@@ -120,6 +120,10 @@ int drm_authmagic(struct drm_device *dev, void *data,
DRM_DEBUG("%u\n", auth->magic);
down_write(&dev->master_rwsem);
+ if (unlikely(!drm_is_current_master(file_priv))) {
+ up_write(&dev->master_rwsem);
+ return -EACCES;
+ }
file = idr_find(&file_priv->master->magic_map, auth->magic);
if (file) {
file->authenticated = 1;
@@ -386,6 +386,10 @@ static int drm_setversion(struct drm_device *dev, void *data, struct drm_file *f
int if_version, retcode = 0;
down_write(&dev->master_rwsem);
+ if (unlikely(!drm_is_current_master(file_priv))) {
+ retcode = -EACCES;
+ goto unlock;
+ }
if (sv->drm_di_major != -1) {
if (sv->drm_di_major != DRM_IF_MAJOR ||
sv->drm_di_minor < 0 || sv->drm_di_minor > DRM_IF_MINOR) {
@@ -420,8 +424,9 @@ static int drm_setversion(struct drm_device *dev, void *data, struct drm_file *f
sv->drm_di_minor = DRM_IF_MINOR;
sv->drm_dd_major = dev->driver->major;
sv->drm_dd_minor = dev->driver->minor;
- up_write(&dev->master_rwsem);
+unlock:
+ up_write(&dev->master_rwsem);
return retcode;
}
@@ -574,12 +579,12 @@ static const struct drm_ioctl_desc drm_ioctls[] = {
DRM_IOCTL_DEF(DRM_IOCTL_GET_STATS, drm_getstats, 0),
DRM_IOCTL_DEF(DRM_IOCTL_GET_CAP, drm_getcap, DRM_RENDER_ALLOW),
DRM_IOCTL_DEF(DRM_IOCTL_SET_CLIENT_CAP, drm_setclientcap, 0),
- DRM_IOCTL_DEF(DRM_IOCTL_SET_VERSION, drm_setversion, DRM_MASTER),
+ DRM_IOCTL_DEF(DRM_IOCTL_SET_VERSION, drm_setversion, 0),
DRM_IOCTL_DEF(DRM_IOCTL_SET_UNIQUE, drm_invalid_op, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF(DRM_IOCTL_BLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_IOCTL_DEF(DRM_IOCTL_UNBLOCK, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
- DRM_IOCTL_DEF(DRM_IOCTL_AUTH_MAGIC, drm_authmagic, DRM_MASTER),
+ DRM_IOCTL_DEF(DRM_IOCTL_AUTH_MAGIC, drm_authmagic, 0),
DRM_LEGACY_IOCTL_DEF(DRM_IOCTL_ADD_MAP, drm_legacy_addmap_ioctl, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY),
DRM_LEGACY_IOCTL_DEF(DRM_IOCTL_RM_MAP, drm_legacy_rmmap_ioctl, DRM_AUTH),
@@ -706,10 +711,10 @@ static const struct drm_ioctl_desc drm_ioctls[] = {
DRM_RENDER_ALLOW),
DRM_IOCTL_DEF(DRM_IOCTL_CRTC_GET_SEQUENCE, drm_crtc_get_sequence_ioctl, 0),
DRM_IOCTL_DEF(DRM_IOCTL_CRTC_QUEUE_SEQUENCE, drm_crtc_queue_sequence_ioctl, 0),
- DRM_IOCTL_DEF(DRM_IOCTL_MODE_CREATE_LEASE, drm_mode_create_lease_ioctl, DRM_MASTER),
+ DRM_IOCTL_DEF(DRM_IOCTL_MODE_CREATE_LEASE, drm_mode_create_lease_ioctl, 0),
DRM_IOCTL_DEF(DRM_IOCTL_MODE_LIST_LESSEES, drm_mode_list_lessees_ioctl, DRM_MASTER),
DRM_IOCTL_DEF(DRM_IOCTL_MODE_GET_LEASE, drm_mode_get_lease_ioctl, DRM_MASTER),
- DRM_IOCTL_DEF(DRM_IOCTL_MODE_REVOKE_LEASE, drm_mode_revoke_lease_ioctl, DRM_MASTER),
+ DRM_IOCTL_DEF(DRM_IOCTL_MODE_REVOKE_LEASE, drm_mode_revoke_lease_ioctl, 0),
};
#define DRM_CORE_IOCTL_COUNT ARRAY_SIZE(drm_ioctls)
@@ -779,6 +784,9 @@ long drm_ioctl_kernel(struct file *file, drm_ioctl_t *func, void *kdata,
if (locked_ioctl)
mutex_lock(&drm_global_mutex);
+ if (unlikely(flags & DRM_MASTER))
+ down_read(&dev->master_rwsem);
+
retcode = drm_ioctl_permit(flags, file_priv);
if (unlikely(retcode))
goto out;
@@ -786,6 +794,8 @@ long drm_ioctl_kernel(struct file *file, drm_ioctl_t *func, void *kdata,
retcode = func(dev, kdata, file_priv);
out:
+ if (unlikely(flags & DRM_MASTER))
+ up_read(&dev->master_rwsem);
if (locked_ioctl)
mutex_unlock(&drm_global_mutex);
return retcode;
@@ -500,6 +500,18 @@ int drm_mode_create_lease_ioctl(struct drm_device *dev,
return -EINVAL;
}
+ /* Clone the lessor file to create a new file for us */
+ DRM_DEBUG_LEASE("Allocating lease file\n");
+ lessee_file = file_clone_open(lessor_file);
+ if (IS_ERR(lessee_file))
+ return PTR_ERR(lessee_file);
+
+ down_read(&dev->master_rwsem);
+ if (unlikely(!drm_is_current_master(lessor_priv))) {
+ ret = -EACCES;
+ goto out_file;
+ }
+
lessor = drm_file_get_master(lessor_priv);
/* Do not allow sub-leases */
if (lessor->lessor) {
@@ -547,14 +559,6 @@ int drm_mode_create_lease_ioctl(struct drm_device *dev,
goto out_leases;
}
- /* Clone the lessor file to create a new file for us */
- DRM_DEBUG_LEASE("Allocating lease file\n");
- lessee_file = file_clone_open(lessor_file);
- if (IS_ERR(lessee_file)) {
- ret = PTR_ERR(lessee_file);
- goto out_lessee;
- }
-
lessee_priv = lessee_file->private_data;
/* Change the file to a master one */
drm_master_put(&lessee_priv->master);
@@ -571,17 +575,19 @@ int drm_mode_create_lease_ioctl(struct drm_device *dev,
fd_install(fd, lessee_file);
drm_master_put(&lessor);
+ up_read(&dev->master_rwsem);
DRM_DEBUG_LEASE("drm_mode_create_lease_ioctl succeeded\n");
return 0;
-out_lessee:
- drm_master_put(&lessee);
-
out_leases:
put_unused_fd(fd);
out_lessor:
drm_master_put(&lessor);
+
+out_file:
+ up_read(&dev->master_rwsem);
+ fput(lessee_file);
DRM_DEBUG_LEASE("drm_mode_create_lease_ioctl failed: %d\n", ret);
return ret;
}
@@ -705,6 +711,11 @@ int drm_mode_revoke_lease_ioctl(struct drm_device *dev,
if (!drm_core_check_feature(dev, DRIVER_MODESET))
return -EOPNOTSUPP;
+ down_write(&dev->master_rwsem);
+ if (unlikely(!drm_is_current_master(lessor_priv))) {
+ ret = -EACCES;
+ goto unlock;
+ }
lessor = drm_file_get_master(lessor_priv);
mutex_lock(&dev->mode_config.idr_mutex);
@@ -728,5 +739,7 @@ int drm_mode_revoke_lease_ioctl(struct drm_device *dev,
mutex_unlock(&dev->mode_config.idr_mutex);
drm_master_put(&lessor);
+unlock:
+ up_write(&dev->master_rwsem);
return ret;
}
@@ -151,6 +151,12 @@ struct drm_device {
* Lock for &drm_device.master, &drm_file.was_master,
* &drm_file.is_master, &drm_file.master, &drm_master.unique,
* &drm_master.unique_len, and &drm_master.magic_map.
+ *
+ * Additionally, synchronizes access rights to exclusive resources like
+ * modesetting access between multiple users. For example, users that
+ * can change the modeset or display state must hold a read lock on
+ * @master_rwsem, and users that change modesetting rights should hold
+ * a write lock.
*/
struct rw_semaphore master_rwsem;