lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20170429060702.6656-1-keithp@keithp.com>
Date:   Fri, 28 Apr 2017 23:06:57 -0700
From:   Keith Packard <keithp@...thp.com>
To:     linux-kernel@...r.kernel.org, Dave Airlie <airlied@...hat.com>,
        Daniel Vetter <daniel@...ll.ch>
Cc:     Keith Packard <keithp@...thp.com>, dri-devel@...ts.freedesktop.org
Subject: [PATCH 0/5] drm: Add mode resource leasing [v2]

Here's a second try at mode resource leasing. The differences from v1
are mostly deleting functionality that isn't currently useful.

There are no more sub-leases; there's the owner, the owner is the only
lessor and so the only one who can create leases and hand those out.

The lessor can now manipulate all of the resources without
restriction. It's up to user space to enforce whatever access control
it wants.

The lessee can no longer see any resources other than those in the
lease. This was a bit tricky as there are various indices into the
reported arrays of objects in the form of masks.

The query ioctls no longer take lessor or lessee ids; you can query
the leases you have granted or query the list of resources in your own
lease. The X server uses the former to figure out when lessees close
their DRM file and terminate a lease. As I write this, I'm wondering
if that latter operation is actually useful though. If not, we can rip
that ioctl out easily enough.

As suggested by Daniel Vetter, the first patch changes the API to
__drm_mode_object_find to include a relevant struct drm_file * pointer
so that function can perform any necessary per-file access
control. When there isn't a suitable pointer, NULL is passed instead,
which is a proxy for the origin DRM master. For leases, this means
that no lease permissions checking is done. This is why there are now
5 patches instead of the original 4.

Thanks again to everyone who commented on the mailing list or on IRC;
I'm pretty happy with the current functionality; I've got kmscube
leasing resources from the X server this evening.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ