diff options
author | Emil Velikov <emil.velikov@collabora.com> | 2020-03-19 18:29:29 +0100 |
---|---|---|
committer | Emil Velikov <emil.l.velikov@gmail.com> | 2020-03-30 13:20:32 +0200 |
commit | 45bc3d26c95a8fc63a7d8668ca9e57ef0883351c (patch) | |
tree | 2b8b7a32df9762d6a9025fd4ab6d9d6f7c920358 /include/drm/drm_file.h | |
parent | drm/radeon: convert to use i2c_new_client_device() (diff) | |
download | linux-45bc3d26c95a8fc63a7d8668ca9e57ef0883351c.tar.xz linux-45bc3d26c95a8fc63a7d8668ca9e57ef0883351c.zip |
drm: rework SET_MASTER and DROP_MASTER perm handling
This commit reworks the permission handling of the two ioctls. In
particular it enforced the CAP_SYS_ADMIN check only, if:
- we're issuing the ioctl from process other than the one which opened
the node, and
- we are, or were master in the past
This ensures that we:
- do not regress the systemd-logind style of DRM_MASTER arbitrator
- allow applications which do not use systemd-logind to drop their
master capabilities (and regain them at later point) ... w/o running as
root.
See the comment above drm_master_check_perm() for more details.
v1:
- Tweak wording, fixup all checks, add igt test
v2:
- Add a few more comments, grammar nitpicks.
Cc: Adam Jackson <ajax@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Pekka Paalanen <ppaalanen@gmail.com>
Testcase: igt/core_setmaster/master-drop-set-user
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200319172930.230583-1-emil.l.velikov@gmail.com
Diffstat (limited to 'include/drm/drm_file.h')
-rw-r--r-- | include/drm/drm_file.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index 19df8028a6c4..c4746c9d3619 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -202,6 +202,17 @@ struct drm_file { bool writeback_connectors; /** + * @was_master: + * + * This client has or had, master capability. Protected by struct + * &drm_device.master_mutex. + * + * This is used to ensure that CAP_SYS_ADMIN is not enforced, if the + * client is or was master in the past. + */ + bool was_master; + + /** * @is_master: * * This client is the creator of @master. Protected by struct |