Patches Arrive For DRM2 Render Nodes Support
Written by Michael Larabel in Wayland on 29 September 2012 at 01:56 AM EDT. Add A Comment
Taking a brief break from his direct work on Wayland, Kristian Høgsberg has published his "Render Nodes" work for DRM2 following the recent DRM2 proposal.

There was a DRM2 proposal at XDC2012 earlier this month to increase the Direct Rendering Manager security.

Kristian explains in his mailing list patch series:
The core problem is that DRM security is compromised in the face of VT switching and multiple DRM masters. Any local user can access all shared buffers from within any X server on the system, even when that user doesn't have access to any of those X servers.

The fix for this is to use dmabuf/prime and fd passing for buffer sharing. That infrastructure is already in place and we need to start using that in user space. Once we're passing buffers between display servers and clients in a point-to-point fashion, we no longer need to authenticate clients. We just need to make sure they can only render and import/export buffers to fds. That's what this patch does, by creating a new type of drm device node. Accessing this node doesn't require authentication (and as such can be used without a master, ie headless), but will only expose the safe, modern (DRI2ish) rendering ioctls.

Once userspace is sharing buffers through fd passing, the legacy card0 node can be locked down by unix permissions, for example in a drm-master group, so that only setgid binaries (X, weston, other KMS apps) can access it.
The DRM render nodes patches amount to just a few dozen lines of code across three patches. With the current patches from Kristian, render nodes support is only implemented in the Intel DRM and not within Radeon, Nouveau, or other drivers.

A while back there was also other render node work being done by David Airlie.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Wayland News
Popular News
Trending Reviews & Featured Articles