[Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers even if !master

Wed Jul 17 22:20:07 CEST 2013

On Wed, Jul 17, 2013 at 09:45:30AM -0700, Jesse Barnes wrote:
> This should allow userland tools running under X to submit secure
> batches for various things.  This gives master DRM clients slightly more
> permissions, but doesn't give regular processes any more, since a root
> process can already map the registers directly and poke at hw.
> 
> Signed-off-by: Jesse Barnes <jbarnes at virtuousgeek.org>
> ---
>  drivers/gpu/drm/i915/i915_gem_execbuffer.c |    8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> index 1b58694..377aa1f 100644
> --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> @@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data,
>  
>  	flags = 0;
>  	if (args->flags & I915_EXEC_SECURE) {
> -		if (!file->is_master || !capable(CAP_SYS_ADMIN))
> +		if (!f(ile->is_master || capable(CAP_SYS_ADMIN)))
> 		    return -EPERM;

Would have made for a much smaller patch.
-Chris

-- 
Chris Wilson, Intel Open Source Technology Centre