Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4728760imm; Tue, 7 Aug 2018 06:29:05 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc4ofZu9ivmChobbIIJ5OYvJuWSmCoYSkzb0Th6IhGGDAeYVIhN9tjU3Wq/w2FiVHA2G8P2 X-Received: by 2002:a65:5284:: with SMTP id y4-v6mr17919798pgp.283.1533648544967; Tue, 07 Aug 2018 06:29:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533648544; cv=none; d=google.com; s=arc-20160816; b=kQroXHuQLSSn4TDS7o6nNgCuGjMzWXwVg4RZcWdnZsCt0HVZWNAebPYuV6c404u3Bh Y/06895ZyiSqvCM3pTzguUUubhnGSdu2roae+JKkPjDcxWjDVSir/aWr8Nw2Wf0mdEh+ 6M20FWp6QOv34vQryss7srO867erGY2mK7psng6P/Od5Z1hpXqqTbOiBLLRG+TKIFuLT buZt4KAUbJc4BOglwrI+kYAFHRLqphO9IHsqXNXa97F5dl5VXaBJjJDeg+fiOxsJ4Dt6 EUO/DbX93anHMs7mprgtdB06lZeQzxbhM6xNpKuTdkee3FNn9v+3GeTsKkkuXyzsF3vX /n/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=JrDCOTs4uQPy0GETQyB8ar1aWcDDdccYHjE8ojb7S7o=; b=lRFH9UwR0pbr8ChkMeXXDkym1lmbO+9nEWIjh/HJUPJn2O5V2g4DYQQmtnZLmxPFjy tQrk41KR0AhSu0+lSmI+hwOaWqXPUlzLoK2qnlnab8+J4yaiUgvtIdv2Fdim7vWaMs6P VrT6060Kl0JIDLiVGQ5wATOxgZxko4BhthiuJ6zZWG2b075JFFHwI0ANTM7Ua56nq3ci ppRzYDbA9vpKlz75pIy6Mi2owFPl4ENCsUmYV3yQhA6BlgUrEbic6ohuajb41DR8XPk8 RwkPp/fYuT0zNvYnSd/VGshNjfzJn9Nz59t9OvIaXuGsdSkP3V/jyzrGveTIlAmChoxu ePIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qCV97SC8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a18-v6si1062346plm.122.2018.08.07.06.28.48; Tue, 07 Aug 2018 06:29:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=qCV97SC8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389200AbeHGPlN (ORCPT + 99 others); Tue, 7 Aug 2018 11:41:13 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:33434 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388581AbeHGPlN (ORCPT ); Tue, 7 Aug 2018 11:41:13 -0400 Received: by mail-wr1-f68.google.com with SMTP id g6-v6so15811818wrp.0 for ; Tue, 07 Aug 2018 06:26:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=JrDCOTs4uQPy0GETQyB8ar1aWcDDdccYHjE8ojb7S7o=; b=qCV97SC8YOsiszSTA4QUNjJsHETF07moBLPQp0KO29VF2Njyw5EIPWOwW51Hhz1pty GntJg8hI6HcLJ2KXZtdGkVriiPAOJSn+LAnHVTtcCBce/bUs2xhZNB/T+8pLjZvS+qbj NtqrP+OiZcSax+Ch1/KScehScYH10xfqVxx6QOwz2yunsQfYV/dNEq2Teo1q+A1Veaax df/6gD/eT4DCSY2dJ5rTtCXGQLW0r0Rud7LDgzdvY9uYag0DNn4PpM+3AQgI8iEdSIU8 VCvjxLdLE8nyBY17C5OMwSRAWP+D1T3Sjpse9wrgiamzw2xV7oy36roC9f72KYPg7yE4 O98g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=JrDCOTs4uQPy0GETQyB8ar1aWcDDdccYHjE8ojb7S7o=; b=CVDdg5rtYbg7hZdFUQPWUOaVOruryyIq4pwHdDlg+PD2x7RQKr+Gp6jM7knhni0KZJ VevEV/kyhaTkn6Gna1IU6JpAsxpAovpohF1ZArEnpPUfkaXoJ5uqOr+1+EdA1pzyQhhb MDQ0JT8ZGeOB07iAkXDqWza2zqcNB9NS6OvydtNDBshaF8AWbH4yMUcmY+gDFJe6ymlG bw1gxj/WwYnmYBWaKuVH9IWsIstRRS0LCP20lTm52GjiwBedMMWgvdNItvUkjKtVXhQW J21NHbFbhTGi7lnt8smEc1J8LokUhNqH+x0w/HfwGpcd5KqmL00tVnEIT9qW6nqhXPEf ihTA== X-Gm-Message-State: AOUpUlEhX903zpB0iekJztQ96YioSZbvn5OCaeacHIZpLqtc+t5Cx92j z4+WJnXOQ7QDdFydB6QmpJXw2aH1pqtIG1hnXic= X-Received: by 2002:a5d:540d:: with SMTP id g13-v6mr13429746wrv.4.1533648411277; Tue, 07 Aug 2018 06:26:51 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:178a:0:0:0:0:0 with HTTP; Tue, 7 Aug 2018 06:26:50 -0700 (PDT) In-Reply-To: <20180807122826.GU3008@phenom.ffwll.local> References: <20180724082213.25677-1-robert.foss@collabora.com> <20180803195025.GO20303@art_vandelay> <20180807122826.GU3008@phenom.ffwll.local> From: Emil Velikov Date: Tue, 7 Aug 2018 14:26:50 +0100 Message-ID: Subject: Re: [RFC] drm: Allow DRM_IOCTL_MODE_MAP_DUMB for render nodes To: Emil Velikov , Sean Paul , Tomeu Vizoso , Nicolas Norvez , Robert Foss , "Linux-Kernel@Vger. Kernel. Org" , ML dri-devel , Tomasz Figa , Eric Engestrom , David Airlie , Brian Paul , Martin Fuzzey Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7 August 2018 at 13:28, Daniel Vetter wrote: > On Tue, Aug 07, 2018 at 12:01:50PM +0100, Emil Velikov wrote: >> On 3 August 2018 at 20:50, Sean Paul wrote: >> > On Fri, Aug 03, 2018 at 06:03:50PM +0100, Emil Velikov wrote: >> >> On 3 August 2018 at 16:06, Martin Fuzzey wrote: >> >> > Hi Emil, >> >> > >> >> > On 03/08/18 14:35, Emil Velikov wrote: >> >> >> >> >> >> Hi Martin, >> >> >> >> >> >> On 1 August 2018 at 15:24, Martin Fuzzey >> >> >> wrote: >> >> >> >> >> >> Let's start with the not-so obvious question: >> >> >> Why does one open the imx as render node? >> >> >> >> >> >> Of the top of my head: >> >> >> There is nothing in egl/android that should require an authenticated >> >> >> device. >> >> >> Hence, using a card node should be fine - the etnaviv code opens the >> >> >> render node it needs. >> >> > >> >> > >> >> > Yes, the problem is not in egl/android but in the scanout buffer allocation >> >> > code. >> >> > >> >> > etnaviv opens the render node on the *GPU* (for submitting GPU commands), >> >> > that part is fine. >> >> > >> >> > But scanout buffers need to be allocated from imx-drm not etnaviv. >> >> > >> >> > This done by renderonly_create_kms_dumb_buffer_for_resource() >> >> > [src/gallium/auxiliary/renderonly/renderonly.c] >> >> > Which uses DRM_IOCTL_MODE_CREATE_DUMB followed by >> >> > DRM_IOCTL_PRIME_FD_TO_HANDLE >> >> > on the "kms_fd" (probably poorly named because it's not actually used for >> >> > modesetting) >> >> > see imx_drm_screen_create()[ src/gallium/winsys/imx/drm/imx_drm_winsys.c] >> >> > >> >> > >> >> > If the card node is used DRM_IOCTL_MODE_CREATE_DUMB works but >> >> > DRM_IOCTL_PRIME_FD_TO_HANDLE fails, because the permissions are >> >> > DRM_AUTH|DRM_UNLOCKED|DRM_RENDER_ALLOW >> >> > >> >> Right I missed the DRM_AUTH, in the fd <> handle IOCTLs. >> >> So in order for things to work, we'd need to either: >> >> - allow dumb buffers for render nodes, or >> >> - drop the DRM_AUTH for fd <> handle imports >> >> >> >> Pointing an alternative solution, for kernel developers to analyse and >> >> make a decision. >> >> >> >> > >> >> > In android 8.1 the hardware composer runs in a seperate process and it has >> >> > to use the card node and be drm master (to use the KMS API), >> >> > therefore, when the surface flinger calls >> >> > renderonly_create_kms_dumb_buffer_for_resource() it is not authenticated. >> >> > >> >> > Making surface flinger use a render node fixes the problem for >> >> > DRM_IOCTL_PRIME_FD_TO_HANDLE (because that already has DRM_RENDER_ALLOW), >> >> > but DRM_IOCTL_MODE_CREATE_DUMB now fails without the patch. >> >> > >> >> > >> >> > This probably worked in previous versions of Android where surface flinger >> >> > and hwc were all in the same process. >> >> > >> >> There has been varying hacks for Android through the years. Bringing >> >> details into the discussion will result in a significant diversion. >> >> Something we could avoid, for the time being ;-) >> > >> > Did someone say diversion?!? The way this was handled prior to using >> > render/control nodes in drm_hwc/[drm/gbm]_gralloc is that all modesetting was >> > done via gralloc which was master. The hwc implementation was basically a proxy >> > backchanneling all of the work to gralloc. >> > >> > Anyways, we probably don't want to go back there. >> > >> Now that we got the diversion out of the way, any input on my proposal >> to drop the DRM_AUTH for fd <> imports. >> Am I missing something pretty obvious that makes the idea a no-go? > > Dropping DRM_AUTH is only relevant for the card node. And a card node > might not be sufficiently isolated against concurrent other clients, which > is why we don't allow it. > Right. I did not spot anything that would make a distinction based on the card vs render node used. > What we could do is essentially check whether your driver supports render > nodes (indicating sufficient amounts of separation), and then allow > anything for unauthenicated clients if DRM_RENDER_ALLOW is set on the > ioctl. > > But that's just reinventing render nodes on top of legacy card nodes, and > I'm not clear on what that exactly gains us. > As more of a userspace person, it makes sense to keep render nodes for GPU specifics and card ones - KMS/Display Controller. > I think the proposal for dumb render nodes (for drivers which only do dumb > kms buffers and no rendering at all) that's been discusson on irc a bit > makes a lot more sense. Ack. Thanks for shedding some light. -Emil