[PATCH 3/3] drm: allow render capable master with DRM_AUTH ioctls

Daniel Vetter daniel at ffwll.ch
Wed Dec 19 20:34:50 UTC 2018 

On Wed, Dec 19, 2018 at 07:22:47PM +0000, Emil Velikov wrote:
> From: Emil Velikov <emil.velikov at collabora.com>
> 
> There are cases (in mesa and applications) where one would open the
> primary node without properly authenticating the client.
> 
> Sometimes we don't check if the authentication succeeds, but there's
> also cases we simply forget to do it. Mesa has been fixed recently
> although, there's the question of older drivers or other apps that
> exbibit this behaviour.

Would be good to have links to mesa where these bugs are fixed (or
wherever those bugs where).

> 
> To workaround this, some users resort to running their apps under sudo.
> Which admittedly isn't always a good idea.
> 
> Since any DRIVER_RENDER driver has sufficient isolation between clients,
> we can use that, for unauthenticated [primary node] ioctls that require
> DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW.
> 
> As an added bonus this allows us to use vgem in userspace with zero
> change to some (but not all) existing programs.

How/what/where?

> Signed-off-by: Emil Velikov <emil.velikov at collabora.com>
> ---
>  drivers/gpu/drm/drm_ioctl.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
> index 2221c8857fb0..4c775b775395 100644
> --- a/drivers/gpu/drm/drm_ioctl.c
> +++ b/drivers/gpu/drm/drm_ioctl.c
> @@ -521,13 +521,17 @@ int drm_version(struct drm_device *dev, void *data,
>   */
>  int drm_ioctl_permit(u32 flags, struct drm_file *file_priv)
>  {
> +	const struct drm_device *dev = file_priv->minor->dev;
> +
>  	/* ROOT_ONLY is only for CAP_SYS_ADMIN */
>  	if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN)))
>  		return -EACCES;
>  
> -	/* AUTH is only for authenticated or render client */
> +	/* AUTH is only for authenticated/render capable master or render client */
>  	if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) &&
> -		     !file_priv->authenticated))
> +		     !file_priv->authenticated &&
> +		     !(drm_core_check_feature(dev, DRIVER_RENDER) &&
> +		       (flags & DRM_RENDER_ALLOW))))

Gets a bit unreadable but looks correct.

With the commit message improved (since this is new uapi, so needs those
pesky userspace links):

Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>

>  		return -EACCES;
>  
>  	/* MASTER is only for master or control clients */
> -- 
> 2.19.2
> 
> _______________________________________________
> dri-devel mailing list
> dri-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

More information about the dri-devel mailing list