Emil Velikov <emil.l.velikov at gmail.com> writes: > On 10 June 2016 at 00:42, Eric Anholt <eric at anholt.net> wrote: >> Rob Herring <robh at kernel.org> writes: >> >>> Ioctls generally have DRM_AUTH and DRM_RENDER_ALLOW set to restrict them >>> to authorized clients and render nodes. Without this, access from render >>> nodes fails. >> >> We've already got a fix to add RENDER_ALLOW submitted in the latest >> drm-vc4-fixes. There's no reason to require auth on this >> implementation, though. >> > Not 100% sure but I think you do. At least every other driver does... > > Why: I'm thinking that without DRM_AUTH one will be able to open the > card# node and issue the said IOCTLs even if the client is not > authenticated. Which, obviously isn't a huge deal, but doesn't sound > right. > > Then again, my knowledge of vc4 is virtually non-existent, so there > might be something special happening here ?
Let's flip this around: What is the problem you see with calling any of the ioctls without having gone through the auth dance? I don't believe there's any reason to require auth, since you only have access to the buffers you create or import. Basically, auth was created a stopgap solution for "but if anyone had access to the DRM device, they could scrape the X frontbuffer!" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 818 bytes Desc: not available URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20160610/f9faf757/attachment.sig>
