On Mon, Nov 30, 2015 at 04:44:21AM -0800, Thomas Hellstrom wrote:
> A client calling drmSetMaster() using a file descriptor that was opened
> when another client was master would inherit the latter client's master
> object and all it's authenticated clients.
>
> This is unwanted behaviour, and when this happens, instead allocate a
> brand new master object for the client calling drmSetMaster().
>
> Signed-off-by: Thomas Hellstrom <thellstrom at vmware.com>
Imo makes sense. It would be great to have a testcase for this, and for
non-kms stuff igt now has support for generic testcases that can be run on
any driver. See for example intel-gpu-tools/tests/core_get_auth_client.c.
I or Daniel Stone can help out (on irc or mail) with that.
-Daniel
> ---
> drivers/gpu/drm/drm_drv.c | 12 +++++++
> drivers/gpu/drm/drm_fops.c | 80
> ++++++++++++++++++++++++++++++----------------
> include/drm/drmP.h | 6 ++++
> 3 files changed, 70 insertions(+), 28 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
> index 9362609..1f072ba 100644
> --- a/drivers/gpu/drm/drm_drv.c
> +++ b/drivers/gpu/drm/drm_drv.c
> @@ -160,6 +160,18 @@ int drm_setmaster_ioctl(struct drm_device *dev, void
> *data,
> goto out_unlock;
> }
>
> + if (!file_priv->allowed_master) {
> + struct drm_master *saved_master = file_priv->master;
> +
> + ret = drm_new_set_master(dev, file_priv);
> + if (ret)
> + file_priv->master = saved_master;
> + else
> + drm_master_put(&saved_master);
> +
> + goto out_unlock;
> + }
> +
> file_priv->minor->master = drm_master_get(file_priv->master);
> file_priv->is_master = 1;
> if (dev->driver->master_set) {
> diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
> index c59ce4d..4b5c11c 100644
> --- a/drivers/gpu/drm/drm_fops.c
> +++ b/drivers/gpu/drm/drm_fops.c
> @@ -126,6 +126,56 @@ static int drm_cpu_valid(void)
> }
>
> /**
> + * drm_new_set_master - Allocate a new master object and become master for
> the
> + * associated master realm.
> + *
> + * @dev: The associated device.
> + * @fpriv: File private identifying the client.
> + *
> + * This function must be called with dev::struct_mutex held. Returns negative
> + * error code on failure, zero on success.
> + */
> +int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv)
> +{
> + int ret;
> +
> + lockdep_assert_held_once(&dev->master_mutex);
> + /* create a new master */
> + fpriv->minor->master = drm_master_create(fpriv->minor);
> + if (!fpriv->minor->master)
> + return -ENOMEM;
> +
> + fpriv->is_master = 1;
> + fpriv->allowed_master = 1;
> +
> + /* take another reference for the copy in the local file priv */
> + fpriv->master = drm_master_get(fpriv->minor->master);
> +
> + fpriv->authenticated = 1;
> +
> + if (dev->driver->master_create) {
> + ret = dev->driver->master_create(dev, fpriv->master);
> + if (ret) {
> + /* drop both references if this fails */
> + drm_master_put(&fpriv->minor->master);
> + drm_master_put(&fpriv->master);
> + return ret;
> + }
> + }
> + if (dev->driver->master_set) {
> + ret = dev->driver->master_set(dev, fpriv, true);
> + if (ret) {
> + /* drop both references if this fails */
> + drm_master_put(&fpriv->minor->master);
> + drm_master_put(&fpriv->master);
> + return ret;
> + }
> + }
> +
> + return 0;
> +}
> +
> +/**
> * Called whenever a process opens /dev/drm.
> *
> * \param filp file pointer.
> @@ -189,35 +239,9 @@ static int drm_open_helper(struct file *filp, struct
> drm_minor *minor)
> mutex_lock(&dev->master_mutex);
> if (drm_is_primary_client(priv) && !priv->minor->master) {
> /* create a new master */
> - priv->minor->master = drm_master_create(priv->minor);
> - if (!priv->minor->master) {
> - ret = -ENOMEM;
> + ret = drm_new_set_master(dev, priv);
> + if (ret)
> goto out_close;
> - }
> -
> - priv->is_master = 1;
> - /* take another reference for the copy in the local file priv */
> - priv->master = drm_master_get(priv->minor->master);
> - priv->authenticated = 1;
> -
> - if (dev->driver->master_create) {
> - ret = dev->driver->master_create(dev, priv->master);
> - if (ret) {
> - /* drop both references if this fails */
> - drm_master_put(&priv->minor->master);
> - drm_master_put(&priv->master);
> - goto out_close;
> - }
> - }
> - if (dev->driver->master_set) {
> - ret = dev->driver->master_set(dev, priv, true);
> - if (ret) {
> - /* drop both references if this fails */
> - drm_master_put(&priv->minor->master);
> - drm_master_put(&priv->master);
> - goto out_close;
> - }
> - }
> } else if (drm_is_primary_client(priv)) {
> /* get a reference to the master */
> priv->master = drm_master_get(priv->minor->master);
> diff --git a/include/drm/drmP.h b/include/drm/drmP.h
> index 0b921ae..566b59e 100644
> --- a/include/drm/drmP.h
> +++ b/include/drm/drmP.h
> @@ -309,6 +309,11 @@ struct drm_file {
> unsigned universal_planes:1;
> /* true if client understands atomic properties */
> unsigned atomic:1;
> + /*
> + * This client is allowed to gain master privileges for @master.
> + * Protected by struct drm_device::master_mutex.
> + */
> + unsigned allowed_master:1;
>
> struct pid *pid;
> kuid_t uid;
> @@ -910,6 +915,7 @@ extern int drm_open(struct inode *inode, struct file
> *filp);
> extern ssize_t drm_read(struct file *filp, char __user *buffer,
> size_t count, loff_t *offset);
> extern int drm_release(struct inode *inode, struct file *filp);
> +extern int drm_new_set_master(struct drm_device *dev, struct drm_file
> *fpriv);
>
> /* Mapping support (drm_vm.h) */
> extern unsigned int drm_poll(struct file *filp, struct poll_table_struct
> *wait);
> --
> 2.5.0
>
> _______________________________________________
> dri-devel mailing list
> dri-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
