Re: [Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers even if !master
On Wed, 17 Jul 2013 21:20:07 +0100
Chris Wilson wrote:
> On Wed, Jul 17, 2013 at 09:45:30AM -0700, Jesse Barnes wrote:
> > This should allow userland tools running under X to submit secure
> > batches for various things. This gives master DRM clients slightly more
> > permissions, but doesn't give regular processes any more, since a root
> > process can already map the registers directly and poke at hw.
> >
> > Signed-off-by: Jesse Barnes
> > ---
> > drivers/gpu/drm/i915/i915_gem_execbuffer.c |8
> > 1 file changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > index 1b58694..377aa1f 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > @@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void
> > *data,
> >
> > flags = 0;
> > if (args->flags & I915_EXEC_SECURE) {
> > - if (!file->is_master || !capable(CAP_SYS_ADMIN))
> > + if (!f(ile->is_master || capable(CAP_SYS_ADMIN)))
> > return -EPERM;
>
> Would have made for a much smaller patch.
And maybe without the typo? :)
--
Jesse Barnes, Intel Open Source Technology Center
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
Re: [Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers even if !master
On Wed, Jul 17, 2013 at 09:45:30AM -0700, Jesse Barnes wrote:
> This should allow userland tools running under X to submit secure
> batches for various things. This gives master DRM clients slightly more
> permissions, but doesn't give regular processes any more, since a root
> process can already map the registers directly and poke at hw.
>
> Signed-off-by: Jesse Barnes
> ---
> drivers/gpu/drm/i915/i915_gem_execbuffer.c |8
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> index 1b58694..377aa1f 100644
> --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> @@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void
> *data,
>
> flags = 0;
> if (args->flags & I915_EXEC_SECURE) {
> - if (!file->is_master || !capable(CAP_SYS_ADMIN))
> + if (!f(ile->is_master || capable(CAP_SYS_ADMIN)))
> return -EPERM;
Would have made for a much smaller patch.
-Chris
--
Chris Wilson, Intel Open Source Technology Centre
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
[Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers even if !master
This should allow userland tools running under X to submit secure
batches for various things. This gives master DRM clients slightly more
permissions, but doesn't give regular processes any more, since a root
process can already map the registers directly and poke at hw.
Signed-off-by: Jesse Barnes
---
drivers/gpu/drm/i915/i915_gem_execbuffer.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index 1b58694..377aa1f 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data,
flags = 0;
if (args->flags & I915_EXEC_SECURE) {
- if (!file->is_master || !capable(CAP_SYS_ADMIN))
- return -EPERM;
-
- flags |= I915_DISPATCH_SECURE;
+ if (file->is_master || capable(CAP_SYS_ADMIN))
+ flags |= I915_DISPATCH_SECURE;
+ else
+ return -EPERM;
}
if (args->flags & I915_EXEC_IS_PINNED)
flags |= I915_DISPATCH_PINNED;
--
1.7.9.5
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
