• David Herrmann's avatar
    drm: implement experimental render nodes · 1793126f
    David Herrmann authored
    Render nodes provide an API for userspace to use non-privileged GPU
    commands without any running DRM-Master. It is useful for offscreen
    rendering, GPGPU clients, and normal render clients which do not perform
    modesetting.
    
    Compared to legacy clients, render clients no longer need any
    authentication to perform client ioctls. Instead, user-space controls
    render/client access to GPUs via filesystem access-modes on the
    render-node. Once a render-node was opened, a client has full access to
    the client/render operations on the GPU. However, no modesetting or ioctls
    that affect global state are allowed on render nodes.
    
    To prevent privilege-escalation, drivers must explicitly state that they
    support render nodes. They must mark their render-only ioctls as
    DRM_RENDER_ALLOW so render clients can use them. Furthermore, they must
    support clients without any attached master.
    
    If filesystem access-modes are not enough for fine-grained access control
    to render nodes (very unlikely, considering the versaitlity of FS-ACLs),
    you may still fall-back to fd-passing from server to client (which allows
    arbitrary access-control). However, note that revoking access is
    currently impossible and unlikely to get implemented.
    
    Note: Render clients no longer have any associated DRM-Master as they are
    supposed to be independent of any server state. DRM core highly depends on
    file_priv->master to be non-NULL for modesetting/ctx/etc. commands.
    Therefore, drivers must be very careful to not require DRM-Master if they
    support DRIVER_RENDER.
    
    So far render-nodes are protected by "drm_rnodes". As long as this
    module-parameter is not set to 1, a driver will not create render nodes.
    This allows us to experiment with the API a bit before we stabilize it.
    
    v2: drop insecure GEM_FLINK to force use of dmabuf
    Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
    Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
    1793126f
drm_drv.c 16.5 KB