Hi, Le mardi 14 mai 2024 à 23:45 +0300, Laurent Pinchart a écrit : > > And finally, none of this fixes the issue that the heap allocation are not being > > accounted properly and allow of an easy memory DoS. So uaccess should be granted > > with care, meaning that defaulting a "desktop" library to that, means it will > > most of the time not work at all. > > I think that issue should be fixed, regardless of whether or not we end > up using dma heaps for libcamera. If we do use them, maybe there will be > a higher incentive for somebody involved in this conversation to tackle > that problem first :-) And maybe, as a result, the rest of the Linux > community will consider with a more open mind usage of dma heaps on > desktop systems. The strict reality is that if libcamera offer no alternatives, some OS will enable it and reduce their security. I totally agree this issue needs to be fixed regardless of libcamera, or even dma heaps. DMABuf allocation should be accounted and limited to quotas whether it comes from a GPU, Display, V4L2 or other type of supported devices. I would also not recommend dropping your heap support (or preventing it from being merged) in libcamera. Nicolas
