From patchwork Mon Jan 14 08:54:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 10761767 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A18C66C2 for ; Mon, 14 Jan 2019 08:57:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 92C00289AD for ; Mon, 14 Jan 2019 08:57:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 86963289C4; Mon, 14 Jan 2019 08:57:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4E843289AD for ; Mon, 14 Jan 2019 08:57:45 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 52ADA6E6E8; Mon, 14 Jan 2019 08:57:41 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by gabe.freedesktop.org (Postfix) with ESMTPS id CFFE76E5F7; Mon, 14 Jan 2019 08:57:39 +0000 (UTC) Received: by mail-wr1-x444.google.com with SMTP id p4so21839450wrt.7; Mon, 14 Jan 2019 00:57:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=QHmMsS/MldYLGle/SYxHsMRUogOBdgVDLkWTEn79/do=; b=QX+0oZYC0USmrqykKtRhbz9Ylb9NLL/5qDjsqWT/fcQ/BZ/5UL32YPPm7wy/qL1Jby 74bkh73jj5BM1OfI7J/nhHtA8pKzvTJ1JqNZXRAXN7XiStbiJUTL6xCiy1f6WZwOJxii fpTUnBlPcYG6CFmLtrK8YbwgyFToi/topotykLizzbz/yTIs8FTQBn9Wh8Atw6GfnC59 oI4ENuzFE4Zf4atbFNX2Z7AjHFJFSA6S1bcJ2qu4ONCLV5yVoYjIggSTt/qr5W/t9Tqe D1Gs/enypw6EHR8dfKg0hhgoYEAvPBwWO+EaUh2l/4/dhNkWrG6u5Ij9MdEXEQXw38t/ 6IVg== X-Gm-Message-State: AJcUukcw4dHPRxgk3nsSvicPfaUutLAPA7byMXe1xPNlZMmV4EfzPO4z 3MB3uX1G7Yq0+OAfSrik9lIF3xvU X-Google-Smtp-Source: ALg8bN6Qa5m2DbVdSD5S+TfbIumUbw9hThGvufzIhT6vkckxy4R6xr3T4JF4EqmQG2wcYxYrscNyDg== X-Received: by 2002:adf:c108:: with SMTP id r8mr24181429wre.233.1547456258337; Mon, 14 Jan 2019 00:57:38 -0800 (PST) Received: from localhost.localdomain (cpc91192-cmbg18-2-0-cust374.5-4.cable.virginm.net. [80.6.113.119]) by smtp.gmail.com with ESMTPSA id c21sm16173102wre.71.2019.01.14.00.57.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Jan 2019 00:57:37 -0800 (PST) From: Emil Velikov To: dri-devel@lists.freedesktop.org Subject: [PATCH v2 1/2] drm: annotate drm_core_check_feature() dev arg. as const Date: Mon, 14 Jan 2019 08:54:07 +0000 Message-Id: <20190114085408.15933-1-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Daniel Vetter , intel-gfx@lists.freedesktop.org, emil.l.velikov@gmail.com Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov This static inline function doesn't modify any state. Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter --- include/drm/drm_drv.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h index 3199ef70c007..211d2bfd0b94 100644 --- a/include/drm/drm_drv.h +++ b/include/drm/drm_drv.h @@ -658,7 +658,7 @@ static inline bool drm_dev_is_unplugged(struct drm_device *dev) * * Returns true if the @feature is supported, false otherwise. */ -static inline bool drm_core_check_feature(struct drm_device *dev, u32 feature) +static inline bool drm_core_check_feature(const struct drm_device *dev, u32 feature) { return dev->driver->driver_features & dev->driver_features & feature; } From patchwork Mon Jan 14 08:54:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 10761769 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CE8A5139A for ; Mon, 14 Jan 2019 08:57:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C02F3289AD for ; Mon, 14 Jan 2019 08:57:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B4831289C4; Mon, 14 Jan 2019 08:57:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5DCAB289AD for ; Mon, 14 Jan 2019 08:57:47 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 3A4CC6E6B9; Mon, 14 Jan 2019 08:57:43 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) by gabe.freedesktop.org (Postfix) with ESMTPS id E29036E6B9; Mon, 14 Jan 2019 08:57:40 +0000 (UTC) Received: by mail-wr1-x442.google.com with SMTP id u4so21864144wrp.3; Mon, 14 Jan 2019 00:57:40 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Sd0KniKnn0yYPNuZSXZKd/8f3Hm851OoZ0neOUo9PF8=; b=VnI2xtiYFPWPfhlOe/gA+0LrSEqJK9QkIWA7YUi6uTfh8nLiST2nuEX72tzHYbsrnc ZpeZfGI00xcmaNVPBNzKHRliCDZfxZCj7bjgt3ZxrYdnClvRHMf4eMUCrNeRSUvoZroc 29LjEx/LK+V4w0TwUqujOEJK2WSYc+5F+1bFrA7O1NOR9sIQ8kVCKFDV93Is93GjSv5Z N88ohyJpnuRIh/DIUDfOEb5cU8ImK/xxo3ysQPYpYuHeMnUH361NwAIRqiWEdL88Vizw KgWWcMt6p5qpFDCUBeixYE2ibBOTr3z+gJiBnOOyJugj0YfIYj/BMZeh35dV6Z04Upuw jW9Q== X-Gm-Message-State: AJcUukf4IJCn/Pi+pk1nb5UwD4Y6U396nsjc4kINau1GJqPpKmW21dcU m9vFgZzugqNXUsBSvLs+onkJveqU X-Google-Smtp-Source: ALg8bN58izAmcBhrXgSjT2jkN673xArNHXarg+WBDFnbRlMhP6+2hABODhdZoSs2CXnDk93/00P3hA== X-Received: by 2002:adf:d1d2:: with SMTP id m18mr24254771wri.138.1547456259295; Mon, 14 Jan 2019 00:57:39 -0800 (PST) Received: from localhost.localdomain (cpc91192-cmbg18-2-0-cust374.5-4.cable.virginm.net. [80.6.113.119]) by smtp.gmail.com with ESMTPSA id c21sm16173102wre.71.2019.01.14.00.57.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Jan 2019 00:57:38 -0800 (PST) From: Emil Velikov To: dri-devel@lists.freedesktop.org Subject: [PATCH v2 2/2] drm: allow render capable master with DRM_AUTH ioctls Date: Mon, 14 Jan 2019 08:54:08 +0000 Message-Id: <20190114085408.15933-2-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190114085408.15933-1-emil.l.velikov@gmail.com> References: <20190114085408.15933-1-emil.l.velikov@gmail.com> MIME-Version: 1.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: intel-gfx@lists.freedesktop.org, emil.l.velikov@gmail.com Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov There are cases (in mesa and applications) where one would open the primary node without properly authenticating the client. Sometimes we don't check if the authentication succeeds, but there's also cases we simply forget to do it. The former was a case for Mesa where it did not not check the return value of drmGetMagic() [1]. That was fixed recently although, there's the question of older drivers or other apps that exbibit this behaviour. While omitting the call results in issues as seen in [2] and [3]. In the libva case, libva itself doesn't authenticate the DRM client and the vaGetDisplayDRM documentation doesn't mention if the app should either. As of today, the official vainfo utility doesn't authenticate. To workaround issues like these, some users resort to running their apps under sudo. Which admittedly isn't always a good idea. Since any DRIVER_RENDER driver has sufficient isolation between clients, we can use that, for unauthenticated [primary node] ioctls that require DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. v2: - Rework/simplify if check (Daniel V) - Add examples to commit messages, elaborate. (Daniel V) [1] https://gitlab.freedesktop.org/mesa/mesa/blob/2bc1f5c2e70fe3b4d41f060af9859bc2a94c5b62/src/egl/drivers/dri2/platform_wayland.c#L1136 [2] https://lists.freedesktop.org/archives/libva/2016-July/004185.html [3] https://gitlab.freedesktop.org/mesa/kmscube/issues/1 Testcase: igt/core_unauth_vs_render Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter --- Daniel, the if conditionals did not work exactly as you put them. This is the closest thing that I can think of. --- drivers/gpu/drm/drm_ioctl.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 94bd872d56c4..08a0b4cc3a76 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -507,6 +507,13 @@ int drm_version(struct drm_device *dev, void *data, return err; } +static inline bool +drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags) +{ + return drm_core_check_feature(dev, DRIVER_RENDER) && + (flags & DRM_RENDER_ALLOW); +} + /** * drm_ioctl_permit - Check ioctl permissions against caller * @@ -521,14 +528,19 @@ int drm_version(struct drm_device *dev, void *data, */ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) { + const struct drm_device *dev = file_priv->minor->dev; + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) return -EACCES; - /* AUTH is only for authenticated or render client */ - if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && - !file_priv->authenticated)) - return -EACCES; + /* AUTH is only for master ... */ + if ((flags & DRM_AUTH) && drm_is_primary_client(file_priv)) { + /* authenticated ones, or render capable on DRM_RENDER_ALLOW. */ + if (unlikely(!file_priv->authenticated) && + unlikely(!drm_render_driver_and_ioctl(dev, flags))) + return -EACCES; + } /* MASTER is only for master or control clients */ if (unlikely((flags & DRM_MASTER) &&