[Mesa-dev] [PATCH 1/3] egl/x11_dri3: disable WL_bind_wayland_display for devices without render nodes
Michel Dänzer
michel at daenzer.net
Wed Jun 22 01:20:53 UTC 2016
On 21.06.2016 18:49, Emil Velikov wrote:
> On 21 June 2016 at 07:39, Michel Dänzer <michel at daenzer.net> wrote:
>> On 21.06.2016 15:24, Axel Davy wrote:
>>> On 21/06/2016 01:26, Michel Dänzer wrote:
>>>> On 20.06.2016 20:06, Frank Binns wrote:
>>>>> On 20/06/16 10:48, Michel Dänzer wrote:
>>>>>> On 18.06.2016 02:41, Frank Binns wrote:
>>>>>>> Up until now, DRI3 was only used for devices that have render nodes,
>>>>>>> unless
>>>>>>> overridden via an environment variable, with it falling back to DRI2
>>>>>>> otherwise.
>>>>>>> This limitation was there in order to support WL_bind_wayland_display
>>>>>>> as it
>>>>>>> requires client opened device node fds to be authenticated, which
>>>>>>> isn't possible
>>>>>>> when using DRI3. This is an unfortunate compromise as DRI3 provides
>>>>>>> security
>>>>>>> benefits over DRI2.
>>>>>> What exactly is it that works with render nodes but not with
>>>>>> unauthenticated non-render nodes? Isn't that a kernel bug?
>>>>> The problem isn't that something doesn't work with unauthenticated
>>>>> non-render nodes (wouldn't that be the kernel bug?) but that if a
>>>>> client opens the primary/legacy node it needs the resulting fd to
>>>>> be authenticated, which isn't supported by the X11 DRI3 protocol.
>>>> Authentication is required for using certain ioctls of non-render nodes.
>>>> It sounds like some ioctls are allowed to be used with render nodes but
>>>> not with unauthenticated non-render nodes, which seems like a kernel bug
>>>> — why would an ioctl be safe to use without authentication via a render
>>>> node but not via a non-render node?
>>>>
>>>> So, which ioctls required by WL_bind_wayland_display don't work with an
>>>> unauthenticated non-render node?
>>>>
>>>>
>>> The ioctl to authenticate is possible only when you have the master node
>>> (owned by the DDX when using X, or by the wayland compositor when using
>>> Wayland). There is only one master node.
>>>
>>>
>>> On of the motives of render-nodes is precisely to fix these limitations.
>>
>> I understand all of that, but it doesn't answer my question. :)
>>
>> Since WL_bind_wayland_display works with a render node, it means that
>> all ioctls it needs work without authentication when using a render
>> node. The question is, why do the same ioctls require authentication
>> when using a non-render node?
>>
>>
> I believe the following thread [1] is relevant here.
>
> -Emil
> [1] https://lists.freedesktop.org/archives/dri-devel/2016-June/110845.html
Bottom line: It's just not a simple as I thought. :) Sorry for the
noise, and thanks for bearing with me.
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the mesa-dev
mailing list