> On 15 Samh 2016, at 09:44, Emil Velikov <[email protected]> wrote: > > On 15 November 2016 at 15:42, David Herrmann <[email protected] > <mailto:[email protected]>> wrote: >> Hi >> >> On Tue, Nov 15, 2016 at 4:24 PM, Emil Velikov <[email protected] >> <mailto:[email protected]>> wrote: >>> If we do not use a render node we must authenticate. Doing the extra >>> GetClient calls/ioctls does not help much, so don't bother. >>> >>> Cc: David Herrmann <[email protected]> >>> Cc: Daniel Vetter <[email protected]> >>> Signed-off-by: Emil Velikov <[email protected]> >>> --- >>> David, Daniel, I believe things are perfectly reasonable on kernel side. >>> If not please shout. >>> --- >>> va/drm/va_drm.c | 8 ++------ >>> va/drm/va_drm_auth.c | 35 ----------------------------------- >>> va/drm/va_drm_auth.h | 4 ---- >>> 3 files changed, 2 insertions(+), 45 deletions(-) >>> >>> diff --git a/va/drm/va_drm.c b/va/drm/va_drm.c >>> index 08071cf..59e33fa 100644 >>> --- a/va/drm/va_drm.c >>> +++ b/va/drm/va_drm.c >>> @@ -74,12 +74,8 @@ va_DisplayContextGetDriverName( >>> if (ret < 0) >>> return VA_STATUS_ERROR_OPERATION_FAILED; >>> >>> - if (!va_drm_is_authenticated(drm_state->fd)) { >>> - if (!va_drm_authenticate(drm_state->fd, magic)) >>> - return VA_STATUS_ERROR_OPERATION_FAILED; >>> - if (!va_drm_is_authenticated(drm_state->fd)) >>> - return VA_STATUS_ERROR_OPERATION_FAILED; >>> - } >>> + if (!va_drm_authenticate(drm_state->fd, magic)) >>> + return VA_STATUS_ERROR_OPERATION_FAILED; >> >> va_drm_authenticate() on native DRM returns EINVAL (via >> drmAuthMagic()) if already authenticated. Hence, this solution only >> works if you can guarantee that @drm_state->fd is not already >> authenticated. >> >> I don't know the VA internals, so cannot see whether this matters. >> > The API (vaGetDisplayDRM) isn't explicit if the device has to be auth. > yet I'm leaning towards no. Not to mention that every user of vaapi > [that I know of] does not do auth.
Indeed the intent has been to allow vaGetDisplayDRM() to accept DRM Render-Nodes bypassing authentication to facilitate headless or remote based modes, e.g., ssh remotely with no auth on system display. We really don’t do auth at all. Auth has always been a byproduct of what ever backend we needed to support, or work around, e.g., Android. I’m inclined to be okay with this patch. Thanks, Sean > On the libva side, it's done once during vaInitialize and only when > using the DRM display (vaGetDisplayDRM). > > -Emil > _______________________________________________ > Libva mailing list > [email protected] <mailto:[email protected]> > https://lists.freedesktop.org/mailman/listinfo/libva > <https://lists.freedesktop.org/mailman/listinfo/libva>
_______________________________________________ Libva mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libva
