Code Review / AGL / meta-agl-devel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 2466346)
drm-lease: RPi4: Disable DRM_AUTH checks on wayland_clients 05/27405/1
authorDamian Hobson-Garcia <dhobsong@igel.co.jp>
Thu, 14 Apr 2022 09:31:29 +0000 (18:31 +0900)
committerDamian Hobson-Garcia <dhobsong@igel.co.jp>
Tue, 26 Apr 2022 06:37:59 +0000 (15:37 +0900)
DRM authentication does not work via a DRM Leases because the client
can only authenticate against a lease owner (primary node), since
the lease does not have a corresponding device file in the filesystem
for clients to open.

Bypassing DRM authentication by using render nodes is not yet fully
supported in mesa, so for now, just try to authenticate and
continue even if it fails. Also remove the DRM_AUTH permissions
checks in the kernel for the necessary ioctls.

The DRM_AUTH checks for buffer import/export have
been removed in upstream kernels >= Linux 5.6, so just backport
that part of the implementation.

Bug-AGL: SPEC-4317

Change-Id: Ie6c82162037964da697d3ece80a8c463980d2658
Signed-off-by: Damian Hobson-Garcia <dhobsong@igel.co.jp>
meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa/0001-Workaround-Disable-DRM_AUTH-checks-on-wayland-protocols.patch [new file with mode: 0644] patch | blob
meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa_20.0.2.bbappend [new file with mode: 0644] patch | blob
meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-drm-drop-DRM_AUTH-from-PRIME_TO-FROM_HANDLE-ioctls.patch [new file with mode: 0644] patch | blob
meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4.bbappend [new file with mode: 0644] patch | blob

diff --git a/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa/0001-Workaround-Disable-DRM_AUTH-checks-on-wayland-protocols.patch b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa/0001-Workaround-Disable-DRM_AUTH-checks-on-wayland-protocols.patch
new file mode 100644 (file)
index 0000000..f6be51e
--- /dev/null
+++ b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa/0001-Workaround-Disable-DRM_AUTH-checks-on-wayland-protocols.patch
@@ -0,0 +1,42 @@
+From f583672221b8451d03f739bc96428e97809d021a Mon Sep 17 00:00:00 2001
+From: Damian Hobson-Garcia <dhobsong@igel.co.jp>
+Date: Tue, 5 Apr 2022 18:09:02 +0900
+Subject: [PATCH] Workaround: Disable DRM_AUTH check on wayland protocols
+
+DRM authentication does not work via a DRM Leases because the client
+can only authenticate against a lease owner (primary node), since
+the lease does not have a corresponding device file in the filesystem
+for clients to open.
+
+The wl_drm protocol needs authentication to import/export prime fds
+on kernel versions < 5.6.  For newer kernel versions, prime
+import/export no longer requires DRM_AUTH, so processing can proceed
+even if DRM authentication fails.
+
+A proper implementation would check if the device is actually a
+DRM lease and/or whether the import/export can succeed without
+authentication.  For now, just try to authenticate and ignore
+any failures.
+---
+ src/egl/drivers/dri2/platform_drm.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/egl/drivers/dri2/platform_drm.c b/src/egl/drivers/dri2/platform_drm.c
+index d0ab172..260a2c6 100644
+--- a/src/egl/drivers/dri2/platform_drm.c
++++ b/src/egl/drivers/dri2/platform_drm.c
+@@ -508,7 +508,10 @@ dri2_drm_authenticate(_EGLDisplay *disp, uint32_t id)
+ {
+    struct dri2_egl_display *dri2_dpy = dri2_egl_display(disp);
+-   return drmAuthMagic(dri2_dpy->fd, id);
++   /* WORKAROUND: Ignore DRM_AUTH failures.  Ideally should only be done for
++      clienits coming through a DRM lease, but just make it global for now */
++   drmAuthMagic(dri2_dpy->fd, id);
++   return 0;
+ }
+ static void
+-- 
+2.17.1
+
diff --git a/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa_20.0.2.bbappend b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa_20.0.2.bbappend
new file mode 100644 (file)
index 0000000..15e3aeb
--- /dev/null
+++ b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-graphics/mesa/mesa_20.0.2.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://0001-Workaround-Disable-DRM_AUTH-checks-on-wayland-protocols.patch"
+
diff --git a/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-drm-drop-DRM_AUTH-from-PRIME_TO-FROM_HANDLE-ioctls.patch b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-drm-drop-DRM_AUTH-from-PRIME_TO-FROM_HANDLE-ioctls.patch
new file mode 100644 (file)
index 0000000..f489021
--- /dev/null
+++ b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi/0001-drm-drop-DRM_AUTH-from-PRIME_TO-FROM_HANDLE-ioctls.patch
@@ -0,0 +1,44 @@
+From 30a958526d2cc6df38347336a602479d048d92e7 Mon Sep 17 00:00:00 2001
+From: Emil Velikov <emil.velikov@collabora.com>
+Date: Fri, 1 Nov 2019 13:03:13 +0000
+Subject: [PATCH] drm: drop DRM_AUTH from PRIME_TO/FROM_HANDLE ioctls
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As mentioned by Christian, for drivers which support only primary nodes
+this changes the returned error from -EACCES into -EOPNOTSUPP/-ENOSYS.
+
+For others, this check in particular will be a noop. So let's remove it
+as suggested by Christian.
+
+Cc: Alex Deucher <alexander.deucher@amd.com>
+Cc: amd-gfx@lists.freedesktop.org
+Cc: Daniel Vetter <daniel@ffwll.ch>
+Cc: Sean Paul <sean@poorly.run>
+Acked-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Link: https://patchwork.freedesktop.org/patch/msgid/20191101130313.8862-5-emil.l.velikov@gmail.com
+---
+ drivers/gpu/drm/drm_ioctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
+index fcd728d7cf72..5afb39688b55 100644
+--- a/drivers/gpu/drm/drm_ioctl.c
++++ b/drivers/gpu/drm/drm_ioctl.c
+@@ -652,8 +652,8 @@ static const struct drm_ioctl_desc drm_ioctls[] = {
+       DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETRESOURCES, drm_mode_getresources, 0),
+-      DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
+-      DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
++      DRM_IOCTL_DEF(DRM_IOCTL_PRIME_HANDLE_TO_FD, drm_prime_handle_to_fd_ioctl, DRM_RENDER_ALLOW),
++      DRM_IOCTL_DEF(DRM_IOCTL_PRIME_FD_TO_HANDLE, drm_prime_fd_to_handle_ioctl, DRM_RENDER_ALLOW),
+       DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETPLANERESOURCES, drm_mode_getplane_res, 0),
+       DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETCRTC, drm_mode_getcrtc, 0),
+-- 
+2.17.1
+
diff --git a/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4.bbappend b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4.bbappend
new file mode 100644 (file)
index 0000000..b16cec0
--- /dev/null
+++ b/meta-agl-drm-lease/dynamic-layers/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4.bbappend
@@ -0,0 +1,3 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://0001-drm-drop-DRM_AUTH-from-PRIME_TO-FROM_HANDLE-ioctls.patch"
meta-agl-devel (Development and Community BSPs)