Re: [PATCH 4/5] drm/panfrost: remove DRM_AUTH and respective comment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/11/2019 13:10, Emil Velikov wrote:
> On Fri, 1 Nov 2019 at 13:34, Steven Price <steven.price@xxxxxxx> wrote:
>>
>> On 01/11/2019 13:03, Emil Velikov wrote:
>>> From: Emil Velikov <emil.velikov@xxxxxxxxxxxxx>
>>>
>>> As of earlier commit we have address space separation. Yet we forgot to
>>> remove the respective comment and DRM_AUTH in the ioctl declaration.
>>>
>>> Cc: Tomeu Vizoso <tomeu.vizoso@xxxxxxxxxxxxx>
>>> Cc: David Airlie <airlied@xxxxxxxx>
>>> Cc: Daniel Vetter <daniel@xxxxxxxx>
>>> Cc: Robin Murphy <robin.murphy@xxxxxxx>
>>> Cc: Steven Price <steven.price@xxxxxxx>
>>> Fixes: 7282f7645d06 ("drm/panfrost: Implement per FD address spaces")
>>> Signed-off-by: Emil Velikov <emil.velikov@xxxxxxxxxxxxx>
>>
>> Reviewed-by: Steven Price <steven.price@xxxxxxx>
>>
>> I'm not sure DRM_AUTH provided us with much in the first place (because
>> render nodes could snoop/affect the primary node), but since we have
>> address space separation it's clearly not required now.
>>
> Thanks Steve. This is exactly the reason why I removed it from most
> other drivers.
> There are equivalent vmwgfx changes and a DRM core patch in this series.
> 
> Do you think you'll have some time to check those over? Would be
> amazing if I can apply the lot in one go to drm-misc.

I'm afraid I don't know enough about the security model of vmwgfx to
meaningfully comment on those changes. On the surface they look fine,
but it really needs someone who understands whether this exposes an
attack surface.

The DRM core patch concerns me slightly (although again I'm not
completely up to speed on the security mode here). For a device which
doesn't have address space separation (and doesn't support render
nodes), is there anything stopping a process which hasn't authenticated
converting another process's handle to a prime fd? (or injecting dmabufs
into the address space used by the authenticated process - which might
cause address space exhaustion). If that's not a concern then I'm not
sure why the ioctls were originally added with DRM_AUTH...

Steve
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux