| Message ID | 1440680124-3568-1-git-send-email-thellstrom@vmware.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/27/2015 02:55 PM, Thomas Hellstrom wrote: > Applications like gnome-shell may try to render after dropping master > privileges. Since the driver should now be safe against this scenario, > allow those applications to use their legacy node like a render node. > > Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com> > Reviewed-by: Sinclair Yeh <syeh@vmware.com> > --- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 7 ++++++- > drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 5 +++++ > 2 files changed, 11 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > index 03854d6..e13b20b 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > @@ -1052,10 +1052,15 @@ static struct vmw_master *vmw_master_check(struct drm_device *dev, > } > > /* > - * Check if we were previously master, but now dropped. > + * Check if we were previously master, but now dropped. In that > + * case, allow at least render node functionality. > */ > if (vmw_fp->locked_master) { > mutex_unlock(&dev->master_mutex); > + > + if (flags & DRM_RENDER_ALLOW) > + return NULL; > + > DRM_ERROR("Dropped master trying to access ioctl that " > "requires authentication.\n"); > return ERR_PTR(-EACCES); > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c > index 5b8595b..4f0794d 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c > @@ -911,6 +911,11 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, > "surface reference.\n"); > return -EACCES; > } > + if (ACCESS_ONCE(vmw_fpriv(file_priv)->locked_master)) { > + DRM_ERROR("Locked master refused legacy " > + "surface reference.\n"); Actually, a return -EACCES is missing here. I'll send out a v2. /Thomas
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 03854d6..e13b20b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1052,10 +1052,15 @@ static struct vmw_master *vmw_master_check(struct drm_device *dev, } /* - * Check if we were previously master, but now dropped. + * Check if we were previously master, but now dropped. In that + * case, allow at least render node functionality. */ if (vmw_fp->locked_master) { mutex_unlock(&dev->master_mutex); + + if (flags & DRM_RENDER_ALLOW) + return NULL; + DRM_ERROR("Dropped master trying to access ioctl that " "requires authentication.\n"); return ERR_PTR(-EACCES); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index 5b8595b..4f0794d 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -911,6 +911,11 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, "surface reference.\n"); return -EACCES; } + if (ACCESS_ONCE(vmw_fpriv(file_priv)->locked_master)) { + DRM_ERROR("Locked master refused legacy " + "surface reference.\n"); + } + handle = u_handle; }