On Wed, Dec 19, 2018 at 07:22:47PM +0000, Emil Velikov wrote: > From: Emil Velikov <[email protected]> > > There are cases (in mesa and applications) where one would open the > primary node without properly authenticating the client. > > Sometimes we don't check if the authentication succeeds, but there's > also cases we simply forget to do it. Mesa has been fixed recently > although, there's the question of older drivers or other apps that > exbibit this behaviour.
Would be good to have links to mesa where these bugs are fixed (or wherever those bugs where). > > To workaround this, some users resort to running their apps under sudo. > Which admittedly isn't always a good idea. > > Since any DRIVER_RENDER driver has sufficient isolation between clients, > we can use that, for unauthenticated [primary node] ioctls that require > DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. > > As an added bonus this allows us to use vgem in userspace with zero > change to some (but not all) existing programs. How/what/where? > Signed-off-by: Emil Velikov <[email protected]> > --- > drivers/gpu/drm/drm_ioctl.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c > index 2221c8857fb0..4c775b775395 100644 > --- a/drivers/gpu/drm/drm_ioctl.c > +++ b/drivers/gpu/drm/drm_ioctl.c > @@ -521,13 +521,17 @@ int drm_version(struct drm_device *dev, void *data, > */ > int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) > { > + const struct drm_device *dev = file_priv->minor->dev; > + > /* ROOT_ONLY is only for CAP_SYS_ADMIN */ > if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) > return -EACCES; > > - /* AUTH is only for authenticated or render client */ > + /* AUTH is only for authenticated/render capable master or render > client */ > if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && > - !file_priv->authenticated)) > + !file_priv->authenticated && > + !(drm_core_check_feature(dev, DRIVER_RENDER) && > + (flags & DRM_RENDER_ALLOW)))) Gets a bit unreadable but looks correct. With the commit message improved (since this is new uapi, so needs those pesky userspace links): Reviewed-by: Daniel Vetter <[email protected]> > return -EACCES; > > /* MASTER is only for master or control clients */ > -- > 2.19.2 > > _______________________________________________ > dri-devel mailing list > [email protected] > https://lists.freedesktop.org/mailman/listinfo/dri-devel -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ dri-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/dri-devel
