lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <s5hzhrxzrez.wl-tiwai@suse.de>
Date:   Fri, 18 Jan 2019 20:39:32 +0100
From:   Takashi Iwai <tiwai@...e.de>
To:     "Mark Brown" <broonie@...nel.org>
Cc:     "Jaroslav Kysela" <perex@...ex.cz>, <alsa-devel@...a-project.org>,
        <arnd@...db.de>, <keescook@...omium.org>,
        <bgoswami@...eaurora.org>, <sr@...x.de>, <gustavo@...eddedor.com>,
        <philburk@...gle.com>, <willy@...radead.org>,
        <mchehab+samsung@...nel.org>, <sboyd@...nel.org>,
        <vkoul@...nel.org>, "Baolin Wang" <baolin.wang@...aro.org>,
        <daniel.thompson@...aro.org>, <leo.yan@...aro.org>,
        <mathieu.poirier@...aro.org>, <srinivas.kandagatla@...aro.org>,
        <anna-maria@...utronix.de>, <corbet@....net>,
        <jmiller@...erware.com>, <ckeepax@...nsource.wolfsonmicro.com>,
        <joe@...ches.com>, <o-takashi@...amocchi.jp>, <colyli@...e.de>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH] ALSA: core: Add DMA share buffer support

On Fri, 18 Jan 2019 20:08:05 +0100,
Mark Brown wrote:
> 
> On Fri, Jan 18, 2019 at 10:35:44AM +0100, Jaroslav Kysela wrote:
> 
> >   the tinyalsa implementation does not show much - it's equal to the
> > standard mmap access for the PCM devices. Even considering the Mark's
> > text, there must be an arbiter (sound server) which communicates with
> > the producer or consumer to control the data flow. I really would like
> > to see a real usage for this.
> 
> Right, the driving force behind implementing this is Android which had
> been using an out of tree version of this approach based on ION but
> that's run into trouble due to other outside changes.
> 
> >   It seems to me that the only point to implement this is the
> > permissions. We already have O_APPEND mode for the PCM file descriptor
> > which can reuse the PCM device multiple times (mmap the buffer to
> > multiple tasks). I would probably go in this way and add more extended
> > permission control for the PCM device, so permissions can be restricted
> > for the passed descriptor to the producer or the consumer task. In this
> > way, the restricted task might reuse other control mechanism offered buy
> > the PCM file descriptor without requesting the arbiter to do so (like
> > read the actual position in the DMA buffer, get the audio delay or so -
> > reduce context switches).
> 
> One concern I have with doing some ALSA-specific custom permissions
> thing is integration with frameworks like SELinux (they'd presumably
> need to learn about the ALSA specific stuff to manage it).  It also
> seems like it's adding a lot more security sensitive interfaces and 
> code which which will require audit and review, one of the things I 
> really like about this approach is that it's incredibly simple from
> the security point of view.

Well, I wonder what makes it more difficult by the approach Jaroslav
suggested.  With O_APPEND, you can just call mmap() normally, and
that's all. What's the merit of dma-buf approach wrt the security?

BTW, the suggested patch seems to have a problem when the attached PCM
performs hw_free.  Then the mapped target will be gone while another
process still mapping it.  And the code looks pretty racy.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ