Re: [PATCH 1/2] drm: Do not drop root privileges for a fancier younger process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

On Tue, Oct 29, 2013 at 9:55 AM, Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> wrote:
> When a second process opens the device and master transferrence is
> complete, we walk the list of open devices and remove their
> authentication. This also revokes our root privilege. Instead of simply
> dropping the authentication, this patch reverts the authenticated state
> back to its original value.
>
> Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
> ---
>  drivers/gpu/drm/drm_fops.c | 5 +++--
>  include/drm/drmP.h         | 1 +
>  2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
> index da1940ae9a2d..2f8b41c58d02 100644
> --- a/drivers/gpu/drm/drm_fops.c
> +++ b/drivers/gpu/drm/drm_fops.c
> @@ -239,7 +239,8 @@ static int drm_open_helper(struct inode *inode, struct file *filp,
>
>         priv->ioctl_count = 0;
>         /* for compatibility root is always authenticated */
> -       priv->authenticated = capable(CAP_SYS_ADMIN);
> +       priv->always_authenticated = capable(CAP_SYS_ADMIN);
> +       priv->authenticated = priv->always_authenticated;
>         priv->lock_count = 0;
>
>         INIT_LIST_HEAD(&priv->lhead);
> @@ -523,7 +524,7 @@ int drm_release(struct inode *inode, struct file *filp)
>                 list_for_each_entry(temp, &dev->filelist, lhead) {
>                         if ((temp->master == file_priv->master) &&
>                             (temp != file_priv))
> -                               temp->authenticated = 0;
> +                               temp->authenticated = temp->always_authenticated;
>                 }
>
>                 /**
> diff --git a/include/drm/drmP.h b/include/drm/drmP.h
> index 490534c990b7..3a90857bd0ee 100644
> --- a/include/drm/drmP.h
> +++ b/include/drm/drmP.h
> @@ -412,6 +412,7 @@ struct drm_prime_file_private {
>
>  /** File private data */
>  struct drm_file {
> +       int always_authenticated;
>         int authenticated;

I was going to say you can reuse "authenticated" here as it's an
"int". But your follow-up fixes this I think. Apart from that:
Reviewed-by: David Herrmann <dh.herrmann@xxxxxxxxx>

Please also tag this for stable via: Cc: <stable@xxxxxxxxxxxxxxx>
Thanks
David

>         struct pid *pid;
>         kuid_t uid;
> --
> 1.8.4.rc3
>
> _______________________________________________
> dri-devel mailing list
> dri-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/dri-devel
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux