Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755083AbbDUOro (ORCPT <rfc822;w@1wt.eu>);
	Tue, 21 Apr 2015 10:47:44 -0400
Received: from mail-qk0-f182.google.com ([209.85.220.182]:35619 "EHLO
	mail-qk0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754334AbbDUOrn (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 21 Apr 2015 10:47:43 -0400
MIME-Version: 1.0
In-Reply-To: <20150421142748.GB32624@dhcp22.suse.cz>
References: <CANq1E4TPtAJpbHnvsmCig7U+4k_dqk4wW-Q6X82uWDXa=RkFcQ@mail.gmail.com>
	<CAFLxGvw0Hwh5Vn474LkqKXC9EBOXmf4mPE25ojPjyFw1B9RE_Q@mail.gmail.com>
	<20150420205638.GA3015@kroah.com>
	<55356CC1.1040301@nod.at>
	<20150420214651.GA4215@kroah.com>
	<CALCETrUhaKqteMaptE0X+BYfeRmNBkiMZXEuV1vRb+MXOg6cDw@mail.gmail.com>
	<20150421103519.5b0de5ea@lxorguk.ukuu.org.uk>
	<CANq1E4SzeDKmF15T-CeOgPcJ-5a6_eM_buEW44nmJsrvBf_fJw@mail.gmail.com>
	<20150421122031.GA32624@dhcp22.suse.cz>
	<CANq1E4RHesc190WZL7_eHCvAXPsj+M--Qm=e320B0h1RgE6hxg@mail.gmail.com>
	<20150421142748.GB32624@dhcp22.suse.cz>
Date: Tue, 21 Apr 2015 16:47:42 +0200
Message-ID: <CANq1E4RmWkB04vy9QHF2oMFVN8Hcb8_Wfhg+cby2KyG3uR4pbg@mail.gmail.com>
Subject: Re: [GIT PULL] kdbus for 4.1-rc1
From: David Herrmann <dh.herrmann@gmail.com>
To: Michal Hocko <mhocko@suse.cz>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
        Andy Lutomirski <luto@amacapital.net>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Richard Weinberger <richard@nod.at>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Steven Rostedt <rostedt@goodmis.org>, Jiri Kosina <jkosina@suse.cz>,
        Al Viro <viro@zeniv.linux.org.uk>, Borislav Petkov <bp@alien8.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Arnd Bergmann <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Tom Gundersen <teg@jklm.no>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Daniel Mack <daniel@zonque.org>, Djalal Harouni <tixxdz@opendz.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1524
Lines: 33

Hi

On Tue, Apr 21, 2015 at 4:27 PM, Michal Hocko <mhocko@suse.cz> wrote:
> On Tue 21-04-15 16:01:01, David Herrmann wrote:
>> On Tue, Apr 21, 2015 at 2:20 PM, Michal Hocko <mhocko@suse.cz> wrote:
>> > If for nothing else then the memcg reasons mentioned in
>> > other email (http://marc.info/?l=linux-kernel&m=142953380508188). If an
>> > untrusted user is allowed to hand over a shmem backed buffer which hasn't
>> > been charged yet (read faulted in) and then kdbus forced to fault it in
>> > a different user's context then you basically allow to hide memory
>> > allocations from the memcg. That is a clear show stopper.
>> >
>> > Or have I misunderstood the way how shmem buffers are used here?
>>
>> ..as you mentioned memcg, lets figure that out here. shmem buffers are
>> used as receive-buffers by kdbus peers. They are read-only to
>> user-space. All allocations are done by the kernel on message passing.
>
> OK, so the shmem buffer is allocated on the kernels behalf and under
> its control and no userspace can hand over one to kdbus. Do I get
> it right? If yes then the memcg escape I was describing above is
> not possible of course. This wasn't clear to me from the previous
> discussion. Thanks for the clarification!

Exactly. Much appreciated!

Thanks
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/