lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 02 Apr 2017 09:37:16 -0700
From:   Keith Packard <keithp@...thp.com>
To:     Daniel Vetter <daniel@...ll.ch>
Cc:     linux-kernel@...r.kernel.org, Dave Airlie <airlied@...hat.com>,
        dri-devel@...ts.freedesktop.org
Subject: Re: [PATCH 3/4] drm: Check mode object lease status in all master ioctl paths

Daniel Vetter <daniel@...ll.ch> writes:

> I think it'd be good if we could consolidate all the lease checking into
> drm_mode_object_find (respectively __drm_mode_object_find). We'd need to
> wire up the fpriv to be able to do that, but we could upstream that patch
> right away before anything else. That should take care of most of the
> checks in this patch here.

That's a good idea.

> There's a few things on top:
> - filtering the various bitmasks. I think you have most, but we could
>   perhaps upstream the helpers for these.

Yeah, would be nice to get hooks in place soon to avoid rebase
adventures later. I guess that would involve shipping a stub drm_lease.h
for now?

> - filtering object lists (essentially getresources and getplanes ioctls).
> - filtering implicit objects in the legacy ioctl. E.g. page_flip done
>   through atomic doesn't just need the CRTC id, but also the id of the
>   primary plane plus of the FB_ID atomic property. Similarly for all the
>   other legacy ioctls. I think we want to make sure there's no difference
>   here in behaviour.

Oh, all of the implicit resource access from the legacy ioctls. Yeah,
that will take a bit of research to identify all of them.

> Especially for the last one it might be simplest to outright disallow all
> legacy ioctl and require that sub-drm_master nodes only get access to the
> read-only GET* ioctl (they get that anyway, even when they're not the
> current master), plus atomic. Makes it a _lot_ easier to implement.
> Downside is that amdgpu _really_ needs to land atomic asap :-)

I'd like to avoid that particular dependency as amdgpu is something of a
requirement for this particular project...

I'll get started fixing the lease checking stuff to try and centralize it.

-- 
-keith

Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists