On 20.06.2016 20:06, Frank Binns wrote: > On 20/06/16 10:48, Michel Dänzer wrote: >> On 18.06.2016 02:41, Frank Binns wrote: >>> Up until now, DRI3 was only used for devices that have render nodes, >>> unless >>> overridden via an environment variable, with it falling back to DRI2 >>> otherwise. >>> This limitation was there in order to support WL_bind_wayland_display >>> as it >>> requires client opened device node fds to be authenticated, which >>> isn't possible >>> when using DRI3. This is an unfortunate compromise as DRI3 provides >>> security >>> benefits over DRI2. >> What exactly is it that works with render nodes but not with >> unauthenticated non-render nodes? Isn't that a kernel bug? > > The problem isn't that something doesn't work with unauthenticated > non-render nodes (wouldn't that be the kernel bug?) but that if a > client opens the primary/legacy node it needs the resulting fd to > be authenticated, which isn't supported by the X11 DRI3 protocol.
Authentication is required for using certain ioctls of non-render nodes. It sounds like some ioctls are allowed to be used with render nodes but not with unauthenticated non-render nodes, which seems like a kernel bug — why would an ioctl be safe to use without authentication via a render node but not via a non-render node? So, which ioctls required by WL_bind_wayland_display don't work with an unauthenticated non-render node? -- Earthling Michel Dänzer | http://www.amd.com Libre software enthusiast | Mesa and X developer _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
