On Tue, Aug 15, 2017 at 11:00:20PM -0400, Felix Kuehling wrote: > From: Moses Reuben <moses.reuben at amd.com> > > v2: > * Renamed ALLOC_MEMORY_OF_SCRATCH to SET_SCRATCH_BACKING_VA > * Removed size parameter from the ioctl, it was unused > * Removed hole in ioctl number space > * No more call to write_config_static_mem > * Return correct error code from ioctl What kind of memory is suppose to back this virtual address range ? How big is the range suppose to be ? Can it be any valid virtual address ? My worry here is to ascertain that one can not abuse this ioctl say to set the virtual address to some mmaped shared library code/data section and write something malicious there. I am assuming that if it has to go through ATS/PASID of the IOMMUv2 then the write protection will be asserted and we will see proper COW (copy on write) due to mmap PRIVATE flags. Idealy this area should be a special vma and the driver should track its lifetime and cancel GPU jobs if it is unmap. But i am unsure on how dynamic is that scratch memory suppose to be (ie do you allocate new scratch memory with every GPU job or is it allocated once and reuse for every jobs). Bigger commit message would be nice too. Like i had tons of i believe valid questions. Cheers, Jérôme
