gmail.com \
--cc=ryanneph@chromium.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).