Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5583382img; Wed, 27 Mar 2019 11:08:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqwW20orthsNX99Ethy5OM6n15mKnJ27FBySmHtteyucu9M1wAet2kKphpt5O8RLNQAzayVB X-Received: by 2002:a65:4981:: with SMTP id r1mr35747516pgs.62.1553710095904; Wed, 27 Mar 2019 11:08:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553710095; cv=none; d=google.com; s=arc-20160816; b=uRI0Gb+8S+BacNyNKnNmmCjulNG2QQwlaRT2Z2p2LEQZhc0DsOUGl3+gZ93hcOTyTF 0dCyvuNjfjjZqno6P5ZS3Lf4QLZLkOMGOgL0AcaEsH9tBNDX/xwX1iP/rMmLKrvxUQSj MqUBt+ZlKDlFSj8f01h5gV7i3EOrjTXhC+Ey7OyznQVB3LOGnUDjepj87xCf7o2VjLGB EvQUmGAVqycAR2HfH1Z2PpQwKGFMEaZFDA+ZZKrdGH1yYmOqWyfRGrARIz6HZicvzggh 2lCCZurXcQ6xrSN/tHfkSOcLQxgA9vf3GTC4BY8HcPRyl+RVCvVNhwuFfQ2zYm5qHXIf 75gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZLWjyrUzJqCWW1Ym+k2Nbj6ks8yBvCYbeT0XFqnjS4Y=; b=pNwNhGyH+ywGRcYlw/RZoML5q4DQemM5gFZ8JplMQZNbOqRPCLczr1S4c99V/oKL5F DVWJZWW4peQE/+RO/KoAgtdXGfOgZE8pocfwmBbuaGlhteZAkeqyQ/YrCv/P6H8Ql6XB NANwGQ2Z3lERhu7MvRXyU78Zd91LP2pFswpmVcl3HC+yIPU2mSaF57oQQ4IcHznlo7qa MfPo6ykfOQ0KfOkZfffI3L3OWCYl780eRFmz1rJENrzXvZohWFT63z53QB/Py7qqAvHY 8Y4alq5VPkK0MH5VUG/Olg5c6BpkA/PANWMecjUg9vkOgPTzE9gZBu8LxtENkNlfub6U O3mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=puSbFfZR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o35si16493484pgb.551.2019.03.27.11.08.00; Wed, 27 Mar 2019 11:08:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=puSbFfZR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733274AbfC0SGf (ORCPT + 99 others); Wed, 27 Mar 2019 14:06:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:48162 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731036AbfC0SGc (ORCPT ); Wed, 27 Mar 2019 14:06:32 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 074C521738; Wed, 27 Mar 2019 18:06:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553709991; bh=OZnzfQtAcv4CmDRzqVcFUGt7eonZAy/6rtZox1kFOCc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=puSbFfZR57r7OUWg1SlcYrSRXtKdE4mIjJuXTPrXLopa2j4VNfnMAMixawHiS9wLL V6v4M6SE98IgtIvv+pgYQyuea6Rq5hI7HlVMI0DOyXDv7VKkg521Wsb9ExJWFhMqoF Vt1XJ13xKyg4lT0RSJEtFKvB+VtlZqAXlE6UEWYM= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Emil Velikov , intel-gfx@lists.freedesktop.org, Sasha Levin , dri-devel@lists.freedesktop.org Subject: [PATCH AUTOSEL 5.0 147/262] drm: allow render capable master with DRM_AUTH ioctls Date: Wed, 27 Mar 2019 14:00:02 -0400 Message-Id: <20190327180158.10245-147-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190327180158.10245-1-sashal@kernel.org> References: <20190327180158.10245-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Emil Velikov [ Upstream commit 8059add0478e29cb641936011a8fcc9ce9fd80be ] There are cases (in mesa and applications) where one would open the primary node without properly authenticating the client. Sometimes we don't check if the authentication succeeds, but there's also cases we simply forget to do it. The former was a case for Mesa where it did not not check the return value of drmGetMagic() [1]. That was fixed recently although, there's the question of older drivers or other apps that exbibit this behaviour. While omitting the call results in issues as seen in [2] and [3]. In the libva case, libva itself doesn't authenticate the DRM client and the vaGetDisplayDRM documentation doesn't mention if the app should either. As of today, the official vainfo utility doesn't authenticate. To workaround issues like these, some users resort to running their apps under sudo. Which admittedly isn't always a good idea. Since any DRIVER_RENDER driver has sufficient isolation between clients, we can use that, for unauthenticated [primary node] ioctls that require DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. v2: - Rework/simplify if check (Daniel V) - Add examples to commit messages, elaborate. (Daniel V) v3: - Use single unlikely (Daniel V) [1] https://gitlab.freedesktop.org/mesa/mesa/blob/2bc1f5c2e70fe3b4d41f060af9859bc2a94c5b62/src/egl/drivers/dri2/platform_wayland.c#L1136 [2] https://lists.freedesktop.org/archives/libva/2016-July/004185.html [3] https://gitlab.freedesktop.org/mesa/kmscube/issues/1 Testcase: igt/core_unauth_vs_render Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20190114085408.15933-2-emil.l.velikov@gmail.com Signed-off-by: Sasha Levin --- drivers/gpu/drm/drm_ioctl.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 7e6746b2d704..8c1d38a82366 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -508,6 +508,13 @@ int drm_version(struct drm_device *dev, void *data, return err; } +static inline bool +drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags) +{ + return drm_core_check_feature(dev, DRIVER_RENDER) && + (flags & DRM_RENDER_ALLOW); +} + /** * drm_ioctl_permit - Check ioctl permissions against caller * @@ -522,14 +529,19 @@ int drm_version(struct drm_device *dev, void *data, */ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) { + const struct drm_device *dev = file_priv->minor->dev; + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) return -EACCES; - /* AUTH is only for authenticated or render client */ - if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && - !file_priv->authenticated)) - return -EACCES; + /* AUTH is only for master ... */ + if (unlikely((flags & DRM_AUTH) && drm_is_primary_client(file_priv))) { + /* authenticated ones, or render capable on DRM_RENDER_ALLOW. */ + if (!file_priv->authenticated && + !drm_render_driver_and_ioctl(dev, flags)) + return -EACCES; + } /* MASTER is only for master or control clients */ if (unlikely((flags & DRM_MASTER) && -- 2.19.1