From patchwork Wed Jul 17 16:45:30 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Barnes X-Patchwork-Id: 2828873 Return-Path: X-Original-To: patchwork-intel-gfx@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id AB13AC0AB2 for ; Wed, 17 Jul 2013 16:50:00 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id B39AC2037B for ; Wed, 17 Jul 2013 16:49:59 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id D5275203E9 for ; Wed, 17 Jul 2013 16:49:58 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id C4E2DE64E9 for ; Wed, 17 Jul 2013 09:49:58 -0700 (PDT) X-Original-To: intel-gfx@lists.freedesktop.org Delivered-To: intel-gfx@lists.freedesktop.org Received: from oproxy14-pub.unifiedlayer.com (oproxy14-pub.unifiedlayer.com [67.222.51.224]) by gabe.freedesktop.org (Postfix) with SMTP id 23369E5C40 for ; Wed, 17 Jul 2013 09:49:47 -0700 (PDT) Received: (qmail 12474 invoked by uid 0); 17 Jul 2013 16:45:32 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy14.unifiedlayer.com with SMTP; 17 Jul 2013 16:45:32 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuousgeek.org; s=default; h=Message-Id:Date:Subject:To:From; bh=Wlv5MB3CjCkVBT0b5rFUNxTW6ogeS3ACbUA5QoQTlUI=; b=lqqyR7g3ymStTd3B/xiYqZqR9uN4/WFK7iH1dVaeUmwGvjr8hwrBxsthRW6Xu0hOBr0HERZ94/JBf4/zU8KGtcup6NdGlwvgQBaVjNC1eL1pCWFVV35hXntVoPKcJ3F7; Received: from [67.161.37.189] (port=51633 helo=localhost.localdomain) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.80) (envelope-from ) id 1UzUr5-00054a-Pl for intel-gfx@lists.freedesktop.org; Wed, 17 Jul 2013 10:45:31 -0600 From: Jesse Barnes To: intel-gfx@lists.freedesktop.org Date: Wed, 17 Jul 2013 09:45:30 -0700 Message-Id: <1374079530-3919-1-git-send-email-jbarnes@virtuousgeek.org> X-Mailer: git-send-email 1.7.9.5 X-Identified-User: {10642:box514.bluehost.com:virtuous:virtuousgeek.org} {sentby:smtp auth 67.161.37.189 authed with jbarnes@virtuousgeek.org} Subject: [Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers even if !master X-BeenThere: intel-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Intel graphics driver community testing & development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org Errors-To: intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This should allow userland tools running under X to submit secure batches for various things. This gives master DRM clients slightly more permissions, but doesn't give regular processes any more, since a root process can already map the registers directly and poke at hw. Signed-off-by: Jesse Barnes --- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c index 1b58694..377aa1f 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, flags = 0; if (args->flags & I915_EXEC_SECURE) { - if (!file->is_master || !capable(CAP_SYS_ADMIN)) - return -EPERM; - - flags |= I915_DISPATCH_SECURE; + if (file->is_master || capable(CAP_SYS_ADMIN)) + flags |= I915_DISPATCH_SECURE; + else + return -EPERM; } if (args->flags & I915_EXEC_IS_PINNED) flags |= I915_DISPATCH_PINNED;