From: "Ville Syrjälä" <ville.syrjala-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
To: Pekka Paalanen <ppaalanen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Daniel Vetter <daniel.vetter-/w4YWyX8dFk@public.gmane.org>,
wayland-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org,
Drew DeVault <sir-ADJa8SdUZZIAvxtiuMwx3w@public.gmane.org>,
DRI Development
<dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org>,
Marius Vlad <marius.vlad-ZGY8ohtN/8qB+jHODAdFcQ@public.gmane.org>
Subject: Re: [PATCH v7] unstable/drm-lease: DRM lease protocol support
Date: Fri, 18 Oct 2019 17:00:20 +0300 [thread overview]
Message-ID: <20191018140020.GD1208@intel.com> (raw)
In-Reply-To: <20191018164329.412b14ca-/rRN1dUVeIoB9AHHLWeGtNQXobZC6xk2@public.gmane.org>
On Fri, Oct 18, 2019 at 04:43:29PM +0300, Pekka Paalanen wrote:
> On Fri, 18 Oct 2019 07:54:50 -0400
> "Drew DeVault" <sir@cmpwn.com> wrote:
>
> > On Fri Oct 18, 2019 at 12:21 PM Pekka Paalanen wrote:
> > > One thing I did not know the last time was that apparently
> > > systemd-logind may not like to give out non-master DRM fds. That might
> > > need fixing in logind implementations. I hope someone would step up to
> > > look into that.
> > >
> > > This protocol aims to deliver a harmless "read-only" DRM device file
> > > description to a client, so that the client can enumerate all DRM
> > > resources, fetch EDID and other properties to be able to decide which
> > > connector it would want to lease. The client should not be able to
> > > change any KMS state through this fd, and it should not be able to e.g.
> > > spy on display contents. The assumption is that a non-master DRM fd
> > > from a fresh open() would be fine for this, but is it?
> >
> > What I do for wlroots is call drmGetDeviceNameFromFd2, which returns the
> > path to the device file, and then I open() it and use
> > drmIsMaster/drmDropMaster to make sure it's not a master fd. This seems
> > to work correctly in practice.
>
> That is nice.
>
> Personally I'm specifically worried about a setup where the user has no
> access permissions to open the DRM device node directly, as is (or
> should be) the case with input devices.
>
> However, since DRM has the master concept which input devices do not,
> maybe there is no reason to prevent a normal user from opening a DRM
> device directly. That is, if our assumption that a non-master DRM fd is
> harmless holds.
If there is no master then the first guy to open the device
automagically becomes the master. Maybe a theoretical DoS
vector if you can sneak in and open the device between
dropmaster/setmaster?
--
Ville Syrjälä
Intel
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-devel
next prev parent reply other threads:[~2019-10-18 14:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20191017174527.181547-1-sir@cmpwn.com>
2019-10-18 9:21 ` [PATCH v7] unstable/drm-lease: DRM lease protocol support Pekka Paalanen
[not found] ` <20191018122130.0f880724-/rRN1dUVeIoB9AHHLWeGtNQXobZC6xk2@public.gmane.org>
2019-10-18 11:54 ` Drew DeVault
2019-10-18 13:43 ` Pekka Paalanen
[not found] ` <20191018164329.412b14ca-/rRN1dUVeIoB9AHHLWeGtNQXobZC6xk2@public.gmane.org>
2019-10-18 14:00 ` Ville Syrjälä [this message]
2019-10-18 14:19 ` Daniel Vetter
2019-10-18 14:34 ` Pekka Paalanen
[not found] ` <20191018173437.0c07c2db-/rRN1dUVeIoB9AHHLWeGtNQXobZC6xk2@public.gmane.org>
2019-10-18 14:43 ` Drew DeVault
2019-10-18 15:06 ` Philipp Zabel
2019-10-18 15:26 ` Pekka Paalanen
2019-10-18 15:47 ` Daniel Vetter
2019-10-21 8:48 ` Pekka Paalanen
2019-10-21 13:12 ` Daniel Vetter
[not found] ` <CAKMK7uFx_QoSf6-VJCEdfSJutogd7MU7KRHfVrP0HoVfS4mkfA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-10-24 14:50 ` Drew DeVault
2019-10-24 14:50 ` Drew DeVault
2019-10-31 18:46 ` Drew DeVault
2019-10-31 18:46 ` Drew DeVault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191018140020.GD1208@intel.com \
--to=ville.syrjala-vuqaysv1563yd54fqh9/ca@public.gmane.org \
--cc=daniel.vetter-/w4YWyX8dFk@public.gmane.org \
--cc=dri-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
--cc=marius.vlad-ZGY8ohtN/8qB+jHODAdFcQ@public.gmane.org \
--cc=ppaalanen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=sir-ADJa8SdUZZIAvxtiuMwx3w@public.gmane.org \
--cc=wayland-devel-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.