[Libva] [PATCH v2 4/7] drm: ensure DRM connection is authenticated.

Gwenole Beauchesne gb.devel at gmail.com
Mon Jul 16 02:04:26 PDT 2012


Make sure the DRM connection is authenticated prior to returning a
valid display from vaGetDisplayDRM(). If an X or Wayland server is
running then authentication will also fail.

Signed-off-by: Gwenole Beauchesne <gwenole.beauchesne at intel.com>
---
 va/drm/Makefile.am   |    2 ++
 va/drm/va_drm.c      |   14 +++++++++++--
 va/drm/va_drm_auth.c |   55 ++++++++++++++++++++++++++++++++++++++++++++++++++
 va/drm/va_drm_auth.h |   37 +++++++++++++++++++++++++++++++++
 4 files changed, 106 insertions(+), 2 deletions(-)
 create mode 100644 va/drm/va_drm_auth.c
 create mode 100644 va/drm/va_drm_auth.h

diff --git a/va/drm/Makefile.am b/va/drm/Makefile.am
index a2770f2..17e79d0 100644
--- a/va/drm/Makefile.am
+++ b/va/drm/Makefile.am
@@ -29,6 +29,7 @@ INCLUDES = \
 
 source_c = \
 	va_drm.c		\
+	va_drm_auth.c		\
 	$(NULL)
 
 source_h = \
@@ -36,6 +37,7 @@ source_h = \
 	$(NULL)
 
 source_h_priv = \
+	va_drm_auth.h		\
 	$(NULL)
 
 noinst_LTLIBRARIES		= libva_drm.la
diff --git a/va/drm/va_drm.c b/va/drm/va_drm.c
index c45565f..b7f60ba 100644
--- a/va/drm/va_drm.c
+++ b/va/drm/va_drm.c
@@ -27,6 +27,7 @@
 #include "va_drm.h"
 #include "va_backend.h"
 #include "va_drmcommon.h"
+#include "va_drm_auth.h"
 
 static int
 va_DisplayContextIsValid(VADisplayContextP pDisplayContext)
@@ -74,6 +75,7 @@ va_DisplayContextGetDriverName(
     char *driver_name = NULL;
     const struct driver_name_map *m;
     drm_magic_t magic;
+    int ret;
 
     *driver_name_ptr = NULL;
 
@@ -97,8 +99,16 @@ va_DisplayContextGetDriverName(
 
     *driver_name_ptr = driver_name;
 
-    drmGetMagic(drm_state->fd, &magic);
-    drmAuthMagic(drm_state->fd, magic);
+    ret = drmGetMagic(drm_state->fd, &magic);
+    if (ret < 0)
+        return VA_STATUS_ERROR_OPERATION_FAILED;
+
+    if (!va_drm_is_authenticated(drm_state->fd)) {
+        if (!va_drm_authenticate(drm_state->fd, magic))
+            return VA_STATUS_ERROR_OPERATION_FAILED;
+        if (!va_drm_is_authenticated(drm_state->fd))
+            return VA_STATUS_ERROR_OPERATION_FAILED;
+    }
 
     drm_state->auth_type = VA_DRM_AUTH_CUSTOM;
 
diff --git a/va/drm/va_drm_auth.c b/va/drm/va_drm_auth.c
new file mode 100644
index 0000000..cf31239
--- /dev/null
+++ b/va/drm/va_drm_auth.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2012 Intel Corporation. All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sub license, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the
+ * next paragraph) shall be included in all copies or substantial portions
+ * of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
+ * IN NO EVENT SHALL PRECISION INSIGHT AND/OR ITS SUPPLIERS BE LIABLE FOR
+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#include "sysdeps.h"
+#include <unistd.h>
+#include <xf86drm.h>
+#include "va_drm_auth.h"
+
+/* Checks whether DRM connection is authenticated */
+bool
+va_drm_is_authenticated(int fd)
+{
+    pid_t client_pid;
+    int i, auth, pid, uid;
+    unsigned long magic, iocs;
+    bool is_authenticated = false;
+
+    client_pid = getpid();
+    for (i = 0; !is_authenticated; i++) {
+        if (drmGetClient(fd, i, &auth, &pid, &uid, &magic, &iocs) != 0)
+            break;
+        is_authenticated = auth && pid == client_pid;
+    }
+    return is_authenticated;
+}
+
+/* Try to authenticate the DRM connection with the supplied magic id */
+bool
+va_drm_authenticate(int fd, uint32_t magic)
+{
+    /* XXX: try to authenticate through Wayland, X11, etc. */
+    /* Default: root + master privs are needed for the following call */
+    return drmAuthMagic(fd, magic) == 0;
+}
diff --git a/va/drm/va_drm_auth.h b/va/drm/va_drm_auth.h
new file mode 100644
index 0000000..ef9593c
--- /dev/null
+++ b/va/drm/va_drm_auth.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2012 Intel Corporation. All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sub license, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the
+ * next paragraph) shall be included in all copies or substantial portions
+ * of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
+ * IN NO EVENT SHALL PRECISION INSIGHT AND/OR ITS SUPPLIERS BE LIABLE FOR
+ * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef VA_DRM_AUTH_H
+#define VA_DRM_AUTH_H
+
+#include <stdint.h>
+#include <stdbool.h>
+
+bool
+va_drm_is_authenticated(int fd);
+
+bool
+va_drm_authenticate(int fd, uint32_t magic);
+
+#endif /* VA_DRM_AUTH_H */
-- 
1.7.9.5



More information about the Libva mailing list