From patchwork Wed Jul 17 16:45:30 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jesse Barnes <jbarnes@virtuousgeek.org>
X-Patchwork-Id: 2828873
Return-Path: 
 <intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org>
X-Original-To: patchwork-intel-gfx@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id AB13AC0AB2
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Wed, 17 Jul 2013 16:50:00 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id B39AC2037B
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Wed, 17 Jul 2013 16:49:59 +0000 (UTC)
Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177])
	by mail.kernel.org (Postfix) with ESMTP id D5275203E9
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Wed, 17 Jul 2013 16:49:58 +0000 (UTC)
Received: from gabe.freedesktop.org (localhost [127.0.0.1])
	by gabe.freedesktop.org (Postfix) with ESMTP id C4E2DE64E9
	for <patchwork-intel-gfx@patchwork.kernel.org>;
	Wed, 17 Jul 2013 09:49:58 -0700 (PDT)
X-Original-To: intel-gfx@lists.freedesktop.org
Delivered-To: intel-gfx@lists.freedesktop.org
Received: from oproxy14-pub.unifiedlayer.com (oproxy14-pub.unifiedlayer.com
	[67.222.51.224])
	by gabe.freedesktop.org (Postfix) with SMTP id 23369E5C40
	for <intel-gfx@lists.freedesktop.org>;
	Wed, 17 Jul 2013 09:49:47 -0700 (PDT)
Received: (qmail 12474 invoked by uid 0); 17 Jul 2013 16:45:32 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114)
	by oproxy14.unifiedlayer.com with SMTP; 17 Jul 2013 16:45:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=virtuousgeek.org; s=default;
	h=Message-Id:Date:Subject:To:From;
	bh=Wlv5MB3CjCkVBT0b5rFUNxTW6ogeS3ACbUA5QoQTlUI=;
	b=lqqyR7g3ymStTd3B/xiYqZqR9uN4/WFK7iH1dVaeUmwGvjr8hwrBxsthRW6Xu0hOBr0HERZ94/JBf4/zU8KGtcup6NdGlwvgQBaVjNC1eL1pCWFVV35hXntVoPKcJ3F7;
Received: from [67.161.37.189] (port=51633 helo=localhost.localdomain)
	by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256)
	(Exim 4.80) (envelope-from <jbarnes@virtuousgeek.org>)
	id 1UzUr5-00054a-Pl
	for intel-gfx@lists.freedesktop.org; Wed, 17 Jul 2013 10:45:31 -0600
From: Jesse Barnes <jbarnes@virtuousgeek.org>
To: intel-gfx@lists.freedesktop.org
Date: Wed, 17 Jul 2013 09:45:30 -0700
Message-Id: <1374079530-3919-1-git-send-email-jbarnes@virtuousgeek.org>
X-Mailer: git-send-email 1.7.9.5
X-Identified-User: {10642:box514.bluehost.com:virtuous:virtuousgeek.org}
	{sentby:smtp auth 67.161.37.189 authed with
	jbarnes@virtuousgeek.org}
Subject: [Intel-gfx] [PATCH] drm/i915: allow root to submit secure buffers
	even if !master
X-BeenThere: intel-gfx@lists.freedesktop.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Intel graphics driver community testing & development
	<intel-gfx.lists.freedesktop.org>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
	<mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
MIME-Version: 1.0
Sender: 
 intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org
Errors-To: 
 intel-gfx-bounces+patchwork-intel-gfx=patchwork.kernel.org@lists.freedesktop.org
X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

This should allow userland tools running under X to submit secure
batches for various things.  This gives master DRM clients slightly more
permissions, but doesn't give regular processes any more, since a root
process can already map the registers directly and poke at hw.

Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
---
 drivers/gpu/drm/i915/i915_gem_execbuffer.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index 1b58694..377aa1f 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -858,10 +858,10 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data,
 
 	flags = 0;
 	if (args->flags & I915_EXEC_SECURE) {
-		if (!file->is_master || !capable(CAP_SYS_ADMIN))
-		    return -EPERM;
-
-		flags |= I915_DISPATCH_SECURE;
+		if (file->is_master || capable(CAP_SYS_ADMIN))
+			flags |= I915_DISPATCH_SECURE;
+		else
+			return -EPERM;
 	}
 	if (args->flags & I915_EXEC_IS_PINNED)
 		flags |= I915_DISPATCH_PINNED;