[PATCH v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls

Wed Nov 27 16:25:54 UTC 2019

From: Emil Velikov <emil.velikov at collabora.com>

Current validation requires that we're authenticated, even though we can
bypass (by design) the authentication when using a render node.

Let's address the former by following the design decision.

v2: Add simpler validation in the ioctls themselves (Boris)

Cc: Alex Deucher <alexander.deucher at amd.com>
Cc: amd-gfx at lists.freedesktop.org
Cc: Boris Brezillon <boris.brezillon at collabora.com>
Cc: Daniel Vetter <daniel at ffwll.ch>
Cc: Sean Paul <sean at poorly.run>
Acked-by: Christian König <christian.koenig at amd.com>
Signed-off-by: Emil Velikov <emil.velikov at collabora.com>
---
 drivers/gpu/drm/drm_ioctl.c |  4 ++--
 drivers/gpu/drm/drm_prime.c | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index fcd728d7cf72..5afb39688b55 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -652,8 +652,8 @@ static const struct drm_ioctl_desc drm_ioctls[] = {
 
 	DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETRESOURCES, drm_mode_getresources, 0),
 
-	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
-	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
+	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_RENDER_ALLOW),
+	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_RENDER_ALLOW),
 
 	DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPLANERESOURCES, drm_mode_getplane_res, 0),
 	DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETCRTC, drm_mode_getcrtc, 0),
diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c
index 0a2316e0e812..dab166c860ec 100644
--- a/drivers/gpu/drm/drm_prime.c
+++ b/drivers/gpu/drm/drm_prime.c
@@ -358,11 +358,27 @@ int drm_gem_prime_fd_to_handle(struct drm_device *dev,
 }
 EXPORT_SYMBOL(drm_gem_prime_fd_to_handle);
 
+static inline bool
+allowed_ioctl(struct drm_device *dev, struct drm_file *file_priv)
+{
+	/* Unauthenticated master is allowed, for render capable devices */
+	if (drm_is_primary_client(file_priv)) {
+		if (!file_priv->authenticated &&
+		    !drm_core_check_feature(dev, DRIVER_RENDER))
+		return false;
+	}
+
+	return true;
+}
+
 int drm_prime_fd_to_handle_ioctl(struct drm_device *dev, void *data,
 				 struct drm_file *file_priv)
 {
 	struct drm_prime_handle *args = data;
 
+	if (!allowed_ioctl(dev, file_priv))
+		return -EACCES;
+
 	if (!dev->driver->prime_fd_to_handle)
 		return -ENOSYS;
 
@@ -511,6 +527,9 @@ int drm_prime_handle_to_fd_ioctl(struct drm_device *dev, void *data,
 {
 	struct drm_prime_handle *args = data;
 
+	if (!allowed_ioctl(dev, file_priv))
+		return -EACCES;
+
 	if (!dev->driver->prime_handle_to_fd)
 		return -ENOSYS;
 
-- 
2.23.0

