From patchwork Wed Jul 3 13:31:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 11029633 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C62C0138B for ; Wed, 3 Jul 2019 13:30:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B4E38284C8 for ; Wed, 3 Jul 2019 13:30:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A90E228807; Wed, 3 Jul 2019 13:30:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5CD24284C8 for ; Wed, 3 Jul 2019 13:30:57 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 55DE16E138; Wed, 3 Jul 2019 13:30:55 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) by gabe.freedesktop.org (Postfix) with ESMTPS id E3B5A6E138 for ; Wed, 3 Jul 2019 13:30:53 +0000 (UTC) Received: by mail-wr1-x441.google.com with SMTP id p11so2838765wro.5 for ; Wed, 03 Jul 2019 06:30:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=6WLXf/VCXC4rlq9YhY4PmzJ42e/EBWSBPmZlwxVdmWQ=; b=a+7F6ufKu07CJfDM11ctA7n7CT/8dbJ/UJ519soIqVhadNc0nMGnkyrgSEnEf1F/8v oEiSRkQh/CDVRwNs9ttirQf+g8nBfdjX4UuQimibxTCJlJB2iBh0JHBhKKqu5f9yIN59 sCyyLN+v0iPpx+/K2LpNszAAgroA9wkTNZZKPZ3HcV5Wdmt52dQYIYND/TeMSiYz/EKL HFvz4XpTAF6Kr9s9+awPJBjUwx2Txy2K85tB9t79SzZB/GK6/K25QcUd1sTWnV2CFKOK lAHmrUleUN958BNmpmAbDt54mHUpPBaIWjWB+zXDUaxJgpHywC8VtVCppUEEIDo8W0eS f6Ug== X-Gm-Message-State: APjAAAVtpqT/++pYzXANNg0JHOsWF1ozsAyn6n5W+3X5oxu1/NoMGHU9 MaQXlu6zQwTSZXE3mutcNV9Xsd8m X-Google-Smtp-Source: APXvYqyUCkd/LThAkGGf1z1VJKcVBrKl4qrWywB3lYQMQ86qrn5JWnKCNY2F6yPpbI9yUTgpgNUbYQ== X-Received: by 2002:a5d:6b11:: with SMTP id v17mr15266716wrw.323.1562160652105; Wed, 03 Jul 2019 06:30:52 -0700 (PDT) Received: from arch-x1c3.cbg.collabora.co.uk ([2a00:5f00:102:0:9665:9cff:feee:aa4d]) by smtp.gmail.com with ESMTPSA id g10sm2353263wrw.60.2019.07.03.06.30.50 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 03 Jul 2019 06:30:51 -0700 (PDT) From: Emil Velikov To: dri-devel@lists.freedesktop.org Subject: [PATCH 1/3] drm/vmwgfx: check master authentication in surface_ref ioctls Date: Wed, 3 Jul 2019 14:31:02 +0100 Message-Id: <20190703133104.3211-1-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=6WLXf/VCXC4rlq9YhY4PmzJ42e/EBWSBPmZlwxVdmWQ=; b=MWo+k8bzDd7sEhOcDIGJEA0eRhKjmBFSeevzjgU3leq1MxtV6rkzWICSNIJYuyWXPx 6+k0VaK7vfd2zsds+AL4tU0o3q0+DQ68jg+zXsUZN/3f3eWkRD/vqvdjPNZpvAoRbZuu k/nibHBROOeFZFRj2JWr4jn65Mz12H5jCqNzb8lfJar9swIWoHY0+73ZMJBELDMiQhlF lAfHJ1NWpMAgvTnltz14Um2ZH/KWGmxHvbg6RS5b+7j4Q1bO1aCYcLq1YcEuN23PW/TQ 7n7SKETSuRjRyj0LkzOQVbpqsaWDbXFJTGUFIQK1olGlWt8ryOoF+1dJ+BIqt+HtA3HG KXVw== X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: VMware Graphics , Thomas Hellstrom , emil.l.velikov@gmail.com Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov With later commit we'll rework DRM core authentication handling. Namely unauthenticated master will be allowed with, DRM_AUTH ioctls. Since vmwgfx does additional master locking and DRM_AUTH handling, this will not matter almost all cases. The only exception being using the legacy handle type in the family of surface_reference iocts - all handled by vmw_surface_handle_reference(). Add the check to ensure such clients do not access more than they should Cc: VMware Graphics Cc: Thomas Hellstrom Signed-off-by: Emil Velikov --- I'd like to merge this through the drm-misc tree. Ack and rb are appreciated. Thanks Emil Unrelated: worth moving the is_render_client check alongside the is_primary_client one. --- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index 219471903bc1..1f5146c95785 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -940,6 +940,13 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, user_srf = container_of(base, struct vmw_user_surface, prime.base); + /* Error out if we are unauthenticated master */ + if (drm_is_primary_client(file_priv) && + !file_priv->authenticated) { + ret = -EACCES; + goto out_bad_resource; + } + /* * Make sure the surface creator has the same * authenticating master, or is already registered with us. From patchwork Wed Jul 3 13:31:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 11029635 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 950DE138B for ; Wed, 3 Jul 2019 13:31:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 866A828971 for ; Wed, 3 Jul 2019 13:31:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 78AA728972; Wed, 3 Jul 2019 13:31:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EC625287F5 for ; Wed, 3 Jul 2019 13:31:00 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 4B3F26E136; Wed, 3 Jul 2019 13:30:57 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) by gabe.freedesktop.org (Postfix) with ESMTPS id 123C86E136; Wed, 3 Jul 2019 13:30:55 +0000 (UTC) Received: by mail-wm1-x341.google.com with SMTP id w9so2944655wmd.1; Wed, 03 Jul 2019 06:30:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CB20BQLa7LUdpzL0jXGqCFr7P5662ND8QYXbpIWuARc=; b=kdmfvb8DW8Ue+nCEf5Ra+6L9wBYbyRlZlCwRQiov+htewgaujjh+IwsrPbSvygcsUl 2nGUcMrvrcBuUKhIb+wn6leROFhuzuc/rPQnOPuXkiobpIp7zwADmteaJbRGJuILXkhv 9gS7kfZGKvAP3rbL9kKCbXNajbt4ZPC4X6IccwB72M/ttUl2cR8tRxmbMmw19ri7CRKb HrvjnAdOy9DXnnGIttzKrlXiD0INrD1OYIKwJ5NSdQVhXheCj3nwHnm2nr4LUgi+xfAU TswiDLbE4ALwNIGy8ahvyWk4jrvTNAdM8JY1aJKlO4QQ+snLll/Bi/Q7dpwXUFZLas/q pkXg== X-Gm-Message-State: APjAAAWAffgL3tKC223cgy9n42AH5GFGp/n1pRtwt1DH5RqO7kqDi6tp Sk8fYUOIKFuBARyory0CtqDdGNfe X-Google-Smtp-Source: APXvYqxy1LfHhDHXnFtbg+8QrAUFj+Ke0v4HBf1Z8gupKx38qc9WeQXbhB2xdpSxplKn/TYnUtBiLg== X-Received: by 2002:a1c:ca14:: with SMTP id a20mr7831368wmg.71.1562160653300; Wed, 03 Jul 2019 06:30:53 -0700 (PDT) Received: from arch-x1c3.cbg.collabora.co.uk ([2a00:5f00:102:0:9665:9cff:feee:aa4d]) by smtp.gmail.com with ESMTPSA id g10sm2353263wrw.60.2019.07.03.06.30.52 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 03 Jul 2019 06:30:52 -0700 (PDT) From: Emil Velikov To: dri-devel@lists.freedesktop.org Subject: [PATCH 2/3] drm: introduce DRIVER_FORCE_AUTH Date: Wed, 3 Jul 2019 14:31:03 +0100 Message-Id: <20190703133104.3211-2-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190703133104.3211-1-emil.l.velikov@gmail.com> References: <20190703133104.3211-1-emil.l.velikov@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CB20BQLa7LUdpzL0jXGqCFr7P5662ND8QYXbpIWuARc=; b=CwwdJr+KuSl2dP1YTJfeexPqxT7SiGfMzu5uGrkY9sbuQph6vQdjERMaJ6MsF/pZQ7 hZh4Bll5n+2m4bRdIVQr/jCkK0Emi6FoiwHEEBkbZxBEyDCJXAynvZmB/f7VpZ90CwJF /Mzv+wJ837HA5ZXW8ogEgOg7Hiro9CUHxSXAovqmn6RjdX0/pULGhUcbbeuJ9N1b5IYu /M6LFYeGgbf/BEh6ajVLNyuDRyNROme2dkrg8w4DQg/CqjLS6o5t8UmJEPEqoEQPkS/N 4KOXLVMJoREgg5K0tHfapJa7P2jLJb6Sd6fWDNymXXD5f3nL+T2ES95aPCmi/POHzqHz EiqQ== X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alex Deucher , emil.l.velikov@gmail.com, =?utf-8?q?Christian_K=C3=B6nig?= , amd-gfx@lists.freedesktop.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov With earlier commits we've removed DRM_AUTH for driver ioctls annotated with DRM_AUTH | DRM_RENDER_ALLOW, as the protection it introduces is effectively not existent. With next commit, we'll effectively do the same for DRM core. Yet the AMD developers have voiced concerns that by doing so, developers working on the closed source user-space driver might remove render node support. Since we do _not_ want that to happen, add workaround for those two drivers Cc: Alex Deucher Cc: Christian König Cc: amd-gfx@lists.freedesktop.org Cc: Daniel Vetter Signed-off-by: Emil Velikov Signed-off-by: Emil Velikov --- Christian, Alex this is the cleaner way to handle AMDGPU/radeon although if you prefer alternative methods let me know. Review, acks and others are appreciated, since I'd like to get this through the drm-misc tree. Thanks Emil Unrelated: The USE_AGP flag in AMDGPU should be nuked. While for radeon, one can copy in the driver the 10-20 lines worth of agp_init/release and also drop the flag. Bonus points of agp_init code gets a LEGACY check alongside the USE_AGP one. --- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +- drivers/gpu/drm/radeon/radeon_drv.c | 2 +- include/drm/drm_drv.h | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index 8e1b269351e8..cfc2ef11330c 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -1307,7 +1307,7 @@ amdgpu_get_crtc_scanout_position(struct drm_device *dev, unsigned int pipe, static struct drm_driver kms_driver = { .driver_features = - DRIVER_USE_AGP | DRIVER_ATOMIC | + DRIVER_USE_AGP | DRIVER_ATOMIC | DRIVER_FORCE_AUTH | DRIVER_GEM | DRIVER_RENDER | DRIVER_MODESET | DRIVER_SYNCOBJ, .load = amdgpu_driver_load_kms, diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c index 4403e76e1ae0..5a1bfad1ad5e 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.c +++ b/drivers/gpu/drm/radeon/radeon_drv.c @@ -538,7 +538,7 @@ radeon_get_crtc_scanout_position(struct drm_device *dev, unsigned int pipe, static struct drm_driver kms_driver = { .driver_features = - DRIVER_USE_AGP | DRIVER_GEM | DRIVER_RENDER, + DRIVER_USE_AGP | DRIVER_GEM | DRIVER_RENDER | DRIVER_FORCE_AUTH, .load = radeon_driver_load_kms, .open = radeon_driver_open_kms, .postclose = radeon_driver_postclose_kms, diff --git a/include/drm/drm_drv.h b/include/drm/drm_drv.h index b33f2cee2099..5fb2846396bc 100644 --- a/include/drm/drm_drv.h +++ b/include/drm/drm_drv.h @@ -92,6 +92,16 @@ enum drm_driver_feature { * synchronization of command submission. */ DRIVER_SYNCOBJ_TIMELINE = BIT(6), + /** + * @DRIVER_FORCE_AUTH: + * + * Driver mandates that DRM_AUTH is honoured, even if the same ioctl + * is exposed via the render node - aka any of an "authentication" is + * a fallacy. + * + * Used only by amdgpu and radeon. Do not use. + */ + DRIVER_FORCE_AUTH = BIT(7), /* IMPORTANT: Below are all the legacy flags, add new ones above. */ From patchwork Wed Jul 3 13:31:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Emil Velikov X-Patchwork-Id: 11029639 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 96E921398 for ; Wed, 3 Jul 2019 13:31:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8597C286FE for ; Wed, 3 Jul 2019 13:31:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 79C352896F; Wed, 3 Jul 2019 13:31:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=unavailable version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2F719286FE for ; Wed, 3 Jul 2019 13:31:03 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id D34AF6E143; Wed, 3 Jul 2019 13:30:58 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) by gabe.freedesktop.org (Postfix) with ESMTPS id 4D7266E136; Wed, 3 Jul 2019 13:30:56 +0000 (UTC) Received: by mail-wr1-x442.google.com with SMTP id f9so2809244wre.12; Wed, 03 Jul 2019 06:30:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vHMMy111qCPVlhn20MByNml0Hvj0MXblkspr7lTOdj8=; b=bYBk8L1YB93ahOCvEgPUNCoGrCbku+df3TBeaVKfwPqT4u/2VEJVzkvZE8IKqJyutn LlWDDFiixoKWNAhUpnqwNPNJemEib/UsB4F1UDca7f3ysfLFh6o6LRRovXIjTEhUrwTD 1sjSCLc0j8EKq0m3jdocwf+bbatG1HnNMWNnUjh0n3QpRUv+jhinA5OLHlpjwC/OaC9I iBIg0kJlZLWrHrUkmZu4vZfk+o0hNJWxQihZ033zmIRz5/zksxCmyh0EBP1NFqXXGCts bPgEY+X3uzUAstQIzVQvI5mGGmdvIyVVbWS/3DqwK6a1TzXShQzjAYeoaXaBbS8s+RBk F+Cw== X-Gm-Message-State: APjAAAViVcljn3SYYmjq/venaxJCJXF5GYxjHdoELW42MSc/FRtd7OnW npDWnJQG7KM1WwZ3xicgr87HjkH4 X-Google-Smtp-Source: APXvYqz6AL75fN06b2j9keUaa1qnKkC2xXkH+juMeyYkFLUSy0vvNNuLIj/PBzXyAS3TnrzLdfRxJA== X-Received: by 2002:adf:fdc2:: with SMTP id i2mr28767972wrs.146.1562160654616; Wed, 03 Jul 2019 06:30:54 -0700 (PDT) Received: from arch-x1c3.cbg.collabora.co.uk ([2a00:5f00:102:0:9665:9cff:feee:aa4d]) by smtp.gmail.com with ESMTPSA id g10sm2353263wrw.60.2019.07.03.06.30.53 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 03 Jul 2019 06:30:53 -0700 (PDT) From: Emil Velikov To: dri-devel@lists.freedesktop.org Subject: [PATCH 3/3] drm: allow render capable master with DRM_AUTH ioctls Date: Wed, 3 Jul 2019 14:31:04 +0100 Message-Id: <20190703133104.3211-3-emil.l.velikov@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190703133104.3211-1-emil.l.velikov@gmail.com> References: <20190703133104.3211-1-emil.l.velikov@gmail.com> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vHMMy111qCPVlhn20MByNml0Hvj0MXblkspr7lTOdj8=; b=JkHrjsuehFsn3lKf3QZrZO8bxCjhwTtTS5jTJq9+Nzt/+c2HCGCp6azV8R2c8LRFzK zn1agcm0ncX2wiQKDky/xx3zTTbWyL51/KXcXX/7eKWfZhZLeQ+xYgM/+9GQLMLIpSRO bgwepc6n/Zv4H8nTAhKWNhzGu+jFt+YLrDLQH3ebrZa/ocfFxUpHH6zt/+0ktf/psNoI CTkjP8BvGQ9iJVZZc/hiBjzvxtzxjjkIcGuKcql4ryXgbcc3c33D/KlX4YeqV5yhQGDm F6aiOZp+jeHQoCdMme8kOKezFNLbLIcgvHGpysBno7uTEtgfxnfSZvMGSsLIATVGGqY8 Hi8A== X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Daniel Vetter , intel-gfx@lists.freedesktop.org, emil.l.velikov@gmail.com Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Emil Velikov There are cases (in mesa and applications) where one would open the primary node without properly authenticating the client. Sometimes we don't check if the authentication succeeds, but there's also cases we simply forget to do it. The former was a case for Mesa where it did not not check the return value of drmGetMagic() [1]. That was fixed recently although, there's the question of older drivers or other apps that exbibit this behaviour. While omitting the call results in issues as seen in [2] and [3]. In the libva case, libva itself doesn't authenticate the DRM client and the vaGetDisplayDRM documentation doesn't mention if the app should either. As of today, the official vainfo utility doesn't authenticate. To workaround issues like these, some users resort to running their apps under sudo. Which admittedly isn't always a good idea. Since any DRIVER_RENDER driver has sufficient isolation between clients, we can use that, for unauthenticated [primary node] ioctls that require DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. v2: - Rework/simplify if check (Daniel V) - Add examples to commit messages, elaborate. (Daniel V) v3: - Use single unlikely (Daniel V) v4: - Reapply patch, use DRIVER_FORCE_AUTH w/a for amdgpu/radeon. [1] https://gitlab.freedesktop.org/mesa/mesa/blob/2bc1f5c2e70fe3b4d41f060af9859bc2a94c5b62/src/egl/drivers/dri2/platform_wayland.c#L1136 [2] https://lists.freedesktop.org/archives/libva/2016-July/004185.html [3] https://gitlab.freedesktop.org/mesa/kmscube/issues/1 Testcase: igt/core_unauth_vs_render Cc: intel-gfx@lists.freedesktop.org Cc: Daniel Vetter Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter --- drivers/gpu/drm/drm_ioctl.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 09f7f8e33fa3..c30feb5e97e3 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -517,6 +517,13 @@ int drm_version(struct drm_device *dev, void *data, return err; } +static inline bool +drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags) +{ + return drm_core_check_feature(dev, DRIVER_RENDER) && + (flags & DRM_RENDER_ALLOW); +} + /** * drm_ioctl_permit - Check ioctl permissions against caller * @@ -531,6 +538,8 @@ int drm_version(struct drm_device *dev, void *data, */ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) { + const struct drm_device *dev = file_priv->minor->dev; + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) return -EACCES; @@ -538,7 +547,14 @@ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) /* AUTH is only for authenticated or render client */ if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && !file_priv->authenticated)) - return -EACCES; + /* + * Although we allow: + * - render drivers with DRM_RENDER_ALLOW ioctls, when + * - drivers do not explicitly mandate authentication. + */ + if (!drm_render_driver_and_ioctl(dev, flags) || + drm_core_check_feature(dev, DRIVER_FORCE_AUTH)) + return -EACCES; /* MASTER is only for master or control clients */ if (unlikely((flags & DRM_MASTER) &&