/* * Copyright 2015 David Herrmann * Copyright 2018 Collabora, Ltd * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice (including the next * paragraph) shall be included in all copies or substantial portions of the * Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS * IN THE SOFTWARE. */ /* * Testcase: drmGetMagic() and drmAuthMagic() */ #include "igt.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "drm.h" #ifndef __linux__ # include #endif IGT_TEST_DESCRIPTION("Call drmGetMagic() and drmAuthMagic() and see if it behaves."); static bool is_local_tid(pid_t tid) { #ifndef __linux__ return pthread_self() == tid; #else /* On Linux systems, drmGetClient() would return the thread ID instead of the actual process ID */ return gettid() == tid; #endif } static bool check_auth(int fd) { pid_t client_pid; int i, auth, pid, uid; unsigned long magic, iocs; bool is_authenticated = false; client_pid = getpid(); for (i = 0; !is_authenticated; i++) { if (drmGetClient(fd, i, &auth, &pid, &uid, &magic, &iocs) != 0) break; is_authenticated = auth && (pid == client_pid || is_local_tid(pid)); } return is_authenticated; } static int magic_cmp(const void *p1, const void *p2) { return *(const drm_magic_t*)p1 < *(const drm_magic_t*)p2; } static void test_many_magics(int master) { drm_magic_t magic, *magics = NULL; unsigned int i, j, ns, allocated = 0; char path[512]; int *fds = NULL, slave; struct rlimit fd_limit; do_or_die(getrlimit(RLIMIT_NOFILE, &fd_limit)); fd_limit.rlim_cur = 1024; do_or_die(setrlimit(RLIMIT_NOFILE, &fd_limit)); sprintf(path, "/proc/self/fd/%d", master); for (i = 0; ; ++i) { /* open slave and make sure it's NOT a master */ slave = open(path, O_RDWR | O_CLOEXEC); if (slave < 0) { igt_info("Reopening device failed after %d opens\n", i); igt_assert(errno == EMFILE); break; } igt_assert(drmSetMaster(slave) < 0); /* resize magic-map */ if (i >= allocated) { ns = allocated * 2; igt_assert(ns >= allocated); if (!ns) ns = 128; magics = realloc(magics, sizeof(*magics) * ns); igt_assert(magics); fds = realloc(fds, sizeof(*fds) * ns); igt_assert(fds); allocated = ns; } /* insert magic */ igt_assert(drmGetMagic(slave, &magic) == 0); igt_assert(magic > 0); magics[i] = magic; fds[i] = slave; } /* make sure we could at least open a reasonable number of files */ igt_assert(i > 128); /* * We cannot open the DRM file anymore. Lets sort the magic-map and * verify no magic was used multiple times. */ qsort(magics, i, sizeof(*magics), magic_cmp); for (j = 1; j < i; ++j) igt_assert(magics[j] != magics[j - 1]); /* make sure we can authenticate all of them */ for (j = 0; j < i; ++j) igt_assert(drmAuthMagic(master, magics[j]) == 0); /* close files again */ for (j = 0; j < i; ++j) close(fds[j]); free(fds); free(magics); } static void test_basic_auth(int master) { drm_magic_t magic, old_magic; int slave; /* open slave and make sure it's NOT a master */ slave = drm_open_driver(DRIVER_ANY); igt_require(slave >= 0); igt_require(drmSetMaster(slave) < 0); /* retrieve magic for slave */ igt_assert(drmGetMagic(slave, &magic) == 0); igt_assert(magic > 0); /* verify the same magic is returned every time */ old_magic = magic; igt_assert(drmGetMagic(slave, &magic) == 0); igt_assert_eq(magic, old_magic); /* verify magic can be authorized exactly once, on the master */ igt_assert(drmAuthMagic(slave, magic) < 0); igt_assert(drmAuthMagic(master, magic) == 0); igt_assert(drmAuthMagic(master, magic) < 0); /* verify that the magic did not change */ old_magic = magic; igt_assert(drmGetMagic(slave, &magic) == 0); igt_assert_eq(magic, old_magic); close(slave); } static bool has_prime_import(int fd) { uint64_t value; if (drmGetCap(fd, DRM_CAP_PRIME, &value)) return false; return value & DRM_PRIME_CAP_IMPORT; } static void check_auth_sanity(int master) { uint32_t handle; igt_assert(check_auth(master) == true); igt_require(has_prime_import(master)); igt_assert(drmPrimeFDToHandle(master, -1, &handle) < 0); /* IOCTL requires authenticated master as done in drm_permit. * As we get past that, we'll fail due to the invalid FD. * * Note: strictly speaking this is unrelated to the goal of * the test, although danvet requested it. */ igt_assert(errno == EBADF); } static bool has_render_node(int fd) { char node_name[80]; struct stat sbuf; if (fstat(fd, &sbuf)) return false; sprintf(node_name, "/dev/dri/renderD%d", minor(sbuf.st_rdev) | 0x80); if (stat(node_name, &sbuf)) return false; return true; } /* * Testcase: Render capable, unauthenticated master doesn't throw -EACCES for * DRM_RENDER_ALLOW ioctls. */ static void test_unauth_vs_render(int master) { int slave; uint32_t handle; struct stat statbuf; bool has_render; /* need to check for render nodes before we wreak the filesystem */ has_render = has_render_node(master); /* create a card node matching master which (only) we can access as * non-root */ do_or_die(fstat(master, &statbuf)); do_or_die(unshare(CLONE_NEWNS)); do_or_die(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL)); do_or_die(mount("none", "/dev/dri", "tmpfs", 0, NULL)); umask(0); do_or_die(mknod("/dev/dri/card", S_IFCHR | 0666, statbuf.st_rdev)); igt_drop_root(); slave = open("/dev/dri/card", O_RDWR); igt_assert(slave >= 0); /* * The second open() happens without CAP_SYS_ADMIN, thus it will NOT * be authenticated. */ igt_assert(check_auth(slave) == false); /* Issuing the following ioctl will fail, no doubt about it. */ igt_assert(drmPrimeFDToHandle(slave, -1, &handle) < 0); /* * Updated kernels allow render capable, unauthenticated master to * issue DRM_AUTH ioctls (like FD2HANDLE above), as long as they are * annotated as DRM_RENDER_ALLOW. * * Otherwise, errno is set to -EACCES * * Note: We are _not_ interested in the FD2HANDLE specific errno, * yet the EBADF check is added on the explicit request by danvet. */ if (has_render) igt_assert(errno == EBADF); else igt_assert(errno == EACCES); close(slave); } igt_main { int master; /* root (which we run igt as) should always be authenticated */ igt_subtest("getclient-simple") { int fd = drm_open_driver(DRIVER_ANY); igt_assert(check_auth(fd) == true); close(fd); } igt_subtest("getclient-master-drop") { int fd = drm_open_driver(DRIVER_ANY); int fd2 = drm_open_driver(DRIVER_ANY); igt_assert(check_auth(fd2) == true); close(fd); igt_assert(check_auth(fd2) == true); close(fd2); } /* above tests require that no drm fd is open */ igt_subtest_group { igt_fixture master = drm_open_driver_master(DRIVER_ANY); igt_subtest("basic-auth") test_basic_auth(master); /* this must be last, we adjust the rlimit */ igt_subtest("many-magics") test_many_magics(master); } igt_subtest_group { igt_fixture master = drm_open_driver(DRIVER_ANY); igt_subtest("unauth-vs-render") { check_auth_sanity(master); igt_fork(child, 1) test_unauth_vs_render(master); igt_waitchildren(); } } }