Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp444051lqo; Wed, 8 May 2024 04:57:15 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVw1NuKK6tDWd8Axc7obBBkq31z4uJB9p76U32Gjuff95EfssyPEtc0PSSWmbRXnxa8yBFBcL53V53fzy5ebUjRqHR/3EWYunrGuUiCDg== X-Google-Smtp-Source: AGHT+IGvCzTrs7ySmfjGjx479GnWQ4CcOvMCl7Yx/TJ3bbmF4cbuybVDvl7Jfpms6/lFgNjEGVol X-Received: by 2002:a50:9509:0:b0:572:5f8c:42 with SMTP id 4fb4d7f45d1cf-5731d922ebbmr1632439a12.0.1715169435211; Wed, 08 May 2024 04:57:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715169435; cv=pass; d=google.com; s=arc-20160816; b=TypokY7jKT6uYjyLiGTv0w0vkp1ygjkECF/E2/xKMrFxhNYgewLHnVqQ/FLUZ9zFj1 sQNL5rsP/PsWFIkHnI9pUl5LPnRsCMFmuc74EZm6QHOl3438gaOGN++HimPRwyp/OZni lSS6cvfcLIgq+NuzZdq6IR9nSdYbqZS/QJa/2EBvIMmIss7LK09iWiyhlLo6JGksP3DH VF0fBHnBvw6e9WbRnnu1PHbJj5kPv34xrUOX9RGtsvswHuqqEPO44xQZvELWBteqFbCH VIRVrfpUF8seje8fyVghxBJYf6c1TyGdU1PPHchP8b/cumTDcotpWove6nwpwvmNau9I Gn0w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:dkim-signature; bh=y+KiVnKXCsbPvzNdODTp1oqWb7A8Ywtkjz6UCYJzfVw=; fh=wBXQyOapufBB3MxYbBfzOQ9V9pNO0pEZBixcsXHhO0E=; b=jfKC9vloA2mK6xckqTLTJwS8hMbbuX1yh7gyxOBvCZBEodVGmp2h/CXhigO29f0/T6 tVYa80xgsQQq/JJ6jqbJ06kcWkXs6ucEBWgCo9GNYRSn6IHQt03ejXd3YVQzyIJM7M3c 7WwWQVKvPxUoVyeIaWbaBuKpW3WN/zT2IxhSqII3CycZeFIA9mRzBB4wi0LLDAWY9LZ3 NGQuQw19utGLiIyvO+p6UP2OIHy2SzhaiqIa5b9jrGVxr2EOS/PtT4cX3Mt98ssbIu+D dJPjAyAA1I+aePx5lcgT3dYKf/gpNku7BRbXpkyBA6DoDbi2clgMyHpB/hsm+tDnYtzz 3D7A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@fooishbar-org.20230601.gappssmtp.com header.s=20230601 header.b="PnhsxJz/"; arc=pass (i=1 dkim=pass dkdomain=fooishbar-org.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-172712-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-172712-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id x16-20020a50d610000000b00572e8d803d4si4462045edi.66.2024.05.08.04.57.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 04:57:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-172712-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@fooishbar-org.20230601.gappssmtp.com header.s=20230601 header.b="PnhsxJz/"; arc=pass (i=1 dkim=pass dkdomain=fooishbar-org.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-172712-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-172712-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 695561F24D2D for ; Wed, 8 May 2024 05:47:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B65CC17BAE; Wed, 8 May 2024 05:47:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fooishbar-org.20230601.gappssmtp.com header.i=@fooishbar-org.20230601.gappssmtp.com header.b="PnhsxJz/" Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28931208D1 for ; Wed, 8 May 2024 05:47:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715147229; cv=none; b=sBuYYG8ZOdSNXSOKyYAYloW5rLX+yp1kz0nkYiemf3Fdd9I4PVzKFzqPDfCshsaRJSH0TBev6AtsRsbcyuRH1dUOptJKY7Id13g8VsDyAPmlOB5y5DX7DohlNxMZWGsCyrvxAo6W/YopK2H9zKPOh+DMYKnae1xOTP2G2El9Yjo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715147229; c=relaxed/simple; bh=y+KiVnKXCsbPvzNdODTp1oqWb7A8Ywtkjz6UCYJzfVw=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Content-Type; b=piGCaQrxdb5Wx71GczczgIz1eNhBDCKcldl95MNTWQG8+jod3KCE0+kR19m+S8+ywRHUE76UfjPpFfawXNY6cB3pIclGbc8rytO++ekwgHlJW5h4vVINn8hB62RC1R/nkQ/NtidGo8v3GeK+1x9FumgKsBBfFXwRTmkSSLbfeYU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fooishbar.org; spf=none smtp.mailfrom=fooishbar.org; dkim=pass (2048-bit key) header.d=fooishbar-org.20230601.gappssmtp.com header.i=@fooishbar-org.20230601.gappssmtp.com header.b=PnhsxJz/; arc=none smtp.client-ip=209.85.222.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fooishbar.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=fooishbar.org Received: by mail-qk1-f176.google.com with SMTP id af79cd13be357-7928dae7befso345763685a.0 for ; Tue, 07 May 2024 22:47:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fooishbar-org.20230601.gappssmtp.com; s=20230601; t=1715147227; x=1715752027; darn=vger.kernel.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=y+KiVnKXCsbPvzNdODTp1oqWb7A8Ywtkjz6UCYJzfVw=; b=PnhsxJz/j1FE2gMOj5zgLj/RHF2FfD14l8FA6R4LL94bwqCHzl9bmIMMrbj2ZNCypd UE22YUJwdX1JApK7ZTG+C3igGr9BmM8+RC0LxaD4tI/hRzSSQshDRyg1Sq5dxhld7/pX 7A8ey7HvbJWcWt5l+aWSRTqMaj5603hTXJUVtL5GaF5wTP8RlW5yZlk3lIEguKXxiAzr rSALGfSFjWmrxVcR43cUuf1IxEnQ1OI7sdQnv354zymLy8abzypBUWY5U5TnZ2OTQWtA RqkijhGGt8dRKpuHQr+Y6NtaLE1lsbVPDtvue9hnmpTOoOEolEZEd6Ap+tfwL7E2if1o gHQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715147227; x=1715752027; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=y+KiVnKXCsbPvzNdODTp1oqWb7A8Ywtkjz6UCYJzfVw=; b=i3bJIelQzyoXYj1BdRkm9Q9/mJGllT47VSJKUYulb/AgfX9RmF1dPHrO5CJ2S+UWMA TCRW/t8xEDIavRHSNseAQjvd67b0qYleaNN+B1hBMs9ZKsGIgZu1nLJMbtoZM1i2gs22 7RoCUErT2++nSWPRSG7C3uTYMRCMXiC7XPHaqeGXjbqHq+05lgcewWHkA+hKxmtrgmr7 /fFid4xb8AtjifN6XrmEKeaJ/oQdlGSqt/IWP0xF6PHO9BvMbhyMruI7oOHugxI3Z0bO IidCWv1d8kGcpoCspJLM7G/xiasW+rambLesgbjmLBlJgxj9d75Qc+w0NGXi/2SSeFoK begQ== X-Forwarded-Encrypted: i=1; AJvYcCVPg++8flKd7flXMF+tzVLmtCyK8lwdRxoRX9orDquMaSHP1TkOnARlqVasxhK0m91DMBjkh7KkPGdU6vEtTbbhtTQMrraMwjQP/Lj8 X-Gm-Message-State: AOJu0YwqzybYdiRVUr+PzECbkk/mw+l7agjGXnVcHQqs/L+Al/84/BvM 6BGEftfS+z41f+bs2kvcfLrc7cy0w8fgoYgNdNbOSWaXCaqjRwheYlYl/PZ00LmDuvDXQIPN4VR 7rbS6FKQTVsaBTW92JICXLOEaf5nXe3K/6bIRgw== X-Received: by 2002:a05:6214:29c2:b0:6a0:c922:5014 with SMTP id 6a1803df08f44-6a151528bbamr23726776d6.21.1715147226926; Tue, 07 May 2024 22:47:06 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240506-dazzling-nippy-rhino-eabccd@houat> In-Reply-To: From: Daniel Stone Date: Wed, 8 May 2024 06:46:53 +0100 Message-ID: Subject: Re: Safety of opening up /dev/dma_heap/* to physically present users (udev uaccess tag) ? To: Hans de Goede , Maxime Ripard , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T.J. Mercier" , =?UTF-8?Q?Christian_K=C3=B6nig?= , Lennart Poettering , Robert Mader , Sebastien Bacher , Linux Media Mailing List , "dri-devel@lists.freedesktop.org" , linaro-mm-sig@lists.linaro.org, Linux Kernel Mailing List , "Bryan O'Donoghue" , Milan Zamazal , Andrey Konovalov Content-Type: text/plain; charset="UTF-8" Hi, On Tue, 7 May 2024 at 12:15, Daniel Vetter wrote: > On Mon, May 06, 2024 at 04:01:42PM +0200, Hans de Goede wrote: > > On 5/6/24 3:38 PM, Daniel Vetter wrote: > > I agree that bad applications are an issue, but not for the flathub / snaps > > case. Flatpacks / snaps run sandboxed and don't have access to a full /dev > > so those should not be able to open /dev/dma_heap/* independent of > > the ACLs on /dev/dma_heap/*. The plan is for cameras using the > > libcamera software ISP to always be accessed through pipewire and > > the camera portal, so in this case pipewere is taking the place of > > the compositor in your kms vs render node example. > > Yeah essentially if you clarify to "set the permissions such that pipewire > can do allocations", then I think that makes sense. And is at the same > level as e.g. drm kms giving compsitors (but _only_ compositors) special > access rights. That would have the unfortunate side effect of making sandboxed apps less efficient on some platforms, since they wouldn't be able to do direct scanout anymore ... Cheers, Daniel