From: Emil Velikov Date: Fri, 1 Nov 2019 13:03:10 +0000 (+0000) Subject: drm/vmwgfx: check master authentication in surface_ref ioctls X-Git-Tag: v5.6-rc1~114^2~3^2~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4872e6aa217fbb475ffa0ad7bda0d9acff543f2c;p=thirdparty%2Fkernel%2Flinux.git drm/vmwgfx: check master authentication in surface_ref ioctls With later commit we'll rework DRM authentication handling. Namely DRM_AUTH will not be a requirement for DRM_RENDER_ALLOW ioctls. Since vmwgfx does isolation for primary clients in different master realms, the DRM_AUTH can be dropped. The only place where authentication matters, is surface_reference ioctls whenever a legacy (non-prime) handle is used. For those ioctls we call vmw_surface_handle_reference(), where we explicitly check if the client is both a) master and b) unauthenticated - bailing out as result. Otherwise the usual isolation path kicks in and we're all good. v2: Reword commit message, since the isolation work has landed. Cc: VMware Graphics Cc: Thomas Hellstrom Signed-off-by: Emil Velikov Reviewed-by: Thomas Hellstrom Signed-off-by: Thomas Hellstrom --- diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index 590bde9939469..3ce630aa4fde5 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -961,6 +961,13 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, user_srf = container_of(base, struct vmw_user_surface, prime.base); + /* Error out if we are unauthenticated primary */ + if (drm_is_primary_client(file_priv) && + !file_priv->authenticated) { + ret = -EACCES; + goto out_bad_resource; + } + /* * Make sure the surface creator has the same * authenticating master, or is already registered with us.