Commit 5a6c9a05 authored by Lingkai Dong's avatar Lingkai Dong Committed by Christian König

drm: Fix FD ownership check in drm_master_check_perm()

The DRM subsystem keeps a record of the owner of a DRM device file
descriptor using thread group ID (TGID) instead of process ID (PID), to
ensures all threads within the same userspace process are considered the
owner. However, the DRM master ownership check compares the current
thread's PID against the record, so the thread is incorrectly considered to
be not the FD owner if the PID is not equal to the TGID. This causes DRM
ioctls to be denied master privileges, even if the same thread that opened
the FD performs an ioctl. Fix this by checking TGID.

Fixes: 4230cea8 ("drm: Track clients by tgid and not tid")
Signed-off-by: default avatarLingkai Dong <lingkai.dong@arm.com>
Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
Reviewed-by: default avatarTvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: <stable@vger.kernel.org> # v6.4+
Link: https://patchwork.freedesktop.org/patch/msgid/PA6PR08MB107665920BE9A96658CDA04CE8884A@PA6PR08MB10766.eurprd08.prod.outlook.comSigned-off-by: default avatarChristian König <christian.koenig@amd.com>
parent e0f04e41
...@@ -236,7 +236,7 @@ static int ...@@ -236,7 +236,7 @@ static int
drm_master_check_perm(struct drm_device *dev, struct drm_file *file_priv) drm_master_check_perm(struct drm_device *dev, struct drm_file *file_priv)
{ {
if (file_priv->was_master && if (file_priv->was_master &&
rcu_access_pointer(file_priv->pid) == task_pid(current)) rcu_access_pointer(file_priv->pid) == task_tgid(current))
return 0; return 0;
if (!capable(CAP_SYS_ADMIN)) if (!capable(CAP_SYS_ADMIN))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment