[v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls

Message ID	20191127162554.2494-1-emil.l.velikov@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=GPAI=ZT=lists.freedesktop.org=dri-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 68873206E0 From: Emil Velikov <emil.l.velikov@gmail.com> To: dri-devel@lists.freedesktop.org Subject: [PATCH v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls Date: Wed, 27 Nov 2019 16:25:54 +0000 Message-Id: <20191127162554.2494-1-emil.l.velikov@gmail.com> In-Reply-To: <20191101130313.8862-5-emil.l.velikov@gmail.com> References: <20191101130313.8862-5-emil.l.velikov@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qOVtybo7usSbjoqRS9lVUZgze/kCb5tgAd7kGTrcnVo=; b=VCFQFxd8bsRIJkYZEvCLkZLgV+/gP0jP41iyKSALeWJFBfl94LPndBwPOjuCoiVqFy GnO8aN1d4vHncXdkKi6nHlEYMakMk/71qX7xQOGITu70zEZZKrWKhlhkC9nRWvD2At06 u9vGNW0+Xwc6AfcPR+lDNurt3XrHv/3sB3lHEj3TmJA/3+EewJFcZR1nfV+3zvVgav0e 1syBVVp/8Xlvlhjw8Kz540nRWQnjeMZI03QLHYBG7n0wRd2SWNYrDcZDuz/9pwsjMC3v VuPaeLwNHPdhZJrEO9aIMY+D79TgYztrG4plJI70wNFEuAsHOjx+bRSXBrnw5PNn3313 FLvw== Precedence: list Cc: emil.l.velikov@gmail.com, amd-gfx@lists.freedesktop.org, Boris Brezillon <boris.brezillon@collabora.com>, Alex Deucher <alexander.deucher@amd.com>, Sean Paul <sean@poorly.run> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
Series	[v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls \| expand [v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls

Message ID

20191127162554.2494-1-emil.l.velikov@gmail.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 68873206E0
From: Emil Velikov <emil.l.velikov@gmail.com>
To: dri-devel@lists.freedesktop.org
Subject: [PATCH v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls
Date: Wed, 27 Nov 2019 16:25:54 +0000
Message-Id: <20191127162554.2494-1-emil.l.velikov@gmail.com>
In-Reply-To: <20191101130313.8862-5-emil.l.velikov@gmail.com>
References: <20191101130313.8862-5-emil.l.velikov@gmail.com>
MIME-Version: 1.0
Precedence: list
Cc: emil.l.velikov@gmail.com, amd-gfx@lists.freedesktop.org,
 Boris Brezillon <boris.brezillon@collabora.com>,
 Alex Deucher <alexander.deucher@amd.com>, Sean Paul <sean@poorly.run>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Series

[v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls | expand

Commit Message

Emil Velikov Nov. 27, 2019, 4:25 p.m. UTC

From: Emil Velikov <emil.velikov@collabora.com>

Current validation requires that we're authenticated, even though we can
bypass (by design) the authentication when using a render node.

Let's address the former by following the design decision.

v2: Add simpler validation in the ioctls themselves (Boris)

Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: amd-gfx@lists.freedesktop.org
Cc: Boris Brezillon <boris.brezillon@collabora.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Sean Paul <sean@poorly.run>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
---
 drivers/gpu/drm/drm_ioctl.c |  4 ++--
 drivers/gpu/drm/drm_prime.c | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
index fcd728d7cf72..5afb39688b55 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -652,8 +652,8 @@  static const struct drm_ioctl_desc drm_ioctls[] = {
 
 	DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETRESOURCES, drm_mode_getresources, 0),
 
-	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
-	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
+	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_RENDER_ALLOW),
+	DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_RENDER_ALLOW),
 
 	DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPLANERESOURCES, drm_mode_getplane_res, 0),
 	DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETCRTC, drm_mode_getcrtc, 0),
diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c
index 0a2316e0e812..dab166c860ec 100644
--- a/drivers/gpu/drm/drm_prime.c
+++ b/drivers/gpu/drm/drm_prime.c
@@ -358,11 +358,27 @@  int drm_gem_prime_fd_to_handle(struct drm_device *dev,
 }
 EXPORT_SYMBOL(drm_gem_prime_fd_to_handle);
 
+static inline bool
+allowed_ioctl(struct drm_device *dev, struct drm_file *file_priv)
+{
+	/* Unauthenticated master is allowed, for render capable devices */
+	if (drm_is_primary_client(file_priv)) {
+		if (!file_priv->authenticated &&
+		    !drm_core_check_feature(dev, DRIVER_RENDER))
+		return false;
+	}
+
+	return true;
+}
+
 int drm_prime_fd_to_handle_ioctl(struct drm_device *dev, void *data,
 				 struct drm_file *file_priv)
 {
 	struct drm_prime_handle *args = data;
 
+	if (!allowed_ioctl(dev, file_priv))
+		return -EACCES;
+
 	if (!dev->driver->prime_fd_to_handle)
 		return -ENOSYS;
 
@@ -511,6 +527,9 @@  int drm_prime_handle_to_fd_ioctl(struct drm_device *dev, void *data,
 {
 	struct drm_prime_handle *args = data;
 
+	if (!allowed_ioctl(dev, file_priv))
+		return -EACCES;
+
 	if (!dev->driver->prime_handle_to_fd)
 		return -ENOSYS;

[v2] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls

Commit Message

Patch