Laurent Pinchart worte: > Could a very large number of control requests be used as a DoS attack vector ? > A userspace application could kmalloc large amounts of memory without any > restriction. Memory would be reclaimed eventually, but after performing a > large number of USB requests, which could take quite a long time. A DoS attacker could open the /dev/video0 several times even from one single process (from different threads) and could kmalloc() as much memory as the attacker wants. Maybe even one file descriptor would be enough using it from different threads. This could force the system to swap out pages to get the necessary memory. I don't know if more than one instance of the VIDIOC_G_EXT_CTRLS requests can actively keep memory allocated or only one can run at a time forcing the other requests to sleep until the previous one hadn't been finished. This is also true for VIDIOC_S_EXT_CTRLS and VIDIOC_TRY_EXT_CTRLS. Regards, Márton Németh -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
