Safety of opening up /dev/dma_heap/* to physically present users (udev uaccess tag) ?
Nicolas Dufresne
nicolas.dufresne at collabora.com
Tue May 14 20:52:40 UTC 2024
Hi,
Le mardi 14 mai 2024 à 23:45 +0300, Laurent Pinchart a écrit :
> > And finally, none of this fixes the issue that the heap allocation are not being
> > accounted properly and allow of an easy memory DoS. So uaccess should be granted
> > with care, meaning that defaulting a "desktop" library to that, means it will
> > most of the time not work at all.
>
> I think that issue should be fixed, regardless of whether or not we end
> up using dma heaps for libcamera. If we do use them, maybe there will be
> a higher incentive for somebody involved in this conversation to tackle
> that problem first :-) And maybe, as a result, the rest of the Linux
> community will consider with a more open mind usage of dma heaps on
> desktop systems.
The strict reality is that if libcamera offer no alternatives, some OS will
enable it and reduce their security. I totally agree this issue needs to be
fixed regardless of libcamera, or even dma heaps. DMABuf allocation should be
accounted and limited to quotas whether it comes from a GPU, Display, V4L2 or
other type of supported devices. I would also not recommend dropping your heap
support (or preventing it from being merged) in libcamera.
Nicolas
More information about the dri-devel
mailing list