On Sat, Jan 05, 2019 at 07:23:32PM +0200, Gal Pressman wrote: > > Oh? EFA is sharing BAR pages between user processes? You have a > > security proof that is OK? > > I guess we're talking about PDs? In most devices available BAR address space is the limit to ucontexts.. > There's a PD limit (currently 128, depends on the device) which > limits the number of processes. There is no sharing of BAR pages > between user processes. EFA has some design problems here.. Generally mapping of a BAR page into user space must be done under the ucontext, not for individual objects. ie if I allocate BAR page X to ucontext Y then X must remain allocated until ucontext Y is destroyed. Otherwise there can be use-after free style security bugs. Since the efa_dealloc_ucontext does nothing, and BAR pages are being mapped, it must be wrong. It kind of looks like it is trying to tie BAR allocation lifetime to individual objects? .. and all of this is why one generally focuses on the ucontext as the limit, as generally, allocating a ucontext implies allocating a BAR page, and thus the number of ucontexts is strictly limited by the BAR size. A driver can do lazy allocation, but it is kind of pointless. Jason
