lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+ddPcOew7Wtb1-Cakq_LPN1VwtG+4vpjpLFvXdsjBunpefT1A@mail.gmail.com>
Date: Thu, 4 Jan 2024 11:50:54 -0800
From: Jeffrey Kardatzke <jkardatzke@...gle.com>
To: Simon Ser <contact@...rsion.fr>
Cc: Pekka Paalanen <ppaalanen@...il.com>, Joakim Bech <joakim.bech@...aro.org>, 
	Yong Wu <yong.wu@...iatek.com>, Rob Herring <robh+dt@...nel.org>, 
	Sumit Semwal <sumit.semwal@...aro.org>, christian.koenig@....com, 
	Matthias Brugger <matthias.bgg@...il.com>, dri-devel@...ts.freedesktop.org, 
	John Stultz <jstultz@...gle.com>, 
	Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>, 
	Benjamin Gaignard <benjamin.gaignard@...labora.com>, 
	Vijayanand Jitta <quic_vjitta@...cinc.com>, Nicolas Dufresne <nicolas@...fresne.ca>, 
	jianjiao.zeng@...iatek.com, linux-media@...r.kernel.org, 
	devicetree@...r.kernel.org, Conor Dooley <conor+dt@...nel.org>, 
	ckoenig.leichtzumerken@...il.com, linaro-mm-sig@...ts.linaro.org, 
	linux-mediatek@...ts.infradead.org, tjmercier@...gle.com, 
	linux-arm-kernel@...ts.infradead.org, 
	AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>, kuohong.wang@...iatek.com, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap

Any feedback from maintainers on what their preference is?  I'm fine
with 'restricted' as well, but the main reason we chose secure was
because of its use in ARM nomenclature and this is more for ARM usage
than x86.

The main difference with similar buffers on AMD/Intel is that with
AMD/Intel the buffers are mappable and readable by the CPU in the
kernel. The problem is their contents are encrypted so you get junk
back if you do that. On ARM, the buffers are completely inaccessible
by the kernel and the memory controller prevents access to them
completely from the kernel.

There are also other use cases for this where the hypervisor is what
is controlling access (second stage in the MMU is providing
isolation)....and in that case I do agree that 'secure' would not be
the right terminology for those types of buffers.   So I do agree
something other than 'secure' is probably a better option overall.


On Fri, Dec 22, 2023 at 1:40 AM Simon Ser <contact@...rsion.fr> wrote:
>
> On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen <ppaalanen@...il.com> wrote:
>
> > > > It is protected/shielded/fortified from all the kernel and userspace,
> > > > but a more familiar word to describe that is inaccessible.
> > > > "Inaccessible buffer" per se OTOH sounds like a useless concept.
> > > >
> > > > It is not secure, because it does not involve security in any way. In
> > > > fact, given it's so fragile, I'd classify it as mildly opposite of
> > > > secure, as e.g. clients of a Wayland compositor can potentially DoS the
> > > > compositor with it by simply sending such a dmabuf. Or DoS the whole
> > > > system.
> > >
> > > I hear what you are saying and DoS is a known problem and attack vector,
> > > but regardless, we have use cases where we don't want to expose
> > > information in the clear and where we also would like to have some
> > > guarantees about correctness. That is where various secure elements and
> > > more generally security is needed.
> > >
> > > So, it sounds like we have two things here, the first is the naming and
> > > the meaning behind it. I'm pretty sure the people following and
> > > contributing to this thread can agree on a name that makes sense. Would
> > > you personally be OK with "restricted" as the name? It sounds like that.
> >
> > I would. I'm also just a by-stander, not a maintainer of kernel
> > anything. I have no power to accept nor reject anything here.
>
> I'd also personally be OK with "restricted", I think it's a lot better
> than "secure".
>
> In general I agree with everything Pekka said.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ