Received: by 2002:ab2:6991:0:b0:1f7:f6c3:9cb1 with SMTP id v17csp90910lqo;
        Tue, 7 May 2024 13:09:53 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCX8kpEAKqzvb2KCNB94UBrzkvolR83ZJsJlyD9LlijuD7K0F+kEFI0+a0Ni2KRxiIvqzaGT1pIgYA5upV8yRbtmmUuO5YZjBZhcFtelfg==
X-Google-Smtp-Source: AGHT+IGvNdGonXuJgVoQNnMp4mjt2vZlDG60u5F///hHK42TQRGv8kfynIY9Xqf5cbnrJdehY25h
X-Received: by 2002:a17:906:2dc1:b0:a59:a3ef:21f5 with SMTP id a640c23a62f3a-a59fb9c792cmr33815066b.57.1715112593344;
        Tue, 07 May 2024 13:09:53 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715112593; cv=pass;
        d=google.com; s=arc-20160816;
        b=NNK+Px9VGsg6DNKiCwSoAJWU5MddWelcJiwq64EvN5b30QDmR1WralMpIE41ZgUtDO
         VaUcFXa9LJInjdXvMnjJ2UY2CbaspDslrc/72h7RamcwWINVwKb/Ct9N/XiuZt2mWt2k
         105u/fiD4YeO3Q8r9Oy+QBzS/W8sRzioAqN9+EZ4dIf2TLskob4Y5KcjxnlZ+VJAPtXp
         M5vemGtKbSwjWrsOOBNlhtlnQuGGYiiKupzaFzulc3e11ZG3FSbuQZBo5C0V6eIoNp+D
         Y+HmnEGfJAjtEFsdGdUOKZ80OtrqUKSOzuEulAQiWXVzrsZB4pFNaNOlCSuNWoMQ6hkf
         LZ/A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :user-agent:content-transfer-encoding:references:in-reply-to:date:cc
         :to:from:subject:message-id:dkim-signature;
        bh=fipWuacVxzVGjU5VN53PElEjG/EVMb8BJ11r6n3Qv6w=;
        fh=PCOlXdgr3uqUbpuLFuRIxTQbZg4XTasX+fmhPFxTjNs=;
        b=ubT39j5uFHk41+r6lm/yIGp8TJEWEg8GHu9lPdOcR9ylJyk9Q3+8rpRtjxVCJVgb1i
         pCs2kME2aQXEnSuTf4CSxbTephQpdCGX/o7j0g5ZdMFN1YATklgvGAfZ2nnDfOX9oStf
         +BYjs4uomn/hQOgSUiYuwXCBtUuoUKJ1EtbB/nCbkdnBJqtOH0jMs/RpAotHryKp6ARI
         3vfS15f+fizYbtxBwJnto9SyIt+KaosZcvHrxj7N7P3VCUw7CqhyE83Pg/sHFO8M/ahP
         3KM7vO0xkViMgsL7KCsqPVgs2fuJFoSAnq0e10UnSHMlUA2TKEkbby7CT3oEK1FM1AIt
         PnsA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=ayce0jpT;
       arc=pass (i=1 spf=pass spfdomain=collabora.com dkim=pass dkdomain=collabora.com dmarc=pass fromdomain=collabora.com);
       spf=pass (google.com: domain of linux-kernel+bounces-172129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-172129-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com
Return-Path: <linux-kernel+bounces-172129-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id x20-20020a170906711400b00a59a221dca9si4222644ejj.522.2024.05.07.13.09.53
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 07 May 2024 13:09:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-172129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@collabora.com header.s=mail header.b=ayce0jpT;
       arc=pass (i=1 spf=pass spfdomain=collabora.com dkim=pass dkdomain=collabora.com dmarc=pass fromdomain=collabora.com);
       spf=pass (google.com: domain of linux-kernel+bounces-172129-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-172129-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 181231F25B52
	for <linux.lists.archive@gmail.com>; Tue,  7 May 2024 20:09:53 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id C767614B96D;
	Tue,  7 May 2024 20:07:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com header.b="ayce0jpT"
Received: from madrid.collaboradmins.com (madrid.collaboradmins.com [46.235.227.194])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7854D14B940;
	Tue,  7 May 2024 20:07:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=46.235.227.194
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715112470; cv=none; b=e1/mz8apJ34bN5mpoKjQ90Pth+ypVk3dl3OqMNrWQi5Hut3rhuz3ItxVw74Sx82mIsiN7NsYKVXk4uZPMe+yROGLZCILuTPJ6QoGt2NL2hSZfYuIQoKlDF5OCP39CKudo18Bu877KJDwE2Su5SttW9CtmW+EY5AjSlBtXFw9xH4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715112470; c=relaxed/simple;
	bh=fipWuacVxzVGjU5VN53PElEjG/EVMb8BJ11r6n3Qv6w=;
	h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References:
	 Content-Type:MIME-Version; b=DNY0H8zqwvwtEsOq3DQkDawbI4Mj6682maltOl+AjIoZX/TvxAZRFnTT/KR7Gye2dA36TXbF1G0AdQPxCUvMrignG1wzg9NPv+3t5IJI9rCbtWV5SEwKT3mtCjcrVlRhmp4tjDpW6uA3WX/SJepT0tE3mBqrNaqPfCiV/7vPY5E=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=collabora.com; spf=pass smtp.mailfrom=collabora.com; dkim=pass (2048-bit key) header.d=collabora.com header.i=@collabora.com header.b=ayce0jpT; arc=none smtp.client-ip=46.235.227.194
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=collabora.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=collabora.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com;
	s=mail; t=1715112466;
	bh=fipWuacVxzVGjU5VN53PElEjG/EVMb8BJ11r6n3Qv6w=;
	h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
	b=ayce0jpTxn/KmZ5Mg7KGIx3PNbevbAYK9fpmSuiWhC9OoTF5RynAKB31qJBgqop6m
	 SCuon0S6OseuU+bLsJvOo768IJ/HQxvJc7YlZDykNaHUatUmZVqZIOXAu67v3ObuAT
	 rBWLOmR2jVrcZUNfXp3PDUuFNsnrSrhAU01VCRM9eytOy0S50jtKbjIClzR72op8ip
	 mPuhRlzPQoYd5RWXWJ2OcqZY547pj/GLfuH5K/0S3QqIVuYq4nWRbltLhOMkFjR/y7
	 okl4Xc8YxYOIThydVzngeXdBIGaSX3i+S0LmWZ4mLpwSITDBsfz5MYqC6w4GH/JLEU
	 +93cxjjAc5JDA==
Received: from nicolas-tpx395.localdomain (cola.collaboradmins.com [195.201.22.229])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: nicolas)
	by madrid.collaboradmins.com (Postfix) with ESMTPSA id 9274B37809D1;
	Tue,  7 May 2024 20:07:43 +0000 (UTC)
Message-ID: <4f59a9d78662831123cc7e560218fa422e1c5eca.camel@collabora.com>
Subject: Re: Safety of opening up /dev/dma_heap/* to physically present
 users (udev uaccess tag) ?
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>, Daniel Vetter
	 <daniel@ffwll.ch>
Cc: Bryan O'Donoghue <bryan.odonoghue@linaro.org>, Dmitry Baryshkov
 <dmitry.baryshkov@linaro.org>, Hans de Goede <hdegoede@redhat.com>, Sumit
 Semwal <sumit.semwal@linaro.org>, Benjamin Gaignard
 <benjamin.gaignard@collabora.com>, Brian Starkey <Brian.Starkey@arm.com>,
 John Stultz <jstultz@google.com>, "T.J. Mercier" <tjmercier@google.com>,
 Christian =?ISO-8859-1?Q?K=F6nig?= <christian.koenig@amd.com>, Lennart
 Poettering <mzxreary@0pointer.de>,  Robert Mader
 <robert.mader@collabora.com>, Sebastien Bacher
 <sebastien.bacher@canonical.com>, Linux Media Mailing List
 <linux-media@vger.kernel.org>, "dri-devel@lists.freedesktop.org"
 <dri-devel@lists.freedesktop.org>,  linaro-mm-sig@lists.linaro.org, Linux
 Kernel Mailing List <linux-kernel@vger.kernel.org>, Milan Zamazal
 <mzamazal@redhat.com>, Maxime Ripard <mripard@redhat.com>, Andrey Konovalov
 <andrey.konovalov.ynk@gmail.com>
Date: Tue, 07 May 2024 16:07:39 -0400
In-Reply-To: <20240507183613.GB20390@pendragon.ideasonboard.com>
References: <bb372250-e8b8-4458-bc99-dd8365b06991@redhat.com>
	 <ojduxo54lpcbfg2wfuhqhy7k3phncamtklh65z7gvttcwztmhk@zkifewcy4ovi>
	 <3c0c7e7e-1530-411b-b7a4-9f13e0ff1f9e@redhat.com>
	 <e7ilwp3vc32xze3iu2ejgqlgz44codsktnvyiufjhuf2zxcnnf@tnwzgzoxvbg2>
	 <d2a512b2-e6b1-4675-b406-478074bbbe95@linaro.org>
	 <Zjpmu_Xj6BPdkDPa@phenom.ffwll.local>
	 <20240507183613.GB20390@pendragon.ideasonboard.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.52.1 (3.52.1-1.fc40) 
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Hi,

Le mardi 07 mai 2024 =C3=A0 21:36 +0300, Laurent Pinchart a =C3=A9crit=C2=
=A0:
> Shorter term, we have a problem to solve, and the best option we have
> found so far is to rely on dma-buf heaps as a backend for the frame
> buffer allocatro helper in libcamera for the use case described above.
> This won't work in 100% of the cases, clearly. It's a stop-gap measure
> until we can do better.

Considering the security concerned raised on this thread with dmabuf heap
allocation not be restricted by quotas, you'd get what you want quickly wit=
h
memfd + udmabuf instead (which is accounted already).

It was raised that distro don't enable udmabuf, but as stated there by Hans=
, in
any cases distro needs to take action to make the softISP works. This
alternative is easy and does not interfere in anyway with your future plan =
or
the libcamera API. You could even have both dmabuf heap (for Raspbian) and =
the
safer memfd+udmabuf for the distro with security concerns.

And for the long term plan, we can certainly get closer by fixing that issu=
e
with accounting. This issue also applied to v4l2 io-ops, so it would be nic=
e to
find common set of helpers to fix these exporters.

regards,
Nicolas