[PATCH 0/3] drm: tweak permission handling
Daniel Vetter
daniel at ffwll.ch
Thu Dec 20 14:43:33 UTC 2018
On Thu, Dec 20, 2018 at 12:56:46PM +0000, Emil Velikov wrote:
> On Wed, 19 Dec 2018 at 20:37, Daniel Vetter <daniel at ffwll.ch> wrote:
> >
> > On Wed, Dec 19, 2018 at 09:30:46PM +0100, Daniel Vetter wrote:
> > > On Wed, Dec 19, 2018 at 07:22:44PM +0000, Emil Velikov wrote:
> > > > Hi all,
> > > >
> > > > This series relaxes some permission handling we have in core.
> > > >
> > > > The first patch, swaps the DRM_ROOT_ONLY to DRM_MASTER on DROP_MASTER
> > > > ioctls. Thus any application can drop privileges just after SET_MASTER
> > > > and not worry about elevating them, solely for DROP_MASTER.
> > > >
> > > > The last commit, admittedly works around userspace bugs. Although it's
> > > > far better than the "run as root" approach that people have been using.
> > > >
> > > > It has the extra side effect of allowing some userspace (but not all)
> > > > to use vgem without any modifications ;-)
> > > >
> > > > Would be great if this series is checked through the Intel GFX trybot
> > > > but I'm not sure how to do that.
> > >
> > > Just cc intel-gfx at lists.freedesktop.org.
> Thanks will do.
>
> >
> > Even better would be a few igts to exercise this stuff. We have some basic
> > auth tests, but not much, so running this through the intel CI won't test
> > much at all.
>
> Right, I was thinking about adding something like the following:
> - open the primary node - /dev/dri/cardX
> - ensure it's not authenticated - by default the first client (or one
> run as root) is
> - issue a trivial ioctl that's annotated as DRM_AUTH
> - fail if the ioctl returns with -EACCESS
>
> Since IGT is usually the first client (or sometimes ran as root), I'm
> not quite sure how to achieve the second point.
> Any ideas are greatly appreciated.
Open fd a 2nd time, before closing the first one. For examples see the
various core_* tests, specically core_auth.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list