Rendering when dropped master

Martin Peres martin.peres at free.fr
Fri Dec 20 01:59:02 PST 2013


On 20/12/2013 10:55, Thomas Hellstrom wrote:
> On 12/20/2013 10:31 AM, Martin Peres wrote:
>> On 20/12/2013 07:57, Thomas Hellstrom wrote:
>>> So this is a potential issue that needs to be brought up sooner or
>>> later:
>>>
>>> Let's say a client is authenticated by the current master.
>>> Then the master drops, and we have a new master (fast user switching for
>>> example).
>>>
>>> What's the status of the clients authenticated by old masters?
>>> Should they be allowed to render and use memory resources or
>>> shouldn't they?
>>>
>>> A typical example where this could pose a problem is where user 1 opens
>>> a drm connection, authenticates itself and then drops master.
>>> Then user 2 starts an X server and exposes all DRI contents to user 1?
>>>
>>> /Thomas
>> I wouldn't worry about that since all clients should use render nodes
>> instead.
>> If you worry about this, help making the switch to them happen.
>>
> OK, so let's say user 1 opens a connection through a render node and
> starts rendering using shared buffers.
> Then we do a fast user switch, the render node ACL is updated and user 2
> logs in.
> What's stopping user 2 from accessing user 1's DRI content?
>
> I haven't looked closely at what's actually allowed through render
> nodes; perhaps buffer sharing using global names isn't?

That's right. GEM buffer sharing is disabled in render nodes.
Only DMA-Buf is allowed.

GEM buffer sharing could hardly be less secure, that's why it was
decided to drop it entirely in favour of dma-buf.

Martin


More information about the dri-devel mailing list