Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754874AbbDUMUg (ORCPT <rfc822;w@1wt.eu>);
	Tue, 21 Apr 2015 08:20:36 -0400
Received: from mail-wg0-f46.google.com ([74.125.82.46]:33750 "EHLO
	mail-wg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751322AbbDUMUe (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 21 Apr 2015 08:20:34 -0400
Date: Tue, 21 Apr 2015 14:20:31 +0200
From: Michal Hocko <mhocko@suse.cz>
To: David Herrmann <dh.herrmann@gmail.com>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Andy Lutomirski <luto@amacapital.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Richard Weinberger <richard@nod.at>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Steven Rostedt <rostedt@goodmis.org>, Jiri Kosina <jkosina@suse.cz>,
        Al Viro <viro@zeniv.linux.org.uk>, Borislav Petkov <bp@alien8.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Arnd Bergmann <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Tom Gundersen <teg@jklm.no>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Daniel Mack <daniel@zonque.org>, Djalal Harouni <tixxdz@opendz.org>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1
Message-ID: <20150421122031.GA32624@dhcp22.suse.cz>
References: <CA+55aFzrzrJMuqdBB5=B8wG7eWtFDvViEEBG9xbC10pwyCio8A@mail.gmail.com>
 <CANq1E4TPtAJpbHnvsmCig7U+4k_dqk4wW-Q6X82uWDXa=RkFcQ@mail.gmail.com>
 <CAFLxGvw0Hwh5Vn474LkqKXC9EBOXmf4mPE25ojPjyFw1B9RE_Q@mail.gmail.com>
 <20150420205638.GA3015@kroah.com>
 <55356CC1.1040301@nod.at>
 <20150420214651.GA4215@kroah.com>
 <CALCETrUhaKqteMaptE0X+BYfeRmNBkiMZXEuV1vRb+MXOg6cDw@mail.gmail.com>
 <20150421103519.5b0de5ea@lxorguk.ukuu.org.uk>
 <CANq1E4SzeDKmF15T-CeOgPcJ-5a6_eM_buEW44nmJsrvBf_fJw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANq1E4SzeDKmF15T-CeOgPcJ-5a6_eM_buEW44nmJsrvBf_fJw@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1579
Lines: 36

On Tue 21-04-15 12:17:49, David Herrmann wrote:
> Hi
> 
> On Tue, Apr 21, 2015 at 11:35 AM, One Thousand Gnomes
> <gnomes@lxorguk.ukuu.org.uk> wrote:
> >> On top of that, I think that someone into resource management needs to
> >> seriously consider whether having a broadcast send do get_user_pages
> >> or the equivalent on pages supplied by untrusted recipients (plural!)
> >> is a good idea.
> >
> > Oh but its so much fun if you pass pages belonging to a device driver, or
> > pass bits of a GEM object thereby keeping entire graphics textures
> > referenced 8)
> 
> We do not use GUP, nor do we pass around pinned pages. All we use is
> __vfs_read() / __vfs_write() on shmem. Whether generic_file_write() /
> copy_from_user() internally relies on GUP or not, is an orthogonal
> issue that does not belong here.

It kind of does AFAIU. If for nothing else then the memcg reasons mentioned in
other email (http://marc.info/?l=linux-kernel&m=142953380508188). If an
untrusted user is allowed to hand over a shmem backed buffer which hasn't
been charged yet (read faulted in) and then kdbus forced to fault it in
a different user's context then you basically allow to hide memory
allocations from the memcg. That is a clear show stopper.

Or have I misunderstood the way how shmem buffers are used here?

-- 
Michal Hocko
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/