Re: [PATCH 12/13] drm/virtio: drop DRM_AUTH usage from the driver

On Mon, 27 May 2019 at 09:19, Emil Velikov emil.l.velikov@gmail.com wrote:

From: Emil Velikov emil.velikov@collabora.com

The authentication can be circumvented, by design, by using the render node.

From the driver POV there is no distinction between primary and render nodes, thus we can drop the token.

Cc: Gerd Hoffmann kraxel@redhat.com Cc: virtualization@lists.linux-foundation.org Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Signed-off-by: Emil Velikov emil.velikov@collabora.com

---

drivers/gpu/drm/virtio/virtgpu_ioctl.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c index 949a264985fc..e72626faba52 100644 --- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c +++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c @@ -553,34 +553,34 @@ static int virtio_gpu_get_caps_ioctl(struct drm_device *dev,

struct drm_ioctl_desc virtio_gpu_ioctls[DRM_VIRTIO_NUM_IOCTLS] = { DRM_IOCTL_DEF_DRV(VIRTGPU_MAP, virtio_gpu_map_ioctl,

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    DRM_IOCTL_DEF_DRV(VIRTGPU_EXECBUFFER, virtio_gpu_execbuffer_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    DRM_IOCTL_DEF_DRV(VIRTGPU_GETPARAM, virtio_gpu_getparam_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_CREATE,
                      virtio_gpu_resource_create_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    DRM_IOCTL_DEF_DRV(VIRTGPU_RESOURCE_INFO, virtio_gpu_resource_info_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    /* make transfer async to the main ring? - no sure, can we
     * thread these in the underlying GL
     */
    DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_FROM_HOST,
                      virtio_gpu_transfer_from_host_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
    DRM_IOCTL_DEF_DRV(VIRTGPU_TRANSFER_TO_HOST,
                      virtio_gpu_transfer_to_host_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    DRM_IOCTL_DEF_DRV(VIRTGPU_WAIT, virtio_gpu_wait_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  
    DRM_IOCTL_DEF_DRV(VIRTGPU_GET_CAPS, virtio_gpu_get_caps_ioctl,
  

•                     DRM_AUTH | DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

•                     DRM_UNLOCKED | DRM_RENDER_ALLOW),
  

};

2.21.0

Humble poke?

Thanks, Emil