On 03/13/2017 02:29 PM, Rob Clark wrote:
On Mon, Mar 13, 2017 at 5:09 PM, Laura Abbott labbott@redhat.com wrote:
Hm, we might want to expose all the heaps as individual /dev/ion_$heapname nodes? Should we do this from the start, since we're massively revamping the uapi anyway (imo not needed, current state seems to work too)? -Daniel
I thought about that. One advantage with separate /dev/ion_$heap is that we don't have to worry about a limit of 32 possible heaps per system (32-bit heap id allocation field). But dealing with an ioctl seems easier than names. Userspace might be less likely to hardcode random id numbers vs. names as well.
other advantage, I think, is selinux (brought up elsewhere on this thread).. heaps at known fixed PAs are useful for certain sorts of attacks so being able to restrict access more easily seems like a good thing
BR, -R
Some other kind of filtering (BPF/LSM/???) might work as well (http://kernsec.org/files/lss2015/vanderstoep.pdf ?)
The fixed PA issue is a larger problem. We're never going to be able to get away from "this heap must exist at address X" problems but the location of CMA in general should be randomized. I haven't actually come up with a good proposal to this though.
I'd like for Ion to be a framework for memory allocation and not security exploits. Hopefully this isn't a pipe dream.
Thanks, Laura