On 21.06.2016 18:49, Emil Velikov wrote: > On 21 June 2016 at 07:39, Michel Dänzer <mic...@daenzer.net> wrote: >> On 21.06.2016 15:24, Axel Davy wrote: >>> On 21/06/2016 01:26, Michel Dänzer wrote: >>>> On 20.06.2016 20:06, Frank Binns wrote: >>>>> On 20/06/16 10:48, Michel Dänzer wrote: >>>>>> On 18.06.2016 02:41, Frank Binns wrote: >>>>>>> Up until now, DRI3 was only used for devices that have render nodes, >>>>>>> unless >>>>>>> overridden via an environment variable, with it falling back to DRI2 >>>>>>> otherwise. >>>>>>> This limitation was there in order to support WL_bind_wayland_display >>>>>>> as it >>>>>>> requires client opened device node fds to be authenticated, which >>>>>>> isn't possible >>>>>>> when using DRI3. This is an unfortunate compromise as DRI3 provides >>>>>>> security >>>>>>> benefits over DRI2. >>>>>> What exactly is it that works with render nodes but not with >>>>>> unauthenticated non-render nodes? Isn't that a kernel bug? >>>>> The problem isn't that something doesn't work with unauthenticated >>>>> non-render nodes (wouldn't that be the kernel bug?) but that if a >>>>> client opens the primary/legacy node it needs the resulting fd to >>>>> be authenticated, which isn't supported by the X11 DRI3 protocol. >>>> Authentication is required for using certain ioctls of non-render nodes. >>>> It sounds like some ioctls are allowed to be used with render nodes but >>>> not with unauthenticated non-render nodes, which seems like a kernel bug >>>> — why would an ioctl be safe to use without authentication via a render >>>> node but not via a non-render node? >>>> >>>> So, which ioctls required by WL_bind_wayland_display don't work with an >>>> unauthenticated non-render node? >>>> >>>> >>> The ioctl to authenticate is possible only when you have the master node >>> (owned by the DDX when using X, or by the wayland compositor when using >>> Wayland). There is only one master node. >>> >>> >>> On of the motives of render-nodes is precisely to fix these limitations. >> >> I understand all of that, but it doesn't answer my question. :) >> >> Since WL_bind_wayland_display works with a render node, it means that >> all ioctls it needs work without authentication when using a render >> node. The question is, why do the same ioctls require authentication >> when using a non-render node? >> >> > I believe the following thread [1] is relevant here. > > -Emil > [1] https://lists.freedesktop.org/archives/dri-devel/2016-June/110845.html
Bottom line: It's just not a simple as I thought. :) Sorry for the noise, and thanks for bearing with me. -- Earthling Michel Dänzer | http://www.amd.com Libre software enthusiast | Mesa and X developer _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
