On Tue, May 29, 2018 at 12:48 PM, Gerd Hoffmann kraxel@redhat.com wrote:
Hi,
qemu test branch: https://git.kraxel.org/cgit/qemu/log/?h=sirius/udmabuf
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- if (!shmem_mapping(file_inode(ubuf->filp)->i_mapping))
goto err_free_ubuf;Can/should we test here that the memfd has a locked down size here?
Makes sense. Suggested way to check that? unstatic memfd_get_seals() function (mm/shmem.c)? Or is there some better way?
Also which seals should we require? Is F_SEAL_SHRINK enough?
Yes I think that's enough.
Hm ... I think we also need to prevent the F_SEAL_WRITE, because there's no way to stop dma from tampering with the buffer once it's a dma-buf. Otherwise evil userspace could create a memfd, F_SEAL_SHRINK it, make a dma-buf out of it, F_SEAL_WRITE it, hand it to some unsuspecting priviledged service and then pull it over the table with a few dma-buf writes.
On that: Link to userspace patches/git tree using this would be nice.
See above.
Ow, I was blind :-)
Thanks, Daniel