dri-devel.lists.freedesktop.org archive mirror
 help / color / mirror / Atom feed
From: Thomas Zimmermann <tzimmermann@suse.de>
To: Rob Clark <robdclark@gmail.com>,
	Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: Rob Clark <robdclark@chromium.org>,
	open list <linux-kernel@vger.kernel.org>,
	dri-devel@lists.freedesktop.org,
	Gurchetan Singh <gurchetansingh@chromium.org>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Ryan Neph <ryanneph@chromium.org>,
	David Airlie <airlied@redhat.com>,
	"open list:VIRTIO GPU DRIVER"
	<virtualization@lists.linux-foundation.org>
Subject: Re: [PATCH v3] drm/virtio: Add option to disable KMS support
Date: Tue, 28 Feb 2023 13:34:52 +0100	[thread overview]
Message-ID: <fb70356e-4e13-1858-9e1a-e886f5918030@suse.de> (raw)
In-Reply-To: <CAF6AEGsT8_o+v0vzGu1nyh6Z82pj8FnGUdMFc0Lq+4OWoSjRBQ@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 2158 bytes --]

Hi

Am 27.02.23 um 19:15 schrieb Rob Clark:
> On Mon, Feb 27, 2023 at 9:57 AM Dmitry Osipenko
> <dmitry.osipenko@collabora.com> wrote:
>>
>> On 2/27/23 20:38, Rob Clark wrote:
>> ...
>>> +     if (IS_ENABLED(CONFIG_DRM_VIRTIO_GPU_KMS)) {
>>> +             /* get display info */
>>> +             virtio_cread_le(vgdev->vdev, struct virtio_gpu_config,
>>> +                             num_scanouts, &num_scanouts);
>>> +             vgdev->num_scanouts = min_t(uint32_t, num_scanouts,
>>> +                                         VIRTIO_GPU_MAX_SCANOUTS);
>>> +             if (!vgdev->num_scanouts) {
>>> +                     /*
>>> +                      * Having an EDID but no scanouts is non-sensical,
>>> +                      * but it is permitted to have no scanouts and no
>>> +                      * EDID (in which case DRIVER_MODESET and
>>> +                      * DRIVER_ATOMIC are not advertised)
>>> +                      */
>>> +                     if (vgdev->has_edid) {
>>> +                             DRM_ERROR("num_scanouts is zero\n");
>>> +                             ret = -EINVAL;
>>> +                             goto err_scanouts;
>>> +                     }
>>> +                     dev->driver_features &= ~(DRIVER_MODESET | DRIVER_ATOMIC);
>>
>> If it's now configurable by host, why do we need the
>> CONFIG_DRM_VIRTIO_GPU_KMS?
> 
> Because a kernel config option makes it more obvious that
> modeset/atomic ioctls are blocked.  Which makes it more obvious about
> where any potential security issues apply and where fixes need to get
> backported to.  The config option is the only thing _I_ want,
> everything else is just a bonus to help other people's use-cases.

I find this very vague. What's the security thread?

And if the config option is useful, shouldn't it be DRM-wide? The 
modesetting ioctl calls are shared among all drivers.

Best regards
Thomas

> 
> BR,
> -R

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

  reply	other threads:[~2023-02-28 12:35 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-27 17:38 [PATCH v3] drm/virtio: Add option to disable KMS support Rob Clark
2023-02-27 17:57 ` Dmitry Osipenko
2023-02-27 18:15   ` Rob Clark
2023-02-28 12:34     ` Thomas Zimmermann [this message]
2023-02-28 12:47       ` Thomas Zimmermann
2023-02-28 15:43       ` Rob Clark
2023-02-27 18:44 ` Dmitry Osipenko
2023-02-28 12:46 ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fb70356e-4e13-1858-9e1a-e886f5918030@suse.de \
    --to=tzimmermann@suse.de \
    --cc=airlied@redhat.com \
    --cc=dmitry.osipenko@collabora.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=gurchetansingh@chromium.org \
    --cc=kraxel@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=robdclark@chromium.org \
    --cc=robdclark@gmail.com \
    --cc=ryanneph@chromium.org \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).