drm/vmwgfx: check master authentication in surface_ref ioctls

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

With later commit we'll rework DRM authentication handling. Namely
DRM_AUTH will not be a requirement for DRM_RENDER_ALLOW ioctls.

Since vmwgfx does isolation for primary clients in different master
realms, the DRM_AUTH can be dropped.

The only place where authentication matters, is surface_reference ioctls
whenever a legacy (non-prime) handle is used. For those ioctls we call
vmw_surface_handle_reference(), where we explicitly check if the client
is both a) master and b) unauthenticated - bailing out as result.

Otherwise the usual isolation path kicks in and we're all good.

v2: Reword commit message, since the isolation work has landed.

Cc: VMware Graphics <linux-graphics-maintainer@vmware.com>
Cc: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>

authored by

Emil Velikov and committed by

Thomas Hellstrom 6 years ago 4872e6aa 8815a94f

1 changed file

expand all

drivers

gpu

drm

vmwgfx

vmwgfx_surface.c

drivers/gpu/drm/vmwgfx/vmwgfx_surface.c

··· 961 961 user_srf = container_of(base, struct vmw_user_surface, 962 962 prime.base); 963 963 964 + /* Error out if we are unauthenticated primary */ 965 + if (drm_is_primary_client(file_priv) && 966 + !file_priv->authenticated) { 967 + ret = -EACCES; 968 + goto out_bad_resource; 969 + } 970 + 964 971 /* 965 972 * Make sure the surface creator has the same 966 973 * authenticating master, or is already registered with us.