[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bdeeb76f-ea65-083b-dde4-450584edb068@suse.com>
Date: Wed, 25 Apr 2018 08:12:08 +0200
From: Juergen Gross <jgross@...e.com>
To: Dongwon Kim <dongwon.kim@...el.com>,
Oleksandr Andrushchenko <andr2000@...il.com>
Cc: Wei Liu <wei.liu2@...rix.com>,
Artem Mygaiev <Artem_Mygaiev@...m.com>, konrad.wilk@...cle.com,
airlied@...ux.ie, linux-kernel@...r.kernel.org,
dri-devel@...ts.freedesktop.org,
"Potrola, MateuszX" <mateuszx.potrola@...el.com>,
daniel.vetter@...el.com, xen-devel@...ts.xenproject.org,
boris.ostrovsky@...cle.com,
Roger Pau Monné <roger.pau@...rix.com>,
"Oleksandr_Andrushchenko@...m.com" <Oleksandr_Andrushchenko@...m.com>
Subject: Re: [Xen-devel] [PATCH 0/1] drm/xen-zcopy: Add Xen zero-copy helper
DRM driver
On 24/04/18 22:35, Dongwon Kim wrote:
> Had a meeting with Daniel and talked about bringing out generic
> part of hyper-dmabuf to the userspace, which means we most likely
> reuse IOCTLs defined in xen-zcopy for our use-case if we follow
> his suggestion.
>
> So assuming we use these IOCTLs as they are,
> Several things I would like you to double-check..
>
> 1. returning gref as is to the user space is still unsafe because
> it is a constant, easy to guess and any process that hijacks it can easily
> exploit the buffer. So I am wondering if it's possible to keep dmabuf-to
> -gref or gref-to-dmabuf in kernel space and add other layers on top
> of those in actual IOCTLs to add some safety.. We introduced flink like
> hyper_dmabuf_id including random number but many says even that is still
> not safe.
grefs are usable by root only. When you have root access in dom0 you can
do evil things to all VMs even without using grants. That is in no way
different to root being able to control all other processes on the
system.
Juergen
Powered by blists - more mailing lists