From: Emil Velikov <emil.velikov@xxxxxxxxxxxxx>
With later commit we'll rework DRM core authentication handling.
Namely unauthenticated master will be allowed with, DRM_AUTH ioctls.
Since vmwgfx does additional master locking and DRM_AUTH handling, this
will not matter almost all cases.
The only exception being using the legacy handle type in the family of
surface_reference iocts - all handled by vmw_surface_handle_reference().
Add the check to ensure such clients do not access more than they should
Cc: VMware Graphics <linux-graphics-maintainer@xxxxxxxxxx>
Cc: Thomas Hellstrom <thellstrom@xxxxxxxxxx>
Signed-off-by: Emil Velikov <emil.velikov@xxxxxxxxxxxxx>
---
I'd like to merge this through the drm-misc tree. Ack and rb are
appreciated.
Thanks
Emil
Unrelated: worth moving the is_render_client check alongside the
is_primary_client one.
---
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
index 219471903bc1..1f5146c95785 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
@@ -940,6 +940,13 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv,
user_srf = container_of(base, struct vmw_user_surface,
prime.base);
+ /* Error out if we are unauthenticated master */
+ if (drm_is_primary_client(file_priv) &&
+ !file_priv->authenticated) {
+ ret = -EACCES;
+ goto out_bad_resource;
+ }
+
/*
* Make sure the surface creator has the same
* authenticating master, or is already registered with us.
--
2.21.0
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
