Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3330335imm; Tue, 29 May 2018 05:30:55 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqQK9GWR4c5usJxzjOwC4GNZshSYyLTMvedB6E1dHolIZNMGBeTQWmTS7KjqnF6YBTjHbsD X-Received: by 2002:a17:902:9a08:: with SMTP id v8-v6mr17367956plp.148.1527597055412; Tue, 29 May 2018 05:30:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527597055; cv=none; d=google.com; s=arc-20160816; b=AUgy4h59DWEZvDi/0vrrobwdjS4BD9payo0XTyEzj0M+9n5OaEmzLSGq5trgrFnmTe yjrGWPgAAsm+TfCiVTfVP7MG5Hd8fRpZfsspQf8BT3MpdrW0AqhV7cr9nk2VHrXnvFO7 MViWCrQz0ypTiA7aCqfP9++GB+dlMSFaohEaIcg+KTtlpoi6Ka+AP57iaiOi7CSVAbQ5 HkQSx6NQqS1IH1EzodKOpBJaZ2IjGBZ2QzWUlaAjYq+78EFLhJZK3pFqQ2WzrD69Xhes mlmWhAdzvWIvzSvOMdI5+gtkJERkrItk+PGkHUrrwAb9R/JbMxvBblnc/Ew3DwHEc4q5 gHrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=+/3YehuMIWAqawLvPC/iaToVrk2B2ehYOC2UpkASj+o=; b=v7pgLgvUT2BUK+Iccux6TYpcWIx0xocT03ZKQytfBfsAMMSn4Y8a8tBBGaibp/8oTt WzKkkS05k19g/r9dZv9fbHVLMhxWFLWL7AV0/O+Pp8JQo3lr6gFU4joEG5TwepfuINjH I4KBRwhWhIUNsTu8182ZOzRO5jyHgBK2wMTRK5Wqx10qRuMr573K/eh3dqWc0Y2gO4ds LM9m3CoZC1juwfJ6qc6eIOEadKzl+f9iYcz+155/1vQFi41sjchgy6vmDraj759L4oUD o+6fgKozfAMQ522dKNFH+u6lAlmCc/utIbe5aoySqx3GVXBm/otSv0isR4YbdpIStC6E 0vEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=I2iBAf0C; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o1-v6si14610270pgn.277.2018.05.29.05.30.41; Tue, 29 May 2018 05:30:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@ffwll.ch header.s=google header.b=I2iBAf0C; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933825AbeE2M3r (ORCPT + 99 others); Tue, 29 May 2018 08:29:47 -0400 Received: from mail-io0-f195.google.com ([209.85.223.195]:46037 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933675AbeE2M3o (ORCPT ); Tue, 29 May 2018 08:29:44 -0400 Received: by mail-io0-f195.google.com with SMTP id c9-v6so17301133iob.12 for ; Tue, 29 May 2018 05:29:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+/3YehuMIWAqawLvPC/iaToVrk2B2ehYOC2UpkASj+o=; b=I2iBAf0CEI2Qp45wUdZxvW+vjOSKP0UOEeMWBR/NyaR/Lt+SqhtRDf2Ug4giBgHLf1 aGUknxMrn5y0f/CJfTnKN63UEDgcabGn4c1mvKghtSyP1kv6tOvYZy+1XZVaQTNiynSH JTDcX8apdW9a94rU/scOF5ucEQTQXRvT2mv1Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+/3YehuMIWAqawLvPC/iaToVrk2B2ehYOC2UpkASj+o=; b=sGBcVkUZr2Na8jSXtIYySJ4XylSjO+4dRj0JdLHEee6kQUt3tGSbNct3Ze+q+dGDv2 tP91labBghqBdkQgVW1WynA4ry3t2vUi4McALYrHE+OKuvMoC7x60r589naO0D7jDauw 9FzcJ2t/8MzJIwBrhAOAg2n/84YoUs0K1YTzGvw9zysMM1Hg/FgZDUtKMCxVZ+euZMFB ws6QrRAcCziVd6FbhhnZyAOnZbdxW7f5WQmOmmAkKtlIHoymxRdCHRQ3iVsA/XAcI/I2 QPclIsafqZjbjcII9T8jGU8rBSS2hqED86GirRYUSdw9cmzC/62+NHq7gmb+38G08TFG SuFw== X-Gm-Message-State: ALKqPweoJvkec8kJONm8t89GNen5C8CAlS5YZvJsz5qUV2IPJQfgQXPW kwT1ecZDY055U6F4L7mirGC87PORJMrQotBOasd41A== X-Received: by 2002:a6b:6f18:: with SMTP id k24-v6mr14757955ioc.55.1527596984185; Tue, 29 May 2018 05:29:44 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:1684:0:0:0:0:0 with HTTP; Tue, 29 May 2018 05:29:43 -0700 (PDT) X-Originating-IP: [2a02:168:5628:0:d0c7:bcda:eea:9e5d] In-Reply-To: <20180529104855.vvrfdtbgrsqj27ga@sirius.home.kraxel.org> References: <20180525140808.12714-1-kraxel@redhat.com> <20180529082327.GF3438@phenom.ffwll.local> <20180529084406.GI3438@phenom.ffwll.local> <20180529104855.vvrfdtbgrsqj27ga@sirius.home.kraxel.org> From: Daniel Vetter Date: Tue, 29 May 2018 14:29:43 +0200 Message-ID: Subject: Re: [Linaro-mm-sig] [PATCH v3] Add udmabuf misc device To: Gerd Hoffmann Cc: dri-devel , David Airlie , Tomeu Vizoso , Sumit Semwal , Shuah Khan , open list , "open list:DMA BUFFER SHARING FRAMEWORK" , "moderated list:DMA BUFFER SHARING FRAMEWORK" , "open list:KERNEL SELFTEST FRAMEWORK" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 29, 2018 at 12:48 PM, Gerd Hoffmann wrote: > Hi, > >> > > qemu test branch: >> > > https://git.kraxel.org/cgit/qemu/log/?h=sirius/udmabuf > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > >> > > + if (!shmem_mapping(file_inode(ubuf->filp)->i_mapping)) >> > > + goto err_free_ubuf; >> >> Can/should we test here that the memfd has a locked down size here? > > Makes sense. Suggested way to check that? unstatic memfd_get_seals() > function (mm/shmem.c)? Or is there some better way? > > Also which seals should we require? Is F_SEAL_SHRINK enough? Yes I think that's enough. Hm ... I think we also need to prevent the F_SEAL_WRITE, because there's no way to stop dma from tampering with the buffer once it's a dma-buf. Otherwise evil userspace could create a memfd, F_SEAL_SHRINK it, make a dma-buf out of it, F_SEAL_WRITE it, hand it to some unsuspecting priviledged service and then pull it over the table with a few dma-buf writes. >> On that: Link to userspace patches/git tree using this would be nice. > > See above. Ow, I was blind :-) Thanks, Daniel -- Daniel Vetter Software Engineer, Intel Corporation +41 (0) 79 365 57 48 - http://blog.ffwll.ch