lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024062849-brunt-humvee-d338@gregkh>
Date: Fri, 28 Jun 2024 16:21:32 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Ekansh Gupta <quic_ekangupt@...cinc.com>
Cc: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>,
	srinivas.kandagatla@...aro.org, linux-arm-msm@...r.kernel.org,
	quic_bkumar@...cinc.com, linux-kernel@...r.kernel.org,
	quic_chennak@...cinc.com, dri-devel@...ts.freedesktop.org,
	arnd@...db.de, stable <stable@...nel.org>
Subject: Re: [PATCH v2] misc: fastrpc: Remove user PD initmem size check

On Fri, Jun 28, 2024 at 04:12:10PM +0530, Ekansh Gupta wrote:
> 
> 
> On 6/28/2024 3:59 PM, Ekansh Gupta wrote:
> >
> > On 6/27/2024 4:43 PM, Dmitry Baryshkov wrote:
> >> On Thu, Jun 27, 2024 at 11:35:18AM GMT, Ekansh Gupta wrote:
> >>> For user PD initialization, initmem is allocated and sent to DSP for
> >>> initial memory requirements like shell loading. This size is passed
> >>> by user space and is checked against a max size. For unsigned PD
> >>> offloading, more than 2MB size could be passed by user which would
> >>> result in PD initialization failure. Remove the user PD initmem size
> >>> check and allow buffer allocation for user passed size. Any additional
> >>> memory sent to DSP during PD init is used as the PD heap.
> >> Would it allow malicious userspace to allocate big enough buffers and
> >> reduce the amount of memory available to the system? To other DSP
> >> programs?
> > The allocation here is happening from SMMU context bank which is uniquely assigned
> > to processes going to DSP. As per my understanding process can allocate maximum
> > 4GB of memory from the context bank and the memory availability will be taken care
> > by kernel memory management. Please correct me if my understanding is incorrect.
> Just wanted to add 1 question here:
> User space can also directly allocate memory. Wouldn't that be a problem if any malicious userspace
> allocated huge memory?

No, because any userspace program that takes up too much memory will be
killed by the kernel.

You can not have userspace tell the kernel to allocate 100Gb of memory,
as then the kernel is the one that just took it all up, and then
userspace applications will start to be killed off.

You MUST bounds check your userspace-supplied memory requests.  Remember
the 4 words of kernel development:

	All input is evil.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ