Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp456521lqo; Wed, 8 May 2024 05:17:37 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUT5U1/t/CYWM7uxMOhqAoqvolpTVi0sz5rZBsoIRyNS9P9rE4rQ7ryho+yGLPSJcb8ALRvL7aK+smTPbqJU2VTjLJjs8+P3v2EFSsEeQ== X-Google-Smtp-Source: AGHT+IGGebNcsTiMuUCQqP3TKjfJNODgpAAGBe7A0ZrsJm/RexYb2xVbzBawQiO0uFgFJiX/5rnR X-Received: by 2002:ac2:42c1:0:b0:51d:1d32:c676 with SMTP id 2adb3069b0e04-5217c760719mr2098978e87.37.1715170657103; Wed, 08 May 2024 05:17:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715170657; cv=pass; d=google.com; s=arc-20160816; b=MQeaT07Og2YKrjGue4iobRV4+sFpV3S8C7cUrGr29yNPqxOWEEBT1Vsb5N88UhUAFi g0vAc03rapi+xwrIQdQHP2kknaGKMCm7lvW4BcQgZ+QxaubJH3RPROSSN3RpSz4Gdntw c+p0ZvgPZb+FSxvPqjTmHwT1x8N5W85OkHye1wQU0vD0AMRyCQOhEQ/WNj/b5oRzYord 2CpyiYsr0k3xDtl0AaVL8j9opGqDvRTJ/mLfCd/Ut6h1EbBaYGbwx8l1lQgLeMzB+a1L mxXTHWEMtFgRyVlHsDFrQfOBofetk7dsrezREsxkB3qXmqN35Pdi4inIzaRvCNl3Hz7z FM1A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature; bh=6y4EwFqVETg6O9C1VDyvCbQ1UYKFlViM3dNLmDxh+rE=; fh=rzQCoo9DcEL0eDERnJvXkhYfKCzrybKj75AErv0Iwf8=; b=BBoiPHvlbXuPekUQKGYaoaPY0o41r0ZpPa1/8yR+u0/zRnPBVlih71cDyd4jn7LOwc JWiKFYnew2sy+5w7l0YasvrWKlsf49p6nIQGya94shauYjKBSaSg5lpsLchRVO7x/ABs JtSfx5U3Gm1O01W2QjabuKbbkdSMjosEVv1Nx5HH+zP+YUN4V2CtOGZDkEFT8OdToLmF SyU/giy5j6Z0egAH1F9VljUrXuDso+ph7RZo0YXdy4kn3IOs2VZFOdjD6cWYYjpMC3Pz 7c7WQD5rNf/y29C756ItFW3O8yUSHpWLqtTq2rtDq1E8zHFk5vUjYwW6i+M38Fe0kgTm 7H3Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=K9uRWPjf; arc=pass (i=1 dkim=pass dkdomain=ffwll.ch); spf=pass (google.com: domain of linux-kernel+bounces-172914-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-172914-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id oz14-20020a170906cd0e00b00a59b3ec65c3si4540015ejb.547.2024.05.08.05.17.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 05:17:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-172914-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=K9uRWPjf; arc=pass (i=1 dkim=pass dkdomain=ffwll.ch); spf=pass (google.com: domain of linux-kernel+bounces-172914-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-172914-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C2EFF1F25298 for ; Wed, 8 May 2024 08:33:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7E911535D0; Wed, 8 May 2024 08:33:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ffwll.ch header.i=@ffwll.ch header.b="K9uRWPjf" Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 374F21A28B for ; Wed, 8 May 2024 08:33:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.54 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715157214; cv=none; b=W2PDo6Nv+ytSodw4Hu5lrfYvJ+xEiAHcJpbJvw/VxTJ3m9vUZKdiGXCfHFfxvqbJuH/iLhpfhK27FS4C7niDuKEYmwgG/JbtKuhM+IXqxZ0grC0BoMivSEDB0jVIm1klYrcUtWu8JdcZo0NcVve0iYfkRh+w9f+r7MfxKrbGW8U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715157214; c=relaxed/simple; bh=yVA0FiOqbqE2S/DFz9MrWAmt57JjHMvIMtAeb/3chdQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=d6dNZuPribCjwzUGEwlUsJM3s6EYRjUbsgEMhAElhHso8uAb/j1qT+ODISPDBd9AedRj+kRueOA/8V+HH9lykr0k+/OVI8sHTgcvqyYjxbJ/X9EzuUEYslhim79fK4FTMh2S3SkIQeekXV+7+RtXrjZQwsxieL0MQSNUGSWAVyc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ffwll.ch; spf=none smtp.mailfrom=ffwll.ch; dkim=pass (1024-bit key) header.d=ffwll.ch header.i=@ffwll.ch header.b=K9uRWPjf; arc=none smtp.client-ip=209.85.167.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=ffwll.ch Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=ffwll.ch Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-51ff8cce77dso618716e87.1 for ; Wed, 08 May 2024 01:33:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; t=1715157211; x=1715762011; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=6y4EwFqVETg6O9C1VDyvCbQ1UYKFlViM3dNLmDxh+rE=; b=K9uRWPjf6ZKRGjUAajZTF5RzrGQjVjybeBJbVmsdjx9FVOH+eO07nJN3V6C1PWMMP5 EVEcrSWLEOBKYK88VF4rFtOBl5YdyH6j3lmPgbh0x40X5Riptr6FdMDokW+cj6jqMR9O 7UrwUzq6gZhYtz6C+/w8JxprCZyDk68QN2TWc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715157211; x=1715762011; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6y4EwFqVETg6O9C1VDyvCbQ1UYKFlViM3dNLmDxh+rE=; b=Fwm1kMfYPvewPXUE9O+KKyenhfUBMRZO2lBFIOLxpTS+1oiKk2VKfV7+2b73GSOd+m E4Sg0+yylr4IWVq32ZTMHVdOGzgVo2k7weueQo9N9WDM7CeZd2c1+CUu9hbo1goX1tOD aRWuGcttyGadY3yXbmaXka/xso5wsa7KRGFsNrTAi7fju1/+/7j2SrwaMbduKtmyQft7 ghxxDMpOFlrpX7BhU9469n0QLunog/zYTPzkLcZ9ZvcMJZx9jr97HFTFouxqeYJSVXHk sR1dBnASqIM0WRKO9iEWkcNEuEpUGZJJ8boiwRQGmX6r+0ZvSEV04Ujn1wTE8Ch29+Y0 gViA== X-Forwarded-Encrypted: i=1; AJvYcCWAA6nHFInHXd82xscZJthIqWtfMgV4Brr/7sLZuU3gr/fyUDvgGhs7hG0Hg4p7/CQXwE9gW80+pVxy8eN2gRN8fs7xv+1dEIYwmCcj X-Gm-Message-State: AOJu0YzveoVytmZbLwGGZAPExWe1W6BjCn5fqh1urG2XUPl6T025uSqc j9Y5kP5uKzoj+pXM7LsxtuWUeKDElqadzyurCHcOpC/vDJwAOfETht6x3ENQHZQ= X-Received: by 2002:ac2:499c:0:b0:51e:ee83:bb8b with SMTP id 2adb3069b0e04-5217d242e7bmr1063993e87.5.1715157211274; Wed, 08 May 2024 01:33:31 -0700 (PDT) Received: from phenom.ffwll.local ([2a02:168:57f4:0:efd0:b9e5:5ae6:c2fa]) by smtp.gmail.com with ESMTPSA id q11-20020a056402248b00b005726b83071esm7424373eda.4.2024.05.08.01.33.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 01:33:30 -0700 (PDT) Date: Wed, 8 May 2024 10:33:28 +0200 From: Daniel Vetter To: Daniel Stone Cc: Hans de Goede , Maxime Ripard , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T.J. Mercier" , Christian =?iso-8859-1?Q?K=F6nig?= , Lennart Poettering , Robert Mader , Sebastien Bacher , Linux Media Mailing List , "dri-devel@lists.freedesktop.org" , linaro-mm-sig@lists.linaro.org, Linux Kernel Mailing List , Bryan O'Donoghue , Milan Zamazal , Andrey Konovalov Subject: Re: Safety of opening up /dev/dma_heap/* to physically present users (udev uaccess tag) ? Message-ID: Mail-Followup-To: Daniel Stone , Hans de Goede , Maxime Ripard , Sumit Semwal , Benjamin Gaignard , Brian Starkey , John Stultz , "T.J. Mercier" , Christian =?iso-8859-1?Q?K=F6nig?= , Lennart Poettering , Robert Mader , Sebastien Bacher , Linux Media Mailing List , "dri-devel@lists.freedesktop.org" , linaro-mm-sig@lists.linaro.org, Linux Kernel Mailing List , Bryan O'Donoghue , Milan Zamazal , Andrey Konovalov References: <20240506-dazzling-nippy-rhino-eabccd@houat> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: Linux phenom 6.6.15-amd64 On Wed, May 08, 2024 at 06:46:53AM +0100, Daniel Stone wrote: > Hi, > > On Tue, 7 May 2024 at 12:15, Daniel Vetter wrote: > > On Mon, May 06, 2024 at 04:01:42PM +0200, Hans de Goede wrote: > > > On 5/6/24 3:38 PM, Daniel Vetter wrote: > > > I agree that bad applications are an issue, but not for the flathub / snaps > > > case. Flatpacks / snaps run sandboxed and don't have access to a full /dev > > > so those should not be able to open /dev/dma_heap/* independent of > > > the ACLs on /dev/dma_heap/*. The plan is for cameras using the > > > libcamera software ISP to always be accessed through pipewire and > > > the camera portal, so in this case pipewere is taking the place of > > > the compositor in your kms vs render node example. > > > > Yeah essentially if you clarify to "set the permissions such that pipewire > > can do allocations", then I think that makes sense. And is at the same > > level as e.g. drm kms giving compsitors (but _only_ compositors) special > > access rights. > > That would have the unfortunate side effect of making sandboxed apps > less efficient on some platforms, since they wouldn't be able to do > direct scanout anymore ... I was assuming that everyone goes through pipewire, and ideally that is the only one that can even get at these special chardev. If pipewire is only for sandboxed apps then yeah this aint great :-/ -Sima -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch