On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen ppaalanen@gmail.com wrote:
It is protected/shielded/fortified from all the kernel and userspace, but a more familiar word to describe that is inaccessible. "Inaccessible buffer" per se OTOH sounds like a useless concept.
It is not secure, because it does not involve security in any way. In fact, given it's so fragile, I'd classify it as mildly opposite of secure, as e.g. clients of a Wayland compositor can potentially DoS the compositor with it by simply sending such a dmabuf. Or DoS the whole system.
I hear what you are saying and DoS is a known problem and attack vector, but regardless, we have use cases where we don't want to expose information in the clear and where we also would like to have some guarantees about correctness. That is where various secure elements and more generally security is needed.
So, it sounds like we have two things here, the first is the naming and the meaning behind it. I'm pretty sure the people following and contributing to this thread can agree on a name that makes sense. Would you personally be OK with "restricted" as the name? It sounds like that.
I would. I'm also just a by-stander, not a maintainer of kernel anything. I have no power to accept nor reject anything here.
I'd also personally be OK with "restricted", I think it's a lot better than "secure".
In general I agree with everything Pekka said.