On Tue, May 29, 2018 at 12:48 PM, Gerd Hoffmann <kraxel@xxxxxxxxxx> wrote: > Hi, > >> > > qemu test branch: >> > > https://git.kraxel.org/cgit/qemu/log/?h=sirius/udmabuf > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >> > > + if (!shmem_mapping(file_inode(ubuf->filp)->i_mapping)) >> > > + goto err_free_ubuf; >> >> Can/should we test here that the memfd has a locked down size here? > > Makes sense. Suggested way to check that? unstatic memfd_get_seals() > function (mm/shmem.c)? Or is there some better way? > > Also which seals should we require? Is F_SEAL_SHRINK enough? Yes I think that's enough. Hm ... I think we also need to prevent the F_SEAL_WRITE, because there's no way to stop dma from tampering with the buffer once it's a dma-buf. Otherwise evil userspace could create a memfd, F_SEAL_SHRINK it, make a dma-buf out of it, F_SEAL_WRITE it, hand it to some unsuspecting priviledged service and then pull it over the table with a few dma-buf writes. >> On that: Link to userspace patches/git tree using this would be nice. > > See above. Ow, I was blind :-) Thanks, Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch -- To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
