drm: Check for lessee in DROP_MASTER ioctl
diff mbox

Message ID 20180119015159.1606-1-keithp@keithp.com
State New
Headers show

Commit Message

Keith Packard Jan. 19, 2018, 1:51 a.m. UTC
Don't let a lessee control what the current DRM master is set to;
that's the job of the "real" master. Otherwise, the lessee would
disable all access to master operations for the owner and all lessees
under it.

This matches the same check made in the SET_MASTER ioctl.

Signed-off-by: Keith Packard <keithp@keithp.com>
---
 drivers/gpu/drm/drm_auth.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Daniel Vetter Jan. 30, 2018, 9:34 a.m. UTC | #1
On Thu, Jan 18, 2018 at 05:51:59PM -0800, Keith Packard wrote:
> Don't let a lessee control what the current DRM master is set to;
> that's the job of the "real" master. Otherwise, the lessee would
> disable all access to master operations for the owner and all lessees
> under it.
> 
> This matches the same check made in the SET_MASTER ioctl.
> 
> Signed-off-by: Keith Packard <keithp@keithp.com>

Similar check for setmaster already exists, so looks all good. Do we have
an igt for all this? Iirc there was one floating around, but no idea
what's the status. Might also be good to resubmit them so i915 CI can run
the tests (now that the code has landed).

On the patch itself, minus lack of testcases:

Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>

> ---
>  drivers/gpu/drm/drm_auth.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c
> index aad468d170a7..d9c0f7573905 100644
> --- a/drivers/gpu/drm/drm_auth.c
> +++ b/drivers/gpu/drm/drm_auth.c
> @@ -230,6 +230,12 @@ int drm_dropmaster_ioctl(struct drm_device *dev, void *data,
>  	if (!dev->master)
>  		goto out_unlock;
>  
> +	if (file_priv->master->lessor != NULL) {
> +		DRM_DEBUG_LEASE("Attempt to drop lessee %d as master\n", file_priv->master->lessee_id);
> +		ret = -EINVAL;
> +		goto out_unlock;
> +	}
> +
>  	ret = 0;
>  	drm_drop_master(dev, file_priv);
>  out_unlock:
> -- 
> 2.15.1
>
Keith Packard Jan. 30, 2018, 7:55 p.m. UTC | #2
Daniel Vetter <daniel@ffwll.ch> writes:

> On Thu, Jan 18, 2018 at 05:51:59PM -0800, Keith Packard wrote:
>> Don't let a lessee control what the current DRM master is set to;
>> that's the job of the "real" master. Otherwise, the lessee would
>> disable all access to master operations for the owner and all lessees
>> under it.
>> 
>> This matches the same check made in the SET_MASTER ioctl.
>> 
>> Signed-off-by: Keith Packard <keithp@keithp.com>
>
> Similar check for setmaster already exists, so looks all good. Do we have
> an igt for all this? Iirc there was one floating around, but no idea
> what's the status. Might also be good to resubmit them so i915 CI can run
> the tests (now that the code has landed).

I've got IGT tests for leasing which have been posted to dri-devel but I
don't think they've been reviewed. Looks like they could use some more
test cases; I didn't catch this one until I was playing with my 'xlease'
hack, which runs the X server on a leased FD.

> On the patch itself, minus lack of testcases:
>
> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>

Thanks!
Daniel Vetter Jan. 31, 2018, 8:13 a.m. UTC | #3
On Tue, Jan 30, 2018 at 11:55:01AM -0800, Keith Packard wrote:
> Daniel Vetter <daniel@ffwll.ch> writes:
> 
> > On Thu, Jan 18, 2018 at 05:51:59PM -0800, Keith Packard wrote:
> >> Don't let a lessee control what the current DRM master is set to;
> >> that's the job of the "real" master. Otherwise, the lessee would
> >> disable all access to master operations for the owner and all lessees
> >> under it.
> >> 
> >> This matches the same check made in the SET_MASTER ioctl.
> >> 
> >> Signed-off-by: Keith Packard <keithp@keithp.com>
> >
> > Similar check for setmaster already exists, so looks all good. Do we have
> > an igt for all this? Iirc there was one floating around, but no idea
> > what's the status. Might also be good to resubmit them so i915 CI can run
> > the tests (now that the code has landed).
> 
> I've got IGT tests for leasing which have been posted to dri-devel but I
> don't think they've been reviewed. Looks like they could use some more
> test cases; I didn't catch this one until I was playing with my 'xlease'
> hack, which runs the X server on a leased FD.

Can you pls resubmit (preferrably with the new nasty tests added) to
igt-dev@lists.freedesktop.org (we have a new m-l for igt stuff)?

> > On the patch itself, minus lack of testcases:
> >
> > Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> 
> Thanks!

Realized I should better apply this, and done :-)
-Daniel

Patch
diff mbox

diff --git a/drivers/gpu/drm/drm_auth.c b/drivers/gpu/drm/drm_auth.c
index aad468d170a7..d9c0f7573905 100644
--- a/drivers/gpu/drm/drm_auth.c
+++ b/drivers/gpu/drm/drm_auth.c
@@ -230,6 +230,12 @@  int drm_dropmaster_ioctl(struct drm_device *dev, void *data,
 	if (!dev->master)
 		goto out_unlock;
 
+	if (file_priv->master->lessor != NULL) {
+		DRM_DEBUG_LEASE("Attempt to drop lessee %d as master\n", file_priv->master->lessee_id);
+		ret = -EINVAL;
+		goto out_unlock;
+	}
+
 	ret = 0;
 	drm_drop_master(dev, file_priv);
 out_unlock: