From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: [PATCH AUTOSEL 4.14 068/123] drm: allow render capable master with DRM_AUTH ioctls Date: Wed, 27 Mar 2019 14:15:32 -0400 Message-ID: <20190327181628.15899-68-sashal@kernel.org> References: <20190327181628.15899-1-sashal@kernel.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20190327181628.15899-1-sashal@kernel.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sasha Levin , intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Emil Velikov List-Id: dri-devel@lists.freedesktop.org RnJvbTogRW1pbCBWZWxpa292IDxlbWlsLnZlbGlrb3ZAY29sbGFib3JhLmNvbT4KClsgVXBzdHJl YW0gY29tbWl0IDgwNTlhZGQwNDc4ZTI5Y2I2NDE5MzYwMTFhOGZjYzljZTlmZDgwYmUgXQoKVGhl cmUgYXJlIGNhc2VzIChpbiBtZXNhIGFuZCBhcHBsaWNhdGlvbnMpIHdoZXJlIG9uZSB3b3VsZCBv cGVuIHRoZQpwcmltYXJ5IG5vZGUgd2l0aG91dCBwcm9wZXJseSBhdXRoZW50aWNhdGluZyB0aGUg Y2xpZW50LgoKU29tZXRpbWVzIHdlIGRvbid0IGNoZWNrIGlmIHRoZSBhdXRoZW50aWNhdGlvbiBz dWNjZWVkcywgYnV0IHRoZXJlJ3MKYWxzbyBjYXNlcyB3ZSBzaW1wbHkgZm9yZ2V0IHRvIGRvIGl0 LgoKVGhlIGZvcm1lciB3YXMgYSBjYXNlIGZvciBNZXNhIHdoZXJlIGl0IGRpZCBub3Qgbm90IGNo ZWNrIHRoZSByZXR1cm4KdmFsdWUgb2YgZHJtR2V0TWFnaWMoKSBbMV0uIFRoYXQgd2FzIGZpeGVk IHJlY2VudGx5IGFsdGhvdWdoLCB0aGVyZSdzCnRoZSBxdWVzdGlvbiBvZiBvbGRlciBkcml2ZXJz IG9yIG90aGVyIGFwcHMgdGhhdCBleGJpYml0IHRoaXMgYmVoYXZpb3VyLgoKV2hpbGUgb21pdHRp bmcgdGhlIGNhbGwgcmVzdWx0cyBpbiBpc3N1ZXMgYXMgc2VlbiBpbiBbMl0gYW5kIFszXS4KCklu IHRoZSBsaWJ2YSBjYXNlLCBsaWJ2YSBpdHNlbGYgZG9lc24ndCBhdXRoZW50aWNhdGUgdGhlIERS TSBjbGllbnQgYW5kCnRoZSB2YUdldERpc3BsYXlEUk0gZG9jdW1lbnRhdGlvbiBkb2Vzbid0IG1l bnRpb24gaWYgdGhlIGFwcCBzaG91bGQKZWl0aGVyLgoKQXMgb2YgdG9kYXksIHRoZSBvZmZpY2lh bCB2YWluZm8gdXRpbGl0eSBkb2Vzbid0IGF1dGhlbnRpY2F0ZS4KClRvIHdvcmthcm91bmQgaXNz dWVzIGxpa2UgdGhlc2UsIHNvbWUgdXNlcnMgcmVzb3J0IHRvIHJ1bm5pbmcgdGhlaXIgYXBwcwp1 bmRlciBzdWRvLiBXaGljaCBhZG1pdHRlZGx5IGlzbid0IGFsd2F5cyBhIGdvb2QgaWRlYS4KClNp bmNlIGFueSBEUklWRVJfUkVOREVSIGRyaXZlciBoYXMgc3VmZmljaWVudCBpc29sYXRpb24gYmV0 d2VlbiBjbGllbnRzLAp3ZSBjYW4gdXNlIHRoYXQsIGZvciB1bmF1dGhlbnRpY2F0ZWQgW3ByaW1h cnkgbm9kZV0gaW9jdGxzIHRoYXQgcmVxdWlyZQpEUk1fQVVUSC4gQnV0IG9ubHkgaWYgdGhlIHJl c3BlY3RpdmUgaW9jdGwgaXMgdGFnZ2VkIGFzIERSTV9SRU5ERVJfQUxMT1cuCgp2MjoKLSBSZXdv cmsvc2ltcGxpZnkgaWYgY2hlY2sgKERhbmllbCBWKQotIEFkZCBleGFtcGxlcyB0byBjb21taXQg bWVzc2FnZXMsIGVsYWJvcmF0ZS4gKERhbmllbCBWKQoKdjM6Ci0gVXNlIHNpbmdsZSB1bmxpa2Vs eSAoRGFuaWVsIFYpCgpbMV0gaHR0cHM6Ly9naXRsYWIuZnJlZWRlc2t0b3Aub3JnL21lc2EvbWVz YS9ibG9iLzJiYzFmNWMyZTcwZmUzYjRkNDFmMDYwYWY5ODU5YmMyYTk0YzViNjIvc3JjL2VnbC9k cml2ZXJzL2RyaTIvcGxhdGZvcm1fd2F5bGFuZC5jI0wxMTM2ClsyXSBodHRwczovL2xpc3RzLmZy ZWVkZXNrdG9wLm9yZy9hcmNoaXZlcy9saWJ2YS8yMDE2LUp1bHkvMDA0MTg1Lmh0bWwKWzNdIGh0 dHBzOi8vZ2l0bGFiLmZyZWVkZXNrdG9wLm9yZy9tZXNhL2ttc2N1YmUvaXNzdWVzLzEKVGVzdGNh c2U6IGlndC9jb3JlX3VuYXV0aF92c19yZW5kZXIKQ2M6IGludGVsLWdmeEBsaXN0cy5mcmVlZGVz a3RvcC5vcmcKU2lnbmVkLW9mZi1ieTogRW1pbCBWZWxpa292IDxlbWlsLnZlbGlrb3ZAY29sbGFi b3JhLmNvbT4KUmV2aWV3ZWQtYnk6IERhbmllbCBWZXR0ZXIgPGRhbmllbC52ZXR0ZXJAZmZ3bGwu Y2g+Ckxpbms6IGh0dHBzOi8vcGF0Y2h3b3JrLmZyZWVkZXNrdG9wLm9yZy9wYXRjaC9tc2dpZC8y MDE5MDExNDA4NTQwOC4xNTkzMy0yLWVtaWwubC52ZWxpa292QGdtYWlsLmNvbQpTaWduZWQtb2Zm LWJ5OiBTYXNoYSBMZXZpbiA8c2FzaGFsQGtlcm5lbC5vcmc+Ci0tLQogZHJpdmVycy9ncHUvZHJt L2RybV9pb2N0bC5jIHwgMjAgKysrKysrKysrKysrKysrKy0tLS0KIDEgZmlsZSBjaGFuZ2VkLCAx NiBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvZ3B1 L2RybS9kcm1faW9jdGwuYyBiL2RyaXZlcnMvZ3B1L2RybS9kcm1faW9jdGwuYwppbmRleCA1M2Yz MTkzNjlkZTUuLjhhZTJlOWE1NTczYiAxMDA2NDQKLS0tIGEvZHJpdmVycy9ncHUvZHJtL2RybV9p b2N0bC5jCisrKyBiL2RyaXZlcnMvZ3B1L2RybS9kcm1faW9jdGwuYwpAQCAtNDg2LDYgKzQ4Niwx MyBAQCBpbnQgZHJtX3ZlcnNpb24oc3RydWN0IGRybV9kZXZpY2UgKmRldiwgdm9pZCAqZGF0YSwK IAlyZXR1cm4gZXJyOwogfQogCitzdGF0aWMgaW5saW5lIGJvb2wKK2RybV9yZW5kZXJfZHJpdmVy X2FuZF9pb2N0bChjb25zdCBzdHJ1Y3QgZHJtX2RldmljZSAqZGV2LCB1MzIgZmxhZ3MpCit7CisJ cmV0dXJuIGRybV9jb3JlX2NoZWNrX2ZlYXR1cmUoZGV2LCBEUklWRVJfUkVOREVSKSAmJgorCQko ZmxhZ3MgJiBEUk1fUkVOREVSX0FMTE9XKTsKK30KKwogLyoqCiAgKiBkcm1faW9jdGxfcGVybWl0 IC0gQ2hlY2sgaW9jdGwgcGVybWlzc2lvbnMgYWdhaW5zdCBjYWxsZXIKICAqCkBAIC01MDAsMTQg KzUwNywxOSBAQCBpbnQgZHJtX3ZlcnNpb24oc3RydWN0IGRybV9kZXZpY2UgKmRldiwgdm9pZCAq ZGF0YSwKICAqLwogaW50IGRybV9pb2N0bF9wZXJtaXQodTMyIGZsYWdzLCBzdHJ1Y3QgZHJtX2Zp bGUgKmZpbGVfcHJpdikKIHsKKwljb25zdCBzdHJ1Y3QgZHJtX2RldmljZSAqZGV2ID0gZmlsZV9w cml2LT5taW5vci0+ZGV2OworCiAJLyogUk9PVF9PTkxZIGlzIG9ubHkgZm9yIENBUF9TWVNfQURN SU4gKi8KIAlpZiAodW5saWtlbHkoKGZsYWdzICYgRFJNX1JPT1RfT05MWSkgJiYgIWNhcGFibGUo Q0FQX1NZU19BRE1JTikpKQogCQlyZXR1cm4gLUVBQ0NFUzsKIAotCS8qIEFVVEggaXMgb25seSBm b3IgYXV0aGVudGljYXRlZCBvciByZW5kZXIgY2xpZW50ICovCi0JaWYgKHVubGlrZWx5KChmbGFn cyAmIERSTV9BVVRIKSAmJiAhZHJtX2lzX3JlbmRlcl9jbGllbnQoZmlsZV9wcml2KSAmJgotCQkg ICAgICFmaWxlX3ByaXYtPmF1dGhlbnRpY2F0ZWQpKQotCQlyZXR1cm4gLUVBQ0NFUzsKKwkvKiBB VVRIIGlzIG9ubHkgZm9yIG1hc3RlciAuLi4gKi8KKwlpZiAodW5saWtlbHkoKGZsYWdzICYgRFJN X0FVVEgpICYmIGRybV9pc19wcmltYXJ5X2NsaWVudChmaWxlX3ByaXYpKSkgeworCQkvKiBhdXRo ZW50aWNhdGVkIG9uZXMsIG9yIHJlbmRlciBjYXBhYmxlIG9uIERSTV9SRU5ERVJfQUxMT1cuICov CisJCWlmICghZmlsZV9wcml2LT5hdXRoZW50aWNhdGVkICYmCisJCSAgICAhZHJtX3JlbmRlcl9k cml2ZXJfYW5kX2lvY3RsKGRldiwgZmxhZ3MpKQorCQkJcmV0dXJuIC1FQUNDRVM7CisJfQogCiAJ LyogTUFTVEVSIGlzIG9ubHkgZm9yIG1hc3RlciBvciBjb250cm9sIGNsaWVudHMgKi8KIAlpZiAo dW5saWtlbHkoKGZsYWdzICYgRFJNX01BU1RFUikgJiYgCi0tIAoyLjE5LjEKCl9fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmRyaS1kZXZlbCBtYWlsaW5nIGxp c3QKZHJpLWRldmVsQGxpc3RzLmZyZWVkZXNrdG9wLm9yZwpodHRwczovL2xpc3RzLmZyZWVkZXNr dG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2RyaS1kZXZlbA== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D0DDC4360F for ; Wed, 27 Mar 2019 18:18:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5CE372087C for ; Wed, 27 Mar 2019 18:18:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553710715; bh=CuzjeY4s4b46XczcAQIrD9ZF85EVr3w4qnAcTlPhPXk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=TPuNua8zIkd1k+j3cCNa6+PecY/kk1xaluPrj3jHPerGBKOYCtoxqqDK8gB0X7zw/ Ex6sG4qs7zs5P4xHAxtVOEUMg9upZB4TkoBeb/GniXPOsVN14jJAWlhZqOH/rsYqxb qYoUFmwhP3KfTaEI8dmoaLLyWTuHtUqPirR7wV3k= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390542AbfC0SSd (ORCPT ); Wed, 27 Mar 2019 14:18:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:35460 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389903AbfC0SSa (ORCPT ); Wed, 27 Mar 2019 14:18:30 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 490862087C; Wed, 27 Mar 2019 18:18:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553710709; bh=CuzjeY4s4b46XczcAQIrD9ZF85EVr3w4qnAcTlPhPXk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dSZExMbVoWO/DjMmewW6fRAaunBzdNNugHJxhcz0crCZ+cmIIKTMJ+Ibn5UffMYlF 2fPpjIDkbO7mB/7n+W1NHi4bHbcjbicYWSfcVVdtPS6tFTT7OQP7h1oJQCy22GsKnl 23X1rJnRTvsfow/cs8ymR7Ehy7aC8SCp0KYxfTo8= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Emil Velikov , intel-gfx@lists.freedesktop.org, Sasha Levin , dri-devel@lists.freedesktop.org Subject: [PATCH AUTOSEL 4.14 068/123] drm: allow render capable master with DRM_AUTH ioctls Date: Wed, 27 Mar 2019 14:15:32 -0400 Message-Id: <20190327181628.15899-68-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190327181628.15899-1-sashal@kernel.org> References: <20190327181628.15899-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Emil Velikov [ Upstream commit 8059add0478e29cb641936011a8fcc9ce9fd80be ] There are cases (in mesa and applications) where one would open the primary node without properly authenticating the client. Sometimes we don't check if the authentication succeeds, but there's also cases we simply forget to do it. The former was a case for Mesa where it did not not check the return value of drmGetMagic() [1]. That was fixed recently although, there's the question of older drivers or other apps that exbibit this behaviour. While omitting the call results in issues as seen in [2] and [3]. In the libva case, libva itself doesn't authenticate the DRM client and the vaGetDisplayDRM documentation doesn't mention if the app should either. As of today, the official vainfo utility doesn't authenticate. To workaround issues like these, some users resort to running their apps under sudo. Which admittedly isn't always a good idea. Since any DRIVER_RENDER driver has sufficient isolation between clients, we can use that, for unauthenticated [primary node] ioctls that require DRM_AUTH. But only if the respective ioctl is tagged as DRM_RENDER_ALLOW. v2: - Rework/simplify if check (Daniel V) - Add examples to commit messages, elaborate. (Daniel V) v3: - Use single unlikely (Daniel V) [1] https://gitlab.freedesktop.org/mesa/mesa/blob/2bc1f5c2e70fe3b4d41f060af9859bc2a94c5b62/src/egl/drivers/dri2/platform_wayland.c#L1136 [2] https://lists.freedesktop.org/archives/libva/2016-July/004185.html [3] https://gitlab.freedesktop.org/mesa/kmscube/issues/1 Testcase: igt/core_unauth_vs_render Cc: intel-gfx@lists.freedesktop.org Signed-off-by: Emil Velikov Reviewed-by: Daniel Vetter Link: https://patchwork.freedesktop.org/patch/msgid/20190114085408.15933-2-emil.l.velikov@gmail.com Signed-off-by: Sasha Levin --- drivers/gpu/drm/drm_ioctl.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c index 53f319369de5..8ae2e9a5573b 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -486,6 +486,13 @@ int drm_version(struct drm_device *dev, void *data, return err; } +static inline bool +drm_render_driver_and_ioctl(const struct drm_device *dev, u32 flags) +{ + return drm_core_check_feature(dev, DRIVER_RENDER) && + (flags & DRM_RENDER_ALLOW); +} + /** * drm_ioctl_permit - Check ioctl permissions against caller * @@ -500,14 +507,19 @@ int drm_version(struct drm_device *dev, void *data, */ int drm_ioctl_permit(u32 flags, struct drm_file *file_priv) { + const struct drm_device *dev = file_priv->minor->dev; + /* ROOT_ONLY is only for CAP_SYS_ADMIN */ if (unlikely((flags & DRM_ROOT_ONLY) && !capable(CAP_SYS_ADMIN))) return -EACCES; - /* AUTH is only for authenticated or render client */ - if (unlikely((flags & DRM_AUTH) && !drm_is_render_client(file_priv) && - !file_priv->authenticated)) - return -EACCES; + /* AUTH is only for master ... */ + if (unlikely((flags & DRM_AUTH) && drm_is_primary_client(file_priv))) { + /* authenticated ones, or render capable on DRM_RENDER_ALLOW. */ + if (!file_priv->authenticated && + !drm_render_driver_and_ioctl(dev, flags)) + return -EACCES; + } /* MASTER is only for master or control clients */ if (unlikely((flags & DRM_MASTER) && -- 2.19.1