On 2019/05/27, Daniel Vetter wrote:
On Mon, May 27, 2019 at 09:17:29AM +0100, Emil Velikov wrote:
From: Emil Velikov emil.velikov@collabora.com
Currently one can circumvent DRM_AUTH, when the ioctl is exposed via the render node. A seemingly deliberate design decision.
Hence we can drop the DRM_AUTH all together (details in follow-up patch) yet not all userspace checks if it's authenticated, but instead uses uncommon assumptions.
After days of digging through git log and testing, only a single (ab)use was spotted - the Mesa RADV driver, using the AMDGPU_INFO ioctl and assuming that failure implies lack of authentication.
Maybe correction here: Id does not care about authentication at all. It wants to figure out whether it has access to modeset resources, which is something entirely different, but happened to match in amdgpu's case.
It feels like we have conflated the two (perhaps due to historical reasons) and I'm not 100% sure which one the AMDGPU code inspects.
How about:
Hence we can drop the DRM_AUTH all together (details in follow-up patch) yet that cause a regression in some userspace, when it conflates the authentication status with access to modeset resources.
After days of digging through git log and testing, only a single (ab)use was spotted - the Mesa RADV driver, using the AMDGPU_INFO ioctl.
Affected versions are:
- the whole 18.2.x series, which is EOL
- the whole 18.3.x series, which is EOL
- the 19.0.x series, prior to 19.0.4
Hm I think I'm blind, I'm not seeing the fix merged to mesa master. Still there on gitlab:
https://gitlab.freedesktop.org/mesa/mesa/blob/master/src/amd/vulkan/radv_dev...
What am I missing?
Opted for a simple, more generic solution see commit c962a78f18284e2971301bf68c9c60500ca398e4
This way, the same check is: - enforced where it's used - present for all Mesa Vulkan drivers
Will include the sha + commit title for v2.
Add a special quirk for that case, thus we can drop DRM_AUTH bits as mentioned earlier.
Since all the affected userspace is EOL, we also add a kconfig option to disable this quirk.
The whole approach is inspired by DRIVER_KMS_LEGACY_CONTEXT
Cc: Alex Deucher alexander.deucher@amd.com Cc: Christian König christian.koenig@amd.com Cc: amd-gfx@lists.freedesktop.org Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Signed-off-by: Emil Velikov emil.velikov@collabora.com
Aside from the nits I think reasonable approach.
Great, glad to hear. Now all we need is to bribe^Wconvince Christian.
Thanks Emil