From patchwork Mon May 27 08:17:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 10962237 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1D91413AD for ; Mon, 27 May 2019 08:19:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0FEB12899B for ; Mon, 27 May 2019 08:19:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0437B28A49; Mon, 27 May 2019 08:19:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9EBE42899B for ; Mon, 27 May 2019 08:19:28 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id BA8FE89948; Mon, 27 May 2019 08:19:21 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by gabe.freedesktop.org (Postfix) with ESMTPS id 873C189948; Mon, 27 May 2019 08:19:19 +0000 (UTC) Received: by mail-wm1-x342.google.com with SMTP id z23so10813091wma.4; Mon, 27 May 2019 01:19:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EzMIqXAbWE/gV2RBZB2W7ChrFwajusw59ENhgOUcS9g=; b=qozXh27R1298w18vqvIFfd9X31p3iMTwdIXt0aWt+/LM5rtkXi0dJ3ZlyGu2Zzzxry Htt6h/FEyjN19R8qoahdY/AXRcVrhs160rctUE8J2AalBeqMra/2jomqy7qhJsr/ILQo E7chGnlKoDU020SSetXSNY3OvDuXEBlhK9q6bWZDS61ISqr7FrpFtwTOukw0tdlSeUIw XdENcbwtYFxXLrhkmD02NJp1k7pYanQxLGr0S/HckDcILAPlgDWUhj/08qQ58W5Zyyzc RqKgdHAw6a6OsiVPUdA8KmHZux0IIZcFA05xHy+lKqtUd1EB4AIBWfNWkpQHIqV97gcs 5rng== X-Gm-Message-State: APjAAAUSRvbkuSkfwHd8FPD4VmsYi1ykmwsRNaIpASI0dtmEag6OQjmK eFB3FUI6Y0ErJV6ASpzn/GycPjpr X-Google-Smtp-Source: APXvYqy5Rb1kFc9bSW+4KL4fMfAezb7U2gFr8cBAZrQL/4xzr4/MlMs0qVCPdz5OBrB7LV05aZB4SA== X-Received: by 2002:a05:600c:28d:: with SMTP id 13mr25092545wmk.15.1558945157803; Mon, 27 May 2019 01:19:17 -0700 (PDT) Received: from localhost.localdomain (cpc91192-cmbg18-2-0-cust374.5-4.cable.virginm.net. [80.6.113.119]) by smtp.gmail.com with ESMTPSA id a124sm7511876wmh.3.2019.05.27.01.19.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 May 2019 01:19:17 -0700 (PDT) From: Emil Velikov To: dri-devel@lists.freedesktop.org Date: Mon, 27 May 2019 09:17:33 +0100 Message-Id: <20190527081741.14235-5-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190527081741.14235-1-emil.l.velikov@gmail.com> References: <20190527081741.14235-1-emil.l.velikov@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EzMIqXAbWE/gV2RBZB2W7ChrFwajusw59ENhgOUcS9g=; b=VcdmQu9oP0Ss2g8SfVsbR9yf4amDDkNVfF4myeZnx1DaKG2doBgAO1bKjJ7xfdhamw woW63VLm2VHnZd5O38aFzWujFn6Lee+WmhZOPkbpxOJSd2wj0ckpOAPCDOaa0nLrIrh4 9jNjho7gl5tf1Jg086OXfP+xAD0qkjyCFX0Ab6+mCLGt28pPcoaz0eHCdkFC6TYDbOVl YPbxnQ55VR7RjiqVWjfQFctP5rEUloHReYWDc4EqzWjjC2bqE5hkuESnl8fkUWRXpnCI kTnMw4q0W7a1ZpSibxFhbaWy/jTAY/OB6aaLRk9rTFpaJS76+8yLL9+XGGm1x+I5/Fyl XeuQ== Subject: [Intel-gfx] [PATCH 05/13] drm/i915: drop DRM_AUTH from DRM_RENDER_ALLOW ioctls X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Airlie , intel-gfx@lists.freedesktop.org Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov The authentication can be circumvented, by design, by using the render node. From the driver POV there is no distinction between primary and render nodes, thus we can drop the token. Note: the outstanding DRM_AUTH instances are: - legacy DRI1 ioctls, which are already neutered - modern but deprecated ioctls Cc: Jani Nikula Cc: Joonas Lahtinen Cc: Rodrigo Vivi Cc: intel-gfx@lists.freedesktop.org Cc: David Airlie Cc: Daniel Vetter Signed-off-by: Emil Velikov --- drivers/gpu/drm/i915/i915_drv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c index 1ad88e6d7c04..ea7a713654dd 100644 --- a/drivers/gpu/drm/i915/i915_drv.c +++ b/drivers/gpu/drm/i915/i915_drv.c @@ -3098,7 +3098,7 @@ static const struct drm_ioctl_desc i915_ioctls[] = { DRM_IOCTL_DEF_DRV(I915_BATCHBUFFER, drm_noop, DRM_AUTH), DRM_IOCTL_DEF_DRV(I915_IRQ_EMIT, drm_noop, DRM_AUTH), DRM_IOCTL_DEF_DRV(I915_IRQ_WAIT, drm_noop, DRM_AUTH), - DRM_IOCTL_DEF_DRV(I915_GETPARAM, i915_getparam_ioctl, DRM_AUTH|DRM_RENDER_ALLOW), + DRM_IOCTL_DEF_DRV(I915_GETPARAM, i915_getparam_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_SETPARAM, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF_DRV(I915_ALLOC, drm_noop, DRM_AUTH), DRM_IOCTL_DEF_DRV(I915_FREE, drm_noop, DRM_AUTH), @@ -3111,13 +3111,13 @@ static const struct drm_ioctl_desc i915_ioctls[] = { DRM_IOCTL_DEF_DRV(I915_HWS_ADDR, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF_DRV(I915_GEM_INIT, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF_DRV(I915_GEM_EXECBUFFER, i915_gem_execbuffer_ioctl, DRM_AUTH), - DRM_IOCTL_DEF_DRV(I915_GEM_EXECBUFFER2_WR, i915_gem_execbuffer2_ioctl, DRM_AUTH|DRM_RENDER_ALLOW), + DRM_IOCTL_DEF_DRV(I915_GEM_EXECBUFFER2_WR, i915_gem_execbuffer2_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_GEM_PIN, i915_gem_reject_pin_ioctl, DRM_AUTH|DRM_ROOT_ONLY), DRM_IOCTL_DEF_DRV(I915_GEM_UNPIN, i915_gem_reject_pin_ioctl, DRM_AUTH|DRM_ROOT_ONLY), - DRM_IOCTL_DEF_DRV(I915_GEM_BUSY, i915_gem_busy_ioctl, DRM_AUTH|DRM_RENDER_ALLOW), + DRM_IOCTL_DEF_DRV(I915_GEM_BUSY, i915_gem_busy_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_GEM_SET_CACHING, i915_gem_set_caching_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_GEM_GET_CACHING, i915_gem_get_caching_ioctl, DRM_RENDER_ALLOW), - DRM_IOCTL_DEF_DRV(I915_GEM_THROTTLE, i915_gem_throttle_ioctl, DRM_AUTH|DRM_RENDER_ALLOW), + DRM_IOCTL_DEF_DRV(I915_GEM_THROTTLE, i915_gem_throttle_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_GEM_ENTERVT, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF_DRV(I915_GEM_LEAVEVT, drm_noop, DRM_AUTH|DRM_MASTER|DRM_ROOT_ONLY), DRM_IOCTL_DEF_DRV(I915_GEM_CREATE, i915_gem_create_ioctl, DRM_RENDER_ALLOW), @@ -3136,7 +3136,7 @@ static const struct drm_ioctl_desc i915_ioctls[] = { DRM_IOCTL_DEF_DRV(I915_OVERLAY_ATTRS, intel_overlay_attrs_ioctl, DRM_MASTER), DRM_IOCTL_DEF_DRV(I915_SET_SPRITE_COLORKEY, intel_sprite_set_colorkey_ioctl, DRM_MASTER), DRM_IOCTL_DEF_DRV(I915_GET_SPRITE_COLORKEY, drm_noop, DRM_MASTER), - DRM_IOCTL_DEF_DRV(I915_GEM_WAIT, i915_gem_wait_ioctl, DRM_AUTH|DRM_RENDER_ALLOW), + DRM_IOCTL_DEF_DRV(I915_GEM_WAIT, i915_gem_wait_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_GEM_CONTEXT_CREATE_EXT, i915_gem_context_create_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_GEM_CONTEXT_DESTROY, i915_gem_context_destroy_ioctl, DRM_RENDER_ALLOW), DRM_IOCTL_DEF_DRV(I915_REG_READ, i915_reg_read_ioctl, DRM_RENDER_ALLOW), From patchwork Mon May 27 08:17:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 10962253 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B0B5E1390 for ; Mon, 27 May 2019 08:19:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A21E52899B for ; Mon, 27 May 2019 08:19:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 96BA428AB7; Mon, 27 May 2019 08:19:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3465A28A49 for ; Mon, 27 May 2019 08:19:47 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 9714F899D4; Mon, 27 May 2019 08:19:32 +0000 (UTC) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by gabe.freedesktop.org (Postfix) with ESMTPS id EF220899BB; Mon, 27 May 2019 08:19:29 +0000 (UTC) Received: by mail-wm1-x344.google.com with SMTP id y3so15205298wmm.2; Mon, 27 May 2019 01:19:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uK0Mrs5yWSzGtug9DHyijgzhxVTAvc037nQIpG9DVsU=; b=Hwvq1JR1OuAhBYZnDG+r2feyZocx0IR23oktV893dJswgvTaqtePAgu1wn2WpWK1M5 cOcWKnLot80b9fxKCqdw/A4xEv98A6dzdo/IL+rLUB+X5HMqLT+UGoihueN/Yws1iXSX T3E34leLxqV7Z9Jf5rMi45wXRyo7/9CX+A1ZNkhkDn1IQQ4R5e2MklTSD909gWqimsMS Uvn4qF2guZfH2ZYBR0jF6rKcGeaLzuCJcUdR6IhMVcGNENEgT2rp93T7KLtzA6KD//cY x17WAehOvAV4POlPZXeL2Cgwd0aVpx7bEq73i6KCofCy0egQk3s8fboINs+Dkbjkd7V5 C8Cg== X-Gm-Message-State: APjAAAWZueg7YRBzZ5bl9PtNpLRBtktK/Jym7osMadE1jO1EQkNaXjLP YO9C3WI0WFtt3+LmQTjbyG5WkoXp X-Google-Smtp-Source: APXvYqy0KYaQV6ceZRbELAzrsy48kV+QfK5k8O8N9uv+oqEU/kdKZCQzDSD+1/X6Anx3klvI3KiSBw== X-Received: by 2002:a1c:e914:: with SMTP id q20mr4521586wmc.55.1558945166643; Mon, 27 May 2019 01:19:26 -0700 (PDT) Received: from localhost.localdomain (cpc91192-cmbg18-2-0-cust374.5-4.cable.virginm.net. [80.6.113.119]) by smtp.gmail.com with ESMTPSA id a124sm7511876wmh.3.2019.05.27.01.19.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 May 2019 01:19:26 -0700 (PDT) From: Emil Velikov To: dri-devel@lists.freedesktop.org Date: Mon, 27 May 2019 09:17:41 +0100 Message-Id: <20190527081741.14235-13-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190527081741.14235-1-emil.l.velikov@gmail.com> References: <20190527081741.14235-1-emil.l.velikov@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uK0Mrs5yWSzGtug9DHyijgzhxVTAvc037nQIpG9DVsU=; b=XZOQd6jw3swVOGIb7VG9lqItTEU5XjDJHCBlSdXY3uUncfZPpZfk+92/OdCFsRHxa4 ymetwPK+DjT2JFi/HfriliO/xHKvTzXr4z+GmW+3D81jD06LMjmqmc+K4pAKINaj7qkm SGErI2NglyZHd0lbkxUIfxNPyMO9M+YX26YBgwAZ4wA02rlgd88nI5VzkbZczdfiisH6 e4d3VIp3qJziCMiBFAxPiFda8dAq/nPhlxbv9x3SB8VPdt3M/EYwiAKnleEHBayl13VW HtqUy92O/eEtrSUE+8Edj9t+Yha7FuLiISv6THN1p9qi9uJT08gEgcumyPfufoYDsS8l AmDA== Subject: [Intel-gfx] [PATCH 13/13] drm: allow render capable master with DRM_AUTH ioctls X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: intel-gfx@lists.freedesktop.org Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov There are cases (in mesa and applications) where one would open the primary node without properly authenticating the client. Sometimes we don't check if the authentication succeeds, but there's also cases we simply forget to do it. The former was a case for Mesa where it did not not check the return value of drmGetMagic() [1]. That was fixed recently although, there's the question of older drivers or other apps that exbibit this behaviour. While omitting the call results in issues as seen in [2] and [3]. In the libva case, libva itself doesn't authenticate the DRM client and the vaGetDisplayDRM documentation doesn't mention if the app should either. As of today, the official vainfo utility doesn't authenticate. To workaround issues like these, some users resort to running their apps under sudo. Which admittedly isn't always a good idea. Since any DRIVER_RENDER driver has sufficient isolation between clients, we can use that, for unauthenticated [primary node] ioctls that require DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. v2: - Rework/simplify if check (Daniel V) - Add examples to commit messages, elaborate. (Daniel V) v3: - Use single unlikely (Daniel V) v4: - Patch was reverted because it broke AMDGPU, apply again. The AMDGPU issue is fixed with earlier patch. [1] https://gitlab.freedesktop.org/mesa/mesa/blob/2bc1f5c2e70fe3b4d41f060af9859bc2a94c5b62/src/egl/drivers/dri2/platform_wayland.c#L1136 [2] https://lists.freedesktop.org/archives/libva/2016-July/004185.html [3] https://gitlab.freedesktop.org/mesa/kmscube/issues/1 Testcase: igt/core_unauth_vs_render Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20190114085408.15933-2-emil.l.velikov@gmail.com --- drivers/gpu/drm/drm_ioctl.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 9841c0076f02..b64b022a2b29 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -511,6 +511,13 @@ int drm_version(struct drm_device *dev, void *data, return err; } +static inline bool +drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags) +{ + return drm_core_check_feature(dev, DRIVER_RENDER) && + (flags & DRM_RENDER_ALLOW); +} + /** * drm_ioctl_permit - Check ioctl permissions against caller * @@ -525,14 +532,19 @@ int drm_version(struct drm_device *dev, void *data, */ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) { + const struct drm_device *dev = file_priv->minor->dev; + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) return -EACCES; - /* AUTH is only for authenticated or render client */ - if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && - !file_priv->authenticated)) - return -EACCES; + /* AUTH is only for master ... */ + if (unlikely((flags & DRM_AUTH) && drm_is_primary_client(file_priv))) { + /* authenticated ones, or render capable on DRM_RENDER_ALLOW. */ + if (!file_priv->authenticated && + !drm_render_driver_and_ioctl(dev, flags)) + return -EACCES; + } /* MASTER is only for master or control clients */ if (unlikely((flags & DRM_MASTER) &&