[Mesa-dev] [PATCH 1/3] egl/x11_dri3: disable WL_bind_wayland_display for devices without render nodes

[Axel Davy]

On 21/06/2016 01:26, Michel Dänzer wrote:
> On 20.06.2016 20:06, Frank Binns wrote:
>> On 20/06/16 10:48, Michel Dänzer wrote:
>>> On 18.06.2016 02:41, Frank Binns wrote:
>>>> Up until now, DRI3 was only used for devices that have render nodes,
>>>> unless
>>>> overridden via an environment variable, with it falling back to DRI2
>>>> otherwise.
>>>> This limitation was there in order to support WL_bind_wayland_display
>>>> as it
>>>> requires client opened device node fds to be authenticated, which
>>>> isn't possible
>>>> when using DRI3. This is an unfortunate compromise as DRI3 provides
>>>> security
>>>> benefits over DRI2.
>>> What exactly is it that works with render nodes but not with
>>> unauthenticated non-render nodes? Isn't that a kernel bug?
>> The problem isn't that something doesn't work with unauthenticated
>> non-render nodes (wouldn't that be the kernel bug?) but that if a
>> client opens the primary/legacy node it needs the resulting fd to
>> be authenticated, which isn't supported by the X11 DRI3 protocol.
> Authentication is required for using certain ioctls of non-render nodes.
> It sounds like some ioctls are allowed to be used with render nodes but
> not with unauthenticated non-render nodes, which seems like a kernel bug
> — why would an ioctl be safe to use without authentication via a render
> node but not via a non-render node?
>
> So, which ioctls required by WL_bind_wayland_display don't work with an
> unauthenticated non-render node?
>
>
The ioctl to authenticate is possible only when you have the master node 
(owned by the DDX when using X, or by the wayland compositor when using 
Wayland). There is only one master node.


On of the motives of render-nodes is precisely to fix these limitations.


Axel