[Mesa-dev] [PATCH 1/3] egl/x11_dri3: disable WL_bind_wayland_display for devices without render nodes
Axel Davy
axel.davy at ens.fr
Mon Jun 20 11:10:07 UTC 2016
Le 20/06/2016 11:48, Michel Dänzer a écrit :
> On 18.06.2016 02:41, Frank Binns wrote:
>> Up until now, DRI3 was only used for devices that have render nodes, unless
>> overridden via an environment variable, with it falling back to DRI2 otherwise.
>> This limitation was there in order to support WL_bind_wayland_display as it
>> requires client opened device node fds to be authenticated, which isn't possible
>> when using DRI3. This is an unfortunate compromise as DRI3 provides security
>> benefits over DRI2.
> What exactly is it that works with render nodes but not with
> unauthenticated non-render nodes? Isn't that a kernel bug?
>
>
Wayland egl authentication mechanism is that the client opens the device
advertised by the server (or it can use another device, but must use
render nodes then),
and if it is not a render-node, it asks the server to authenticate the
client opened fd of the device for rendering.
On DRI3, you don't ask the X server for authentication (contrary to DRI2
and Wayland egl), instead the X server gives you an already
authenticated fd.
Thus X egl/dri3 cannot authenticate clients opened fd.
That's why render-nodes are required for the extension with egl/dri3
Axel
More information about the mesa-dev
mailing list