Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Created: Tue Feb 2 08:37:54 1999 by faith@valinux.com | |
3 | * | |
4 | * Copyright 1999 Precision Insight, Inc., Cedar Park, Texas. | |
5 | * Copyright 2000 VA Linux Systems, Inc., Sunnyvale, California. | |
6 | * All Rights Reserved. | |
7 | * | |
32e7b94a DH |
8 | * Author Rickard E. (Rik) Faith <faith@valinux.com> |
9 | * Author Gareth Hughes <gareth@valinux.com> | |
10 | * | |
1da177e4 LT |
11 | * Permission is hereby granted, free of charge, to any person obtaining a |
12 | * copy of this software and associated documentation files (the "Software"), | |
13 | * to deal in the Software without restriction, including without limitation | |
14 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, | |
15 | * and/or sell copies of the Software, and to permit persons to whom the | |
16 | * Software is furnished to do so, subject to the following conditions: | |
17 | * | |
18 | * The above copyright notice and this permission notice (including the next | |
19 | * paragraph) shall be included in all copies or substantial portions of the | |
20 | * Software. | |
21 | * | |
22 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
23 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
24 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
25 | * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR | |
26 | * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | |
27 | * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | |
28 | * OTHER DEALINGS IN THE SOFTWARE. | |
29 | */ | |
30 | ||
0500c04e SR |
31 | #include <linux/slab.h> |
32 | ||
33 | #include <drm/drm_auth.h> | |
34 | #include <drm/drm_drv.h> | |
35 | #include <drm/drm_file.h> | |
36 | #include <drm/drm_lease.h> | |
37 | #include <drm/drm_print.h> | |
38 | ||
67d0ec4e | 39 | #include "drm_internal.h" |
1da177e4 | 40 | |
1da177e4 | 41 | /** |
3b96a0b1 | 42 | * DOC: master and authentication |
1da177e4 | 43 | * |
ea0dd85a | 44 | * &struct drm_master is used to track groups of clients with open |
2722ac1c | 45 | * primary device nodes. For every &struct drm_file which has had at |
3b96a0b1 DV |
46 | * least once successfully became the device master (either through the |
47 | * SET_MASTER IOCTL, or implicitly through opening the primary device node when | |
48 | * no one else is the current master that time) there exists one &drm_master. | |
ef40cbf9 DV |
49 | * This is noted in &drm_file.is_master. All other clients have just a pointer |
50 | * to the &drm_master they are associated with. | |
1da177e4 | 51 | * |
3b96a0b1 DV |
52 | * In addition only one &drm_master can be the current master for a &drm_device. |
53 | * It can be switched through the DROP_MASTER and SET_MASTER IOCTL, or | |
0ae865ef | 54 | * implicitly through closing/opening the primary device node. See also |
3b96a0b1 DV |
55 | * drm_is_current_master(). |
56 | * | |
57 | * Clients can authenticate against the current master (if it matches their own) | |
58 | * using the GETMAGIC and AUTHMAGIC IOCTLs. Together with exchanging masters, | |
59 | * this allows controlled access to the device for an entire group of mutually | |
60 | * trusted clients. | |
1da177e4 | 61 | */ |
3b96a0b1 | 62 | |
1f7ef07c DCZX |
63 | static bool drm_is_current_master_locked(struct drm_file *fpriv) |
64 | { | |
649839d7 DCZX |
65 | lockdep_assert_once(lockdep_is_held(&fpriv->master_lookup_lock) || |
66 | lockdep_is_held(&fpriv->minor->dev->master_mutex)); | |
67 | ||
1f7ef07c DCZX |
68 | return fpriv->is_master && drm_lease_owner(fpriv->master) == fpriv->minor->dev->master; |
69 | } | |
70 | ||
71 | /** | |
72 | * drm_is_current_master - checks whether @priv is the current master | |
73 | * @fpriv: DRM file private | |
74 | * | |
75 | * Checks whether @fpriv is current master on its device. This decides whether a | |
76 | * client is allowed to run DRM_MASTER IOCTLs. | |
77 | * | |
78 | * Most of the modern IOCTL which require DRM_MASTER are for kernel modesetting | |
79 | * - the current master is assumed to own the non-shareable display hardware. | |
80 | */ | |
81 | bool drm_is_current_master(struct drm_file *fpriv) | |
82 | { | |
83 | bool ret; | |
84 | ||
28be2405 | 85 | spin_lock(&fpriv->master_lookup_lock); |
1f7ef07c | 86 | ret = drm_is_current_master_locked(fpriv); |
28be2405 | 87 | spin_unlock(&fpriv->master_lookup_lock); |
1f7ef07c DCZX |
88 | |
89 | return ret; | |
90 | } | |
91 | EXPORT_SYMBOL(drm_is_current_master); | |
92 | ||
c153f45f | 93 | int drm_getmagic(struct drm_device *dev, void *data, struct drm_file *file_priv) |
1da177e4 | 94 | { |
c153f45f | 95 | struct drm_auth *auth = data; |
32e7b94a | 96 | int ret = 0; |
1da177e4 | 97 | |
d2b34ee6 | 98 | mutex_lock(&dev->master_mutex); |
32e7b94a DH |
99 | if (!file_priv->magic) { |
100 | ret = idr_alloc(&file_priv->master->magic_map, file_priv, | |
101 | 1, 0, GFP_KERNEL); | |
102 | if (ret >= 0) | |
103 | file_priv->magic = ret; | |
1da177e4 | 104 | } |
32e7b94a | 105 | auth->magic = file_priv->magic; |
d2b34ee6 | 106 | mutex_unlock(&dev->master_mutex); |
1da177e4 | 107 | |
6e22dc35 | 108 | drm_dbg_core(dev, "%u\n", auth->magic); |
c153f45f | 109 | |
32e7b94a | 110 | return ret < 0 ? ret : 0; |
1da177e4 LT |
111 | } |
112 | ||
c153f45f EA |
113 | int drm_authmagic(struct drm_device *dev, void *data, |
114 | struct drm_file *file_priv) | |
1da177e4 | 115 | { |
c153f45f | 116 | struct drm_auth *auth = data; |
84b1fd10 | 117 | struct drm_file *file; |
1da177e4 | 118 | |
6e22dc35 | 119 | drm_dbg_core(dev, "%u\n", auth->magic); |
32e7b94a | 120 | |
d2b34ee6 | 121 | mutex_lock(&dev->master_mutex); |
32e7b94a DH |
122 | file = idr_find(&file_priv->master->magic_map, auth->magic); |
123 | if (file) { | |
1da177e4 | 124 | file->authenticated = 1; |
32e7b94a | 125 | idr_replace(&file_priv->master->magic_map, NULL, auth->magic); |
1da177e4 | 126 | } |
d2b34ee6 | 127 | mutex_unlock(&dev->master_mutex); |
32e7b94a DH |
128 | |
129 | return file ? 0 : -EINVAL; | |
1da177e4 | 130 | } |
6548f4e7 | 131 | |
2ed077e4 | 132 | struct drm_master *drm_master_create(struct drm_device *dev) |
6548f4e7 DV |
133 | { |
134 | struct drm_master *master; | |
135 | ||
136 | master = kzalloc(sizeof(*master), GFP_KERNEL); | |
137 | if (!master) | |
138 | return NULL; | |
139 | ||
140 | kref_init(&master->refcount); | |
a49afeb4 | 141 | idr_init_base(&master->magic_map, 1); |
6548f4e7 DV |
142 | master->dev = dev; |
143 | ||
2ed077e4 | 144 | /* initialize the tree of output resource lessees */ |
2ed077e4 KP |
145 | INIT_LIST_HEAD(&master->lessees); |
146 | INIT_LIST_HEAD(&master->lessee_list); | |
147 | idr_init(&master->leases); | |
3a6acb7d | 148 | idr_init_base(&master->lessee_idr, 1); |
2ed077e4 | 149 | |
6548f4e7 DV |
150 | return master; |
151 | } | |
152 | ||
907f5320 EV |
153 | static void drm_set_master(struct drm_device *dev, struct drm_file *fpriv, |
154 | bool new_master) | |
d6ed682e | 155 | { |
d6ed682e | 156 | dev->master = drm_master_get(fpriv->master); |
907f5320 EV |
157 | if (dev->driver->master_set) |
158 | dev->driver->master_set(dev, fpriv, new_master); | |
d6ed682e | 159 | |
907f5320 | 160 | fpriv->was_master = true; |
d6ed682e DV |
161 | } |
162 | ||
2cbae7e6 | 163 | static int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv) |
6548f4e7 DV |
164 | { |
165 | struct drm_master *old_master; | |
0b0860a3 | 166 | struct drm_master *new_master; |
6548f4e7 DV |
167 | |
168 | lockdep_assert_held_once(&dev->master_mutex); | |
169 | ||
23a336b3 | 170 | WARN_ON(fpriv->is_master); |
6548f4e7 | 171 | old_master = fpriv->master; |
0b0860a3 DCZX |
172 | new_master = drm_master_create(dev); |
173 | if (!new_master) | |
d6ed682e | 174 | return -ENOMEM; |
0b0860a3 DCZX |
175 | spin_lock(&fpriv->master_lookup_lock); |
176 | fpriv->master = new_master; | |
177 | spin_unlock(&fpriv->master_lookup_lock); | |
6548f4e7 | 178 | |
0aae5920 | 179 | fpriv->is_master = 1; |
6548f4e7 | 180 | fpriv->authenticated = 1; |
d6ed682e | 181 | |
907f5320 | 182 | drm_set_master(dev, fpriv, true); |
d6ed682e | 183 | |
6548f4e7 DV |
184 | if (old_master) |
185 | drm_master_put(&old_master); | |
186 | ||
187 | return 0; | |
6548f4e7 DV |
188 | } |
189 | ||
45bc3d26 EV |
190 | /* |
191 | * In the olden days the SET/DROP_MASTER ioctls used to return EACCES when | |
192 | * CAP_SYS_ADMIN was not set. This was used to prevent rogue applications | |
193 | * from becoming master and/or failing to release it. | |
194 | * | |
195 | * At the same time, the first client (for a given VT) is _always_ master. | |
196 | * Thus in order for the ioctls to succeed, one had to _explicitly_ run the | |
197 | * application as root or flip the setuid bit. | |
198 | * | |
199 | * If the CAP_SYS_ADMIN was missing, no other client could become master... | |
200 | * EVER :-( Leading to a) the graphics session dying badly or b) a completely | |
201 | * locked session. | |
202 | * | |
203 | * | |
204 | * As some point systemd-logind was introduced to orchestrate and delegate | |
205 | * master as applicable. It does so by opening the fd and passing it to users | |
206 | * while in itself logind a) does the set/drop master per users' request and | |
207 | * b) * implicitly drops master on VT switch. | |
208 | * | |
209 | * Even though logind looks like the future, there are a few issues: | |
210 | * - some platforms don't have equivalent (Android, CrOS, some BSDs) so | |
211 | * root is required _solely_ for SET/DROP MASTER. | |
212 | * - applications may not be updated to use it, | |
213 | * - any client which fails to drop master* can DoS the application using | |
214 | * logind, to a varying degree. | |
215 | * | |
216 | * * Either due missing CAP_SYS_ADMIN or simply not calling DROP_MASTER. | |
217 | * | |
218 | * | |
219 | * Here we implement the next best thing: | |
220 | * - ensure the logind style of fd passing works unchanged, and | |
221 | * - allow a client to drop/set master, iff it is/was master at a given point | |
222 | * in time. | |
223 | * | |
224 | * Note: DROP_MASTER cannot be free for all, as an arbitrator user could: | |
225 | * - DoS/crash the arbitrator - details would be implementation specific | |
226 | * - open the node, become master implicitly and cause issues | |
227 | * | |
228 | * As a result this fixes the following when using root-less build w/o logind | |
229 | * - startx | |
230 | * - weston | |
231 | * - various compositors based on wlroots | |
232 | */ | |
233 | static int | |
234 | drm_master_check_perm(struct drm_device *dev, struct drm_file *file_priv) | |
235 | { | |
1c7a387f | 236 | if (file_priv->was_master && |
5a6c9a05 | 237 | rcu_access_pointer(file_priv->pid) == task_tgid(current)) |
45bc3d26 EV |
238 | return 0; |
239 | ||
240 | if (!capable(CAP_SYS_ADMIN)) | |
241 | return -EACCES; | |
242 | ||
243 | return 0; | |
244 | } | |
245 | ||
6548f4e7 DV |
246 | int drm_setmaster_ioctl(struct drm_device *dev, void *data, |
247 | struct drm_file *file_priv) | |
248 | { | |
264ddd07 | 249 | int ret; |
6548f4e7 DV |
250 | |
251 | mutex_lock(&dev->master_mutex); | |
45bc3d26 EV |
252 | |
253 | ret = drm_master_check_perm(dev, file_priv); | |
254 | if (ret) | |
255 | goto out_unlock; | |
256 | ||
1f7ef07c | 257 | if (drm_is_current_master_locked(file_priv)) |
6548f4e7 DV |
258 | goto out_unlock; |
259 | ||
95c081c1 | 260 | if (dev->master) { |
2bf99b22 | 261 | ret = -EBUSY; |
6548f4e7 DV |
262 | goto out_unlock; |
263 | } | |
264 | ||
265 | if (!file_priv->master) { | |
266 | ret = -EINVAL; | |
267 | goto out_unlock; | |
268 | } | |
269 | ||
0aae5920 | 270 | if (!file_priv->is_master) { |
6548f4e7 DV |
271 | ret = drm_new_set_master(dev, file_priv); |
272 | goto out_unlock; | |
273 | } | |
274 | ||
2ed077e4 | 275 | if (file_priv->master->lessor != NULL) { |
6e22dc35 CS |
276 | drm_dbg_lease(dev, |
277 | "Attempt to set lessee %d as master\n", | |
278 | file_priv->master->lessee_id); | |
2ed077e4 KP |
279 | ret = -EINVAL; |
280 | goto out_unlock; | |
281 | } | |
282 | ||
907f5320 | 283 | drm_set_master(dev, file_priv, false); |
6548f4e7 DV |
284 | out_unlock: |
285 | mutex_unlock(&dev->master_mutex); | |
286 | return ret; | |
287 | } | |
288 | ||
d6ed682e DV |
289 | static void drm_drop_master(struct drm_device *dev, |
290 | struct drm_file *fpriv) | |
291 | { | |
292 | if (dev->driver->master_drop) | |
293 | dev->driver->master_drop(dev, fpriv); | |
294 | drm_master_put(&dev->master); | |
d6ed682e DV |
295 | } |
296 | ||
6548f4e7 DV |
297 | int drm_dropmaster_ioctl(struct drm_device *dev, void *data, |
298 | struct drm_file *file_priv) | |
299 | { | |
2217d3bc | 300 | int ret; |
6548f4e7 DV |
301 | |
302 | mutex_lock(&dev->master_mutex); | |
45bc3d26 EV |
303 | |
304 | ret = drm_master_check_perm(dev, file_priv); | |
305 | if (ret) | |
306 | goto out_unlock; | |
307 | ||
1f7ef07c | 308 | if (!drm_is_current_master_locked(file_priv)) { |
264ddd07 | 309 | ret = -EINVAL; |
6548f4e7 | 310 | goto out_unlock; |
264ddd07 | 311 | } |
6548f4e7 | 312 | |
264ddd07 EV |
313 | if (!dev->master) { |
314 | ret = -EINVAL; | |
6548f4e7 | 315 | goto out_unlock; |
264ddd07 | 316 | } |
6548f4e7 | 317 | |
761e05a7 | 318 | if (file_priv->master->lessor != NULL) { |
6e22dc35 CS |
319 | drm_dbg_lease(dev, |
320 | "Attempt to drop lessee %d as master\n", | |
321 | file_priv->master->lessee_id); | |
761e05a7 KP |
322 | ret = -EINVAL; |
323 | goto out_unlock; | |
324 | } | |
325 | ||
d6ed682e | 326 | drm_drop_master(dev, file_priv); |
6548f4e7 DV |
327 | out_unlock: |
328 | mutex_unlock(&dev->master_mutex); | |
329 | return ret; | |
330 | } | |
331 | ||
2cbae7e6 DV |
332 | int drm_master_open(struct drm_file *file_priv) |
333 | { | |
334 | struct drm_device *dev = file_priv->minor->dev; | |
335 | int ret = 0; | |
336 | ||
337 | /* if there is no current master make this fd it, but do not create | |
d00e3d9e BMC |
338 | * any master object for render clients |
339 | */ | |
2cbae7e6 | 340 | mutex_lock(&dev->master_mutex); |
0b0860a3 | 341 | if (!dev->master) { |
2cbae7e6 | 342 | ret = drm_new_set_master(dev, file_priv); |
0b0860a3 DCZX |
343 | } else { |
344 | spin_lock(&file_priv->master_lookup_lock); | |
95c081c1 | 345 | file_priv->master = drm_master_get(dev->master); |
0b0860a3 DCZX |
346 | spin_unlock(&file_priv->master_lookup_lock); |
347 | } | |
2cbae7e6 DV |
348 | mutex_unlock(&dev->master_mutex); |
349 | ||
350 | return ret; | |
351 | } | |
352 | ||
14d71ebd DV |
353 | void drm_master_release(struct drm_file *file_priv) |
354 | { | |
355 | struct drm_device *dev = file_priv->minor->dev; | |
c336a5ee | 356 | struct drm_master *master; |
14d71ebd | 357 | |
d2b34ee6 | 358 | mutex_lock(&dev->master_mutex); |
c336a5ee | 359 | master = file_priv->master; |
a77316bf DV |
360 | if (file_priv->magic) |
361 | idr_remove(&file_priv->master->magic_map, file_priv->magic); | |
a77316bf | 362 | |
1f7ef07c | 363 | if (!drm_is_current_master_locked(file_priv)) |
0de4cc99 | 364 | goto out; |
14d71ebd | 365 | |
d6ed682e DV |
366 | if (dev->master == file_priv->master) |
367 | drm_drop_master(dev, file_priv); | |
0de4cc99 | 368 | out: |
2ed077e4 KP |
369 | if (drm_core_check_feature(dev, DRIVER_MODESET) && file_priv->is_master) { |
370 | /* Revoke any leases held by this or lessees, but only if | |
371 | * this is the "real" master | |
372 | */ | |
373 | drm_lease_revoke(master); | |
374 | } | |
375 | ||
14d71ebd DV |
376 | /* drop the master reference held by the file priv */ |
377 | if (file_priv->master) | |
378 | drm_master_put(&file_priv->master); | |
14d71ebd DV |
379 | mutex_unlock(&dev->master_mutex); |
380 | } | |
381 | ||
3b96a0b1 DV |
382 | /** |
383 | * drm_master_get - reference a master pointer | |
ea0dd85a | 384 | * @master: &struct drm_master |
3b96a0b1 DV |
385 | * |
386 | * Increments the reference count of @master and returns a pointer to @master. | |
387 | */ | |
6548f4e7 DV |
388 | struct drm_master *drm_master_get(struct drm_master *master) |
389 | { | |
390 | kref_get(&master->refcount); | |
391 | return master; | |
392 | } | |
393 | EXPORT_SYMBOL(drm_master_get); | |
394 | ||
56f0729a DCZX |
395 | /** |
396 | * drm_file_get_master - reference &drm_file.master of @file_priv | |
397 | * @file_priv: DRM file private | |
398 | * | |
399 | * Increments the reference count of @file_priv's &drm_file.master and returns | |
400 | * the &drm_file.master. If @file_priv has no &drm_file.master, returns NULL. | |
401 | * | |
402 | * Master pointers returned from this function should be unreferenced using | |
403 | * drm_master_put(). | |
404 | */ | |
405 | struct drm_master *drm_file_get_master(struct drm_file *file_priv) | |
406 | { | |
407 | struct drm_master *master = NULL; | |
408 | ||
409 | spin_lock(&file_priv->master_lookup_lock); | |
410 | if (!file_priv->master) | |
411 | goto unlock; | |
412 | master = drm_master_get(file_priv->master); | |
413 | ||
414 | unlock: | |
415 | spin_unlock(&file_priv->master_lookup_lock); | |
416 | return master; | |
417 | } | |
418 | EXPORT_SYMBOL(drm_file_get_master); | |
419 | ||
6548f4e7 DV |
420 | static void drm_master_destroy(struct kref *kref) |
421 | { | |
422 | struct drm_master *master = container_of(kref, struct drm_master, refcount); | |
423 | struct drm_device *dev = master->dev; | |
424 | ||
2ed077e4 KP |
425 | if (drm_core_check_feature(dev, DRIVER_MODESET)) |
426 | drm_lease_destroy(master); | |
427 | ||
6548f4e7 | 428 | idr_destroy(&master->magic_map); |
2ed077e4 KP |
429 | idr_destroy(&master->leases); |
430 | idr_destroy(&master->lessee_idr); | |
431 | ||
6548f4e7 DV |
432 | kfree(master->unique); |
433 | kfree(master); | |
434 | } | |
435 | ||
3b96a0b1 DV |
436 | /** |
437 | * drm_master_put - unreference and clear a master pointer | |
ea0dd85a | 438 | * @master: pointer to a pointer of &struct drm_master |
3b96a0b1 DV |
439 | * |
440 | * This decrements the &drm_master behind @master and sets it to NULL. | |
441 | */ | |
6548f4e7 DV |
442 | void drm_master_put(struct drm_master **master) |
443 | { | |
444 | kref_put(&(*master)->refcount, drm_master_destroy); | |
445 | *master = NULL; | |
446 | } | |
447 | EXPORT_SYMBOL(drm_master_put); | |
03a9606e NT |
448 | |
449 | /* Used by drm_client and drm_fb_helper */ | |
450 | bool drm_master_internal_acquire(struct drm_device *dev) | |
451 | { | |
452 | mutex_lock(&dev->master_mutex); | |
453 | if (dev->master) { | |
454 | mutex_unlock(&dev->master_mutex); | |
455 | return false; | |
456 | } | |
457 | ||
458 | return true; | |
459 | } | |
460 | EXPORT_SYMBOL(drm_master_internal_acquire); | |
461 | ||
462 | /* Used by drm_client and drm_fb_helper */ | |
463 | void drm_master_internal_release(struct drm_device *dev) | |
464 | { | |
465 | mutex_unlock(&dev->master_mutex); | |
466 | } | |
467 | EXPORT_SYMBOL(drm_master_internal_release); |