Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755083AbbDUOro (ORCPT ); Tue, 21 Apr 2015 10:47:44 -0400 Received: from mail-qk0-f182.google.com ([209.85.220.182]:35619 "EHLO mail-qk0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754334AbbDUOrn (ORCPT ); Tue, 21 Apr 2015 10:47:43 -0400 MIME-Version: 1.0 In-Reply-To: <20150421142748.GB32624@dhcp22.suse.cz> References: <20150420205638.GA3015@kroah.com> <55356CC1.1040301@nod.at> <20150420214651.GA4215@kroah.com> <20150421103519.5b0de5ea@lxorguk.ukuu.org.uk> <20150421122031.GA32624@dhcp22.suse.cz> <20150421142748.GB32624@dhcp22.suse.cz> Date: Tue, 21 Apr 2015 16:47:42 +0200 Message-ID: Subject: Re: [GIT PULL] kdbus for 4.1-rc1 From: David Herrmann To: Michal Hocko Cc: One Thousand Gnomes , Andy Lutomirski , Greg Kroah-Hartman , Richard Weinberger , Linus Torvalds , Steven Rostedt , Jiri Kosina , Al Viro , Borislav Petkov , Andrew Morton , Arnd Bergmann , "Eric W. Biederman" , Tom Gundersen , "linux-kernel@vger.kernel.org" , Daniel Mack , Djalal Harouni Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1524 Lines: 33 Hi On Tue, Apr 21, 2015 at 4:27 PM, Michal Hocko wrote: > On Tue 21-04-15 16:01:01, David Herrmann wrote: >> On Tue, Apr 21, 2015 at 2:20 PM, Michal Hocko wrote: >> > If for nothing else then the memcg reasons mentioned in >> > other email (http://marc.info/?l=linux-kernel&m=142953380508188). If an >> > untrusted user is allowed to hand over a shmem backed buffer which hasn't >> > been charged yet (read faulted in) and then kdbus forced to fault it in >> > a different user's context then you basically allow to hide memory >> > allocations from the memcg. That is a clear show stopper. >> > >> > Or have I misunderstood the way how shmem buffers are used here? >> >> ..as you mentioned memcg, lets figure that out here. shmem buffers are >> used as receive-buffers by kdbus peers. They are read-only to >> user-space. All allocations are done by the kernel on message passing. > > OK, so the shmem buffer is allocated on the kernels behalf and under > its control and no userspace can hand over one to kdbus. Do I get > it right? If yes then the memcg escape I was describing above is > not possible of course. This wasn't clear to me from the previous > discussion. Thanks for the clarification! Exactly. Much appreciated! Thanks David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/