| Message ID | 20190722174025.9830-2-emil.l.velikov@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/3] drm/vmwgfx: check master authentication in surface_ref ioctls | expand |
On 2019/07/22, Emil Velikov wrote: > From: Emil Velikov <emil.velikov@collabora.com> > > Realistically no drivers, but vmwgfx care about the DRM_AUTH flag here. > > Follow-up work in this driver will properly isolate primary clients from > different master realms, thus we'll no longer need to parse _any_ ioctl > flags. > > Until that work lands, add a local workaround. > > Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> > Cc: Thomas Hellstrom <thellstrom@vmware.com> > Signed-off-by: Emil Velikov <emil.velikov@collabora.com> > --- > I'd like to merge this through the drm-misc tree. Ack and rb are > appreciated. > > Thanks > Emil > --- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > index 275d90fe2a25..32c18bb482a6 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > @@ -1131,6 +1131,15 @@ static long vmw_generic_ioctl(struct file *filp, unsigned int cmd, > } else if (!drm_ioctl_flags(nr, &flags)) > return -EINVAL; > > + /* > + * Little workaround until the vmwgfx patches providing isolation of > + * primary clients from different master realms lands. > + * With that work, we'll no longer need to parse _any_ ioctl flags. > + */ > + if (nr == 0x2d /* DRM_IOCTL_PRIME_HANDLE_TO_FD */ || > + nr == 0x2e /* DRM_IOCTL_PRIME_FD_TO_HANDLE */) > + flags != DRM_AUTH; > + > vmaster = vmw_master_check(dev, file_priv, flags); > if (IS_ERR(vmaster)) { > ret = PTR_ERR(vmaster); > -- Hi Deepak, As far as I can tell Thomas is on holidays for another 2+ weeks. Is there anyone else in the team who can review the VMWare patches of this series? I tested the lot quickly, but additional confirmation would be appreciated. You can find the series via the "VMware Graphics" alias, or in the patchwork link below. https://patchwork.freedesktop.org/series/64024/ Thanks Emil
> Hi Deepak, > > As far as I can tell Thomas is on holidays for another 2+ weeks. > > Is there anyone else in the team who can review the VMWare patches of > this series? I tested the lot quickly, but additional confirmation > would > be appreciated. > > You can find the series via the "VMware Graphics" alias, or in the > patchwork link below. Hi Emil, I can look into your patches and I did had a cursory look at those and to be honest I don't really know this area and also since it deals with security I thought a RB from Thomas would be nice. I will devote some more time on your patches. Thanks for doing this.
On Mon, 2019-07-22 at 18:40 +0100, Emil Velikov wrote: > From: Emil Velikov <emil.velikov@collabora.com> > > Realistically no drivers, but vmwgfx care about the DRM_AUTH flag > here. > > Follow-up work in this driver will properly isolate primary clients > from > different master realms, thus we'll no longer need to parse _any_ > ioctl > flags. > > Until that work lands, add a local workaround. > > Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> > Cc: Thomas Hellstrom <thellstrom@vmware.com> > Signed-off-by: Emil Velikov <emil.velikov@collabora.com> > --- > I'd like to merge this through the drm-misc tree. Ack and rb are > appreciated. > > Thanks > Emil > --- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > index 275d90fe2a25..32c18bb482a6 100644 > --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c > @@ -1131,6 +1131,15 @@ static long vmw_generic_ioctl(struct file > *filp, unsigned int cmd, > } else if (!drm_ioctl_flags(nr, &flags)) > return -EINVAL; > > + /* > + * Little workaround until the vmwgfx patches providing > isolation of > + * primary clients from different master realms lands. > + * With that work, we'll no longer need to parse _any_ ioctl > flags. > + */ > + if (nr == 0x2d /* DRM_IOCTL_PRIME_HANDLE_TO_FD */ || > + nr == 0x2e /* DRM_IOCTL_PRIME_FD_TO_HANDLE */) > + flags != DRM_AUTH; Do you mean bitwise OR assignment? In current form this is no-op. > + > vmaster = vmw_master_check(dev, file_priv, flags); > if (IS_ERR(vmaster)) { > ret = PTR_ERR(vmaster);
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 275d90fe2a25..32c18bb482a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1131,6 +1131,15 @@ static long vmw_generic_ioctl(struct file *filp, unsigned int cmd, } else if (!drm_ioctl_flags(nr, &flags)) return -EINVAL; + /* + * Little workaround until the vmwgfx patches providing isolation of + * primary clients from different master realms lands. + * With that work, we'll no longer need to parse _any_ ioctl flags. + */ + if (nr == 0x2d /* DRM_IOCTL_PRIME_HANDLE_TO_FD */ || + nr == 0x2e /* DRM_IOCTL_PRIME_FD_TO_HANDLE */) + flags != DRM_AUTH; + vmaster = vmw_master_check(dev, file_priv, flags); if (IS_ERR(vmaster)) { ret = PTR_ERR(vmaster);