diff options
| author | Mark Kettenis <kettenis@cvs.openbsd.org> | 2016-01-06 09:09:17 +0000 |
|---|---|---|
| committer | Mark Kettenis <kettenis@cvs.openbsd.org> | 2016-01-06 09:09:17 +0000 |
| commit | 3caaae8aa03dfb7cbef5145b1c5b66892d800104 (patch) | |
| tree | 4c891ca32e37e5d53a26d26c71ef1e813dcc18d8 /sys/kern/kern_pledge.c | |
| parent | 4bf6a6260e2f6e99a9f9fd408762cab418e3b3d3 (diff) | |
Add pledge "drm", which allows a subset of the drm(4) ioctls. These are
basically only the ioctls that Linux allows on the so-called "render nodes".
For now, it also allows DRM_IOCTL_GET_MAGIC and DRM_IOCTL_GEM_OPEN, as we
don't implement prime/dma-buf yet in OpenBSD. That still leaves a big gaping
hole, so they will be removed as soon as we can.
Based on a diff by robert@, who did all the heavy lifting by studying the
behaviour of the chromium GPU process, with some further suggestions by
deraadt@.
ok jsg@, deraadt@, robert@
Diffstat (limited to 'sys/kern/kern_pledge.c')
| -rw-r--r-- | sys/kern/kern_pledge.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 4323a6b9e86..89808cd1178 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.141 2016/01/05 18:09:24 deraadt Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.142 2016/01/06 09:09:16 kettenis Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -67,6 +67,11 @@ #include "audio.h" #include "pty.h" +#if defined(__amd64__) || defined(__i386__) || \ + defined(__macppc__) || defined(__sparc64__) +#include "drm.h" +#endif + int pledgereq_flags(const char *req); int canonpath(const char *input, char *buf, size_t bufsize); int substrcmp(const char *p1, size_t s1, const char *p2, size_t s2); @@ -338,6 +343,7 @@ static const struct { { "disklabel", PLEDGE_DISKLABEL }, { "dns", PLEDGE_DNS }, { "dpath", PLEDGE_DPATH }, + { "drm", PLEDGE_DRM }, { "exec", PLEDGE_EXEC }, { "fattr", PLEDGE_FATTR }, { "flock", PLEDGE_FLOCK }, @@ -1123,6 +1129,7 @@ int pledge_ioctl(struct proc *p, long com, struct file *fp) { struct vnode *vp = NULL; + int error = EPERM; if ((p->p_p->ps_flags & PS_PLEDGE) == 0) return (0); @@ -1174,6 +1181,18 @@ pledge_ioctl(struct proc *p, long com, struct file *fp) } } + if ((p->p_p->ps_pledge & PLEDGE_DRM)) { +#if NDRM > 0 + if ((fp->f_type == DTYPE_VNODE) && + (vp->v_type == VCHR) && + (cdevsw[major(vp->v_rdev)].d_open == drmopen)) { + error = pledge_ioctl_drm(p, com, vp->v_rdev); + if (error == 0) + return 0; + } +#endif /* NDRM > 0 */ + } + if ((p->p_p->ps_pledge & PLEDGE_AUDIO)) { #if NAUDIO > 0 switch (com) { @@ -1306,7 +1325,7 @@ pledge_ioctl(struct proc *p, long com, struct file *fp) } } - return pledge_fail(p, EPERM, PLEDGE_IOCTL); + return pledge_fail(p, error, PLEDGE_IOCTL); } int |