Re: [Linaro-mm-sig] [PATCH v3] Add udmabuf misc device

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 29, 2018 at 12:48 PM, Gerd Hoffmann <kraxel@xxxxxxxxxx> wrote:
>   Hi,
>
>> > > qemu test branch:
>> > >   https://git.kraxel.org/cgit/qemu/log/?h=sirius/udmabuf
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>> > > + if (!shmem_mapping(file_inode(ubuf->filp)->i_mapping))
>> > > +         goto err_free_ubuf;
>>
>> Can/should we test here that the memfd has a locked down size here?
>
> Makes sense.  Suggested way to check that?  unstatic memfd_get_seals()
> function (mm/shmem.c)?  Or is there some better way?
>
> Also which seals should we require?  Is F_SEAL_SHRINK enough?

Yes I think that's enough.

Hm ... I think we also need to prevent the F_SEAL_WRITE, because
there's no way to stop dma from tampering with the buffer once it's a
dma-buf. Otherwise evil userspace could create a memfd, F_SEAL_SHRINK
it, make a dma-buf out of it, F_SEAL_WRITE it, hand it to some
unsuspecting priviledged service and then pull it over the table with
a few dma-buf writes.

>> On that: Link to userspace patches/git tree using this would be nice.
>
> See above.

Ow, I was blind :-)

Thanks, Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux