[Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers even if !master

[Jesse Barnes]

This should allow userland tools running under X to submit secure
batches for various things.  This gives master DRM clients slightly more
permissions, but doesn't give regular processes any more, since a root
process can already map the registers directly and poke at hw.

Signed-off-by: Jesse Barnes <jbarnes at virtuousgeek.org>
---
 drivers/gpu/drm/i915/i915_gem_execbuffer.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index 1b58694..377aa1f 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data,
 
 	flags = 0;
 	if (args->flags & I915_EXEC_SECURE) {
-		if (!file->is_master || !capable(CAP_SYS_ADMIN))
-		    return -EPERM;
-
-		flags |= I915_DISPATCH_SECURE;
+		if (file->is_master || capable(CAP_SYS_ADMIN))
+			flags |= I915_DISPATCH_SECURE;
+		else
+			return -EPERM;
 	}
 	if (args->flags & I915_EXEC_IS_PINNED)
 		flags |= I915_DISPATCH_PINNED;
-- 
1.7.9.5