From: Rob Clark <robdclark@gmail.com>
To: Rob Clark <robdclark@gmail.com>,
Jilai Wang <jilaiw@codeaurora.org>,
linux-arm-msm <linux-arm-msm@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>
Subject: Re: [PATCH 2/3] drm:msm: Initial Add Writeback Support (V2)
Date: Tue, 25 Aug 2015 15:11:12 -0400 [thread overview]
Message-ID: <CAF6AEGvzkU=1rrSo6W4K0Bg9YZ=Lx_U=gtx_WSWawAYO-Q9bzA@mail.gmail.com> (raw)
In-Reply-To: <20150825070523.GH20434@phenom.ffwll.local>
On Tue, Aug 25, 2015 at 3:05 AM, Daniel Vetter <daniel@ffwll.ch> wrote:
> On Wed, Aug 19, 2015 at 03:00:04PM -0400, Rob Clark wrote:
>> On Tue, Apr 7, 2015 at 2:09 PM, Jilai Wang <jilaiw@codeaurora.org> wrote:
>> So one thing that I wanted sorting out before we let userspace see
>> streaming writeback (where I do think v4l is the right interface), is
>> a way to deal w/ permissions/security.. Ie. only the kms master
>> should control access to writeback. Ie. an process that the
>> compositor isn't aware of / doesn't trust, should not be able to open
>> the v4l device and start snooping on the screen contents. And I don't
>> think just file permissions in /dev is sufficient. You likely don't
>> want to run your helper process doing video encode and streaming as a
>> privilaged user.
>>
>> One way to handle this would be some sort of dri2 style
>> getmagic/authmagic sort of interface between the drm/kms master, and
>> v4l device, to unlock streaming. But that is kind of passe. Fd
>> passing is the fashionable thing now. So instead we could use a dummy
>> v4l2_file_opererations::open() which always returns an error. So v4l
>> device shows up in /dev.. but no userspace can open it. And instead,
>> the way to get a fd for the v4l dev would be via a drm/kms ioctl (with
>> DRM_MASTER flag set). Once compositor gets the fd, it can use fd
>> passing, if needed, to hand it off to a helper process, etc.
>>
>> (probably use something like alloc_file() to get the 'struct file *',
>> then call directly into v4l2_fh_open(), and then get_unused_fd_flags()
>> + fd_install() to get fd to return to userspace)
>
> Just following up here, but consensus from the lpc track is that we don't
> need this as long as writeback is something which needs a specific action
> to initiate. I.e. if we have a separate writeback connector which won't
> grab any frames at all as long as it's disconnected we should be fine. Wrt
> session handling that's something which would need to be fixed between
> v4l and logind (or whatever).
Was that consensus? I agree that something should initiate writeback
from the kms side of things. But if we don't have *something* to
ensure whatever is on the other end of writeback is who we think it
is, it seems at least racy..
> In general I don't like hand-rolling our own proprietary v4l-open process,
> it means that all the existing v4l test&dev tooling must be changed, even
> when you're root.
well, I know that, for example, gst v4l2src allows you to pass in an
already opened v4l dev fd, which fits in pretty well with what I
propose. The alternative, I think, is a dri2 style auth handshake
between drm/kms and v4l, which I am less thrilled about.
I would have to *assume* that userspace is at least prepared to deal
with -EPERM when it tries to open a device.. at least more so than
special auth ioctl sequence.
BR,
-R
> -Daniel
> --
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch
next prev parent reply other threads:[~2015-08-25 19:11 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-01 21:12 [PATCH 2/3] drm:msm: Initial Add Writeback Support Jilai Wang
2015-04-02 9:40 ` Paul Bolle
2015-04-02 17:58 ` jilaiw
2015-04-02 18:24 ` Paul Bolle
2015-04-02 18:42 ` Rob Clark
2015-04-02 18:54 ` jilaiw
2015-04-02 18:54 ` jilaiw
2015-04-02 11:48 ` Emil Velikov
2015-04-02 18:07 ` jilaiw
2015-04-02 18:19 ` Rob Clark
2015-04-02 22:29 ` Emil Velikov
2015-04-02 14:29 ` Rob Clark
2015-04-07 5:59 ` Daniel Vetter
2015-04-07 15:55 ` jilaiw
2015-04-07 18:09 ` [PATCH 2/3] drm:msm: Initial Add Writeback Support (V2) Jilai Wang
2015-08-19 19:00 ` Rob Clark
2015-08-25 7:05 ` Daniel Vetter
2015-08-25 19:11 ` Rob Clark [this message]
2015-08-26 12:06 ` Daniel Vetter
2015-04-08 8:07 ` [PATCH 2/3] drm:msm: Initial Add Writeback Support Daniel Vetter
2015-04-08 14:40 ` jilaiw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAF6AEGvzkU=1rrSo6W4K0Bg9YZ=Lx_U=gtx_WSWawAYO-Q9bzA@mail.gmail.com' \
--to=robdclark@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=jilaiw@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).