From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: [PATCH AUTOSEL 4.19 102/192] drm: allow render capable master with DRM_AUTH ioctls Date: Wed, 27 Mar 2019 14:08:54 -0400 Message-ID: <20190327181025.13507-102-sashal@kernel.org> References: <20190327181025.13507-1-sashal@kernel.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20190327181025.13507-1-sashal@kernel.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sasha Levin , intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Emil Velikov List-Id: dri-devel@lists.freedesktop.org RnJvbTogRW1pbCBWZWxpa292IDxlbWlsLnZlbGlrb3ZAY29sbGFib3JhLmNvbT4KClsgVXBzdHJl YW0gY29tbWl0IDgwNTlhZGQwNDc4ZTI5Y2I2NDE5MzYwMTFhOGZjYzljZTlmZDgwYmUgXQoKVGhl cmUgYXJlIGNhc2VzIChpbiBtZXNhIGFuZCBhcHBsaWNhdGlvbnMpIHdoZXJlIG9uZSB3b3VsZCBv cGVuIHRoZQpwcmltYXJ5IG5vZGUgd2l0aG91dCBwcm9wZXJseSBhdXRoZW50aWNhdGluZyB0aGUg Y2xpZW50LgoKU29tZXRpbWVzIHdlIGRvbid0IGNoZWNrIGlmIHRoZSBhdXRoZW50aWNhdGlvbiBz dWNjZWVkcywgYnV0IHRoZXJlJ3MKYWxzbyBjYXNlcyB3ZSBzaW1wbHkgZm9yZ2V0IHRvIGRvIGl0 LgoKVGhlIGZvcm1lciB3YXMgYSBjYXNlIGZvciBNZXNhIHdoZXJlIGl0IGRpZCBub3Qgbm90IGNo ZWNrIHRoZSByZXR1cm4KdmFsdWUgb2YgZHJtR2V0TWFnaWMoKSBbMV0uIFRoYXQgd2FzIGZpeGVk IHJlY2VudGx5IGFsdGhvdWdoLCB0aGVyZSdzCnRoZSBxdWVzdGlvbiBvZiBvbGRlciBkcml2ZXJz IG9yIG90aGVyIGFwcHMgdGhhdCBleGJpYml0IHRoaXMgYmVoYXZpb3VyLgoKV2hpbGUgb21pdHRp bmcgdGhlIGNhbGwgcmVzdWx0cyBpbiBpc3N1ZXMgYXMgc2VlbiBpbiBbMl0gYW5kIFszXS4KCklu IHRoZSBsaWJ2YSBjYXNlLCBsaWJ2YSBpdHNlbGYgZG9lc24ndCBhdXRoZW50aWNhdGUgdGhlIERS TSBjbGllbnQgYW5kCnRoZSB2YUdldERpc3BsYXlEUk0gZG9jdW1lbnRhdGlvbiBkb2Vzbid0IG1l bnRpb24gaWYgdGhlIGFwcCBzaG91bGQKZWl0aGVyLgoKQXMgb2YgdG9kYXksIHRoZSBvZmZpY2lh bCB2YWluZm8gdXRpbGl0eSBkb2Vzbid0IGF1dGhlbnRpY2F0ZS4KClRvIHdvcmthcm91bmQgaXNz dWVzIGxpa2UgdGhlc2UsIHNvbWUgdXNlcnMgcmVzb3J0IHRvIHJ1bm5pbmcgdGhlaXIgYXBwcwp1 bmRlciBzdWRvLiBXaGljaCBhZG1pdHRlZGx5IGlzbid0IGFsd2F5cyBhIGdvb2QgaWRlYS4KClNp bmNlIGFueSBEUklWRVJfUkVOREVSIGRyaXZlciBoYXMgc3VmZmljaWVudCBpc29sYXRpb24gYmV0 d2VlbiBjbGllbnRzLAp3ZSBjYW4gdXNlIHRoYXQsIGZvciB1bmF1dGhlbnRpY2F0ZWQgW3ByaW1h cnkgbm9kZV0gaW9jdGxzIHRoYXQgcmVxdWlyZQpEUk1fQVVUSC4gQnV0IG9ubHkgaWYgdGhlIHJl c3BlY3RpdmUgaW9jdGwgaXMgdGFnZ2VkIGFzIERSTV9SRU5ERVJfQUxMT1cuCgp2MjoKLSBSZXdv cmsvc2ltcGxpZnkgaWYgY2hlY2sgKERhbmllbCBWKQotIEFkZCBleGFtcGxlcyB0byBjb21taXQg bWVzc2FnZXMsIGVsYWJvcmF0ZS4gKERhbmllbCBWKQoKdjM6Ci0gVXNlIHNpbmdsZSB1bmxpa2Vs eSAoRGFuaWVsIFYpCgpbMV0gaHR0cHM6Ly9naXRsYWIuZnJlZWRlc2t0b3Aub3JnL21lc2EvbWVz YS9ibG9iLzJiYzFmNWMyZTcwZmUzYjRkNDFmMDYwYWY5ODU5YmMyYTk0YzViNjIvc3JjL2VnbC9k cml2ZXJzL2RyaTIvcGxhdGZvcm1fd2F5bGFuZC5jI0wxMTM2ClsyXSBodHRwczovL2xpc3RzLmZy ZWVkZXNrdG9wLm9yZy9hcmNoaXZlcy9saWJ2YS8yMDE2LUp1bHkvMDA0MTg1Lmh0bWwKWzNdIGh0 dHBzOi8vZ2l0bGFiLmZyZWVkZXNrdG9wLm9yZy9tZXNhL2ttc2N1YmUvaXNzdWVzLzEKVGVzdGNh c2U6IGlndC9jb3JlX3VuYXV0aF92c19yZW5kZXIKQ2M6IGludGVsLWdmeEBsaXN0cy5mcmVlZGVz a3RvcC5vcmcKU2lnbmVkLW9mZi1ieTogRW1pbCBWZWxpa292IDxlbWlsLnZlbGlrb3ZAY29sbGFi b3JhLmNvbT4KUmV2aWV3ZWQtYnk6IERhbmllbCBWZXR0ZXIgPGRhbmllbC52ZXR0ZXJAZmZ3bGwu Y2g+Ckxpbms6IGh0dHBzOi8vcGF0Y2h3b3JrLmZyZWVkZXNrdG9wLm9yZy9wYXRjaC9tc2dpZC8y MDE5MDExNDA4NTQwOC4xNTkzMy0yLWVtaWwubC52ZWxpa292QGdtYWlsLmNvbQpTaWduZWQtb2Zm LWJ5OiBTYXNoYSBMZXZpbiA8c2FzaGFsQGtlcm5lbC5vcmc+Ci0tLQogZHJpdmVycy9ncHUvZHJt L2RybV9pb2N0bC5jIHwgMjAgKysrKysrKysrKysrKysrKy0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAx NiBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvZ3B1 L2RybS9kcm1faW9jdGwuYyBiL2RyaXZlcnMvZ3B1L2RybS9kcm1faW9jdGwuYwppbmRleCBiYTEy OWI2NGI2MWYuLmY4ZDMzM2Y2NThhNCAxMDA2NDQKLS0tIGEvZHJpdmVycy9ncHUvZHJtL2RybV9p b2N0bC5jCisrKyBiL2RyaXZlcnMvZ3B1L2RybS9kcm1faW9jdGwuYwpAQCAtNTAyLDYgKzUwMiwx MyBAQCBpbnQgZHJtX3ZlcnNpb24oc3RydWN0IGRybV9kZXZpY2UgKmRldiwgdm9pZCAqZGF0YSwK IAlyZXR1cm4gZXJyOwogfQogCitzdGF0aWMgaW5saW5lIGJvb2wKK2RybV9yZW5kZXJfZHJpdmVy X2FuZF9pb2N0bChjb25zdCBzdHJ1Y3QgZHJtX2RldmljZSAqZGV2LCB1MzIgZmxhZ3MpCit7CisJ cmV0dXJuIGRybV9jb3JlX2NoZWNrX2ZlYXR1cmUoZGV2LCBEUklWRVJfUkVOREVSKSAmJgorCQko ZmxhZ3MgJiBEUk1fUkVOREVSX0FMTE9XKTsKK30KKwogLyoqCiAgKiBkcm1faW9jdGxfcGVybWl0 IC0gQ2hlY2sgaW9jdGwgcGVybWlzc2lvbnMgYWdhaW5zdCBjYWxsZXIKICAqCkBAIC01MTYsMTQg KzUyMywxOSBAQCBpbnQgZHJtX3ZlcnNpb24oc3RydWN0IGRybV9kZXZpY2UgKmRldiwgdm9pZCAq ZGF0YSwKICAqLwogaW50IGRybV9pb2N0bF9wZXJtaXQodTMyIGZsYWdzLCBzdHJ1Y3QgZHJtX2Zp bGUgKmZpbGVfcHJpdikKIHsKKwljb25zdCBzdHJ1Y3QgZHJtX2RldmljZSAqZGV2ID0gZmlsZV9w cml2LT5taW5vci0+ZGV2OworCiAJLyogUk9PVF9PTkxZIGlzIG9ubHkgZm9yIENBUF9TWVNfQURN SU4gKi8KIAlpZiAodW5saWtlbHkoKGZsYWdzICYgRFJNX1JPT1RfT05MWSkgJiYgIWNhcGFibGUo Q0FQX1NZU19BRE1JTikpKQogCQlyZXR1cm4gLUVBQ0NFUzsKIAotCS8qIEFVVEggaXMgb25seSBm b3IgYXV0aGVudGljYXRlZCBvciByZW5kZXIgY2xpZW50ICovCi0JaWYgKHVubGlrZWx5KChmbGFn cyAmIERSTV9BVVRIKSAmJiAhZHJtX2lzX3JlbmRlcl9jbGllbnQoZmlsZV9wcml2KSAmJgotCQkg ICAgICFmaWxlX3ByaXYtPmF1dGhlbnRpY2F0ZWQpKQotCQlyZXR1cm4gLUVBQ0NFUzsKKwkvKiBB VVRIIGlzIG9ubHkgZm9yIG1hc3RlciAuLi4gKi8KKwlpZiAodW5saWtlbHkoKGZsYWdzICYgRFJN X0FVVEgpICYmIGRybV9pc19wcmltYXJ5X2NsaWVudChmaWxlX3ByaXYpKSkgeworCQkvKiBhdXRo ZW50aWNhdGVkIG9uZXMsIG9yIHJlbmRlciBjYXBhYmxlIG9uIERSTV9SRU5ERVJfQUxMT1cuICov CisJCWlmICghZmlsZV9wcml2LT5hdXRoZW50aWNhdGVkICYmCisJCSAgICAhZHJtX3JlbmRlcl9k cml2ZXJfYW5kX2lvY3RsKGRldiwgZmxhZ3MpKQorCQkJcmV0dXJuIC1FQUNDRVM7CisJfQogCiAJ LyogTUFTVEVSIGlzIG9ubHkgZm9yIG1hc3RlciBvciBjb250cm9sIGNsaWVudHMgKi8KIAlpZiAo dW5saWtlbHkoKGZsYWdzICYgRFJNX01BU1RFUikgJiYKLS0gCjIuMTkuMQoKX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KSW50ZWwtZ2Z4IG1haWxpbmcgbGlz dApJbnRlbC1nZnhAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlzdHMuZnJlZWRlc2t0 b3Aub3JnL21haWxtYW4vbGlzdGluZm8vaW50ZWwtZ2Z4 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E700CC43381 for ; Wed, 27 Mar 2019 19:03:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B2CE8206B7 for ; Wed, 27 Mar 2019 19:03:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553713425; bh=Y4rT8gAFjxr5By5aPaUjpOZnCnpawLfWHz5cz7ca4Tc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=zOMYA9fStHKrTFxbBXI3WX5mFOMkpSoF3FZt6mBLe3V8e9KpzkiXZ8hPlu6AryrFH YmxE8ZA+UunBWdXmOtltqKVcocM5I/QKFL7YAZQWgBw0OPah2X9xvujUPDEODpSFHs rRWeLPTrwQ8xvg7kmx/eex4h86heYXeDhXHiigOk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389791AbfC0TDn (ORCPT ); Wed, 27 Mar 2019 15:03:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:55956 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389405AbfC0SNW (ORCPT ); Wed, 27 Mar 2019 14:13:22 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 592952147C; Wed, 27 Mar 2019 18:13:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553710401; bh=Y4rT8gAFjxr5By5aPaUjpOZnCnpawLfWHz5cz7ca4Tc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RJwc9wAEVYTx/dogI85W6AWbV/gBnB4Wl76EFexdc6svAkRqYA9MoqKBUfIzLkE7w mUSJTxwyw0pSPBe4Dw0HA8WGHB3J+wOxNsXtNxq70t/MUznIOGwXmqlO2kgD+NjsWr CW4bh4P5qKPti3HApitpTOM8qFkvEcfgUkdKzj74= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Emil Velikov , intel-gfx@lists.freedesktop.org, Sasha Levin , dri-devel@lists.freedesktop.org Subject: [PATCH AUTOSEL 4.19 102/192] drm: allow render capable master with DRM_AUTH ioctls Date: Wed, 27 Mar 2019 14:08:54 -0400 Message-Id: <20190327181025.13507-102-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190327181025.13507-1-sashal@kernel.org> References: <20190327181025.13507-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Emil Velikov [ Upstream commit 8059add0478e29cb641936011a8fcc9ce9fd80be ] There are cases (in mesa and applications) where one would open the primary node without properly authenticating the client. Sometimes we don't check if the authentication succeeds, but there's also cases we simply forget to do it. The former was a case for Mesa where it did not not check the return value of drmGetMagic() [1]. That was fixed recently although, there's the question of older drivers or other apps that exbibit this behaviour. While omitting the call results in issues as seen in [2] and [3]. In the libva case, libva itself doesn't authenticate the DRM client and the vaGetDisplayDRM documentation doesn't mention if the app should either. As of today, the official vainfo utility doesn't authenticate. To workaround issues like these, some users resort to running their apps under sudo. Which admittedly isn't always a good idea. Since any DRIVER_RENDER driver has sufficient isolation between clients, we can use that, for unauthenticated [primary node] ioctls that require DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. v2: - Rework/simplify if check (Daniel V) - Add examples to commit messages, elaborate. (Daniel V) v3: - Use single unlikely (Daniel V) [1] https://gitlab.freedesktop.org/mesa/mesa/blob/2bc1f5c2e70fe3b4d41f060af9859bc2a94c5b62/src/egl/drivers/dri2/platform_wayland.c#L1136 [2] https://lists.freedesktop.org/archives/libva/2016-July/004185.html [3] https://gitlab.freedesktop.org/mesa/kmscube/issues/1 Testcase: igt/core_unauth_vs_render Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20190114085408.15933-2-emil.l.velikov@gmail.com Signed-off-by: Sasha Levin --- drivers/gpu/drm/drm_ioctl.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index ba129b64b61f..f8d333f658a4 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -502,6 +502,13 @@ int drm_version(struct drm_device *dev, void *data, return err; } +static inline bool +drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags) +{ + return drm_core_check_feature(dev, DRIVER_RENDER) && + (flags & DRM_RENDER_ALLOW); +} + /** * drm_ioctl_permit - Check ioctl permissions against caller * @@ -516,14 +523,19 @@ int drm_version(struct drm_device *dev, void *data, */ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) { + const struct drm_device *dev = file_priv->minor->dev; + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) return -EACCES; - /* AUTH is only for authenticated or render client */ - if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && - !file_priv->authenticated)) - return -EACCES; + /* AUTH is only for master ... */ + if (unlikely((flags & DRM_AUTH) && drm_is_primary_client(file_priv))) { + /* authenticated ones, or render capable on DRM_RENDER_ALLOW. */ + if (!file_priv->authenticated && + !drm_render_driver_and_ioctl(dev, flags)) + return -EACCES; + } /* MASTER is only for master or control clients */ if (unlikely((flags & DRM_MASTER) && -- 2.19.1