Hi, On 11/30/2015 04:00 PM, Daniel Vetter wrote: > On Mon, Nov 30, 2015 at 04:44:21AM -0800, Thomas Hellstrom wrote: >> A client calling drmSetMaster() using a file descriptor that was opened >> when another client was master would inherit the latter client's master >> object and all it's authenticated clients. >> >> This is unwanted behaviour, and when this happens, instead allocate a >> brand new master object for the client calling drmSetMaster(). >> >> Signed-off-by: Thomas Hellstrom <thellstrom at vmware.com> > Imo makes sense. It would be great to have a testcase for this, and for > non-kms stuff igt now has support for generic testcases that can be run on > any driver. See for example intel-gpu-tools/tests/core_get_auth_client.c. > > I or Daniel Stone can help out (on irc or mail) with that. > -Daniel
Given that this crashes the kernel by vmwgfx throwing a BUG on some versions of SLE, while probably all other drivers don't care, except that it's a security issue, A generic test case involving DRM clients leaking information between master realms would unfortunately be too resource consuming to put together for our minimal driver team ;). Although I used the attached C program run as root to trigger the behavior and unconditional kernel crash on vmwgfx. On the affected SLE versions, fd1 would represent Xorg, fd2 would represent plymouthd. /Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: drm_master_bug.c Type: text/x-csrc Size: 415 bytes Desc: not available URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20151130/6371a8f2/attachment.c>
