git.kernel.dk Git - linux-2.6-block.git/commit

author	Emil Velikov <emil.velikov@collabora.com>
	Thu, 19 Mar 2020 17:29:29 +0000 (17:29 +0000)
committer	Emil Velikov <emil.l.velikov@gmail.com>
	Mon, 30 Mar 2020 11:20:32 +0000 (12:20 +0100)
commit	45bc3d26c95a8fc63a7d8668ca9e57ef0883351c
tree	2b8b7a32df9762d6a9025fd4ab6d9d6f7c920358	tree \| snapshot
parent	c7ccc1b783681722638ec0c432908f69d197303a	commit \| diff

drm: rework SET_MASTER and DROP_MASTER perm handling

This commit reworks the permission handling of the two ioctls. In
particular it enforced the CAP_SYS_ADMIN check only, if:
- we're issuing the ioctl from process other than the one which opened
the node, and
- we are, or were master in the past

This ensures that we:
- do not regress the systemd-logind style of DRM_MASTER arbitrator
- allow applications which do not use systemd-logind to drop their
master capabilities (and regain them at later point) ... w/o running as
root.

See the comment above drm_master_check_perm() for more details.

v1:
- Tweak wording, fixup all checks, add igt test

v2:
- Add a few more comments, grammar nitpicks.

Cc: Adam Jackson <ajax@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Pekka Paalanen <ppaalanen@gmail.com>
Testcase: igt/core_setmaster/master-drop-set-user
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200319172930.230583-1-emil.l.velikov@gmail.com

drivers/gpu/drm/drm_auth.c		diff \| blob \| blame \| history
drivers/gpu/drm/drm_ioctl.c		diff \| blob \| blame \| history
include/drm/drm_file.h		diff \| blob \| blame \| history