From: Simon Ser <contact@emersion.fr>
To: Pekka Paalanen <ppaalanen@gmail.com>
Cc: Joakim Bech <joakim.bech@linaro.org>,
Yong Wu <yong.wu@mediatek.com>, Rob Herring <robh+dt@kernel.org>,
Sumit Semwal <sumit.semwal@linaro.org>,
christian.koenig@amd.com,
Matthias Brugger <matthias.bgg@gmail.com>,
dri-devel@lists.freedesktop.org, John Stultz <jstultz@google.com>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Nicolas Dufresne <nicolas@ndufresne.ca>,
jianjiao.zeng@mediatek.com, linux-media@vger.kernel.org,
devicetree@vger.kernel.org, Conor Dooley <conor+dt@kernel.org>,
ckoenig.leichtzumerken@gmail.com, linaro-mm-sig@lists.linaro.org,
linux-mediatek@lists.infradead.org, tjmercier@google.com,
linux-arm-kernel@lists.infradead.org,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
kuohong.wang@mediatek.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap
Date: Fri, 22 Dec 2023 09:40:18 +0000 [thread overview]
Message-ID: <9m8eC1j8YSwxu9Mr8vCXyzF0nfyCSHpFbfc__FtUjjKppew65jElBbUqa-nkzFTN-N_ME893w0YQRcb3r3UbIajQUP-Y5LxnHKKFoiBepSI=@emersion.fr> (raw)
In-Reply-To: <20231213161614.43e5bca8@eldfell>
On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen <ppaalanen@gmail.com> wrote:
> > > It is protected/shielded/fortified from all the kernel and userspace,
> > > but a more familiar word to describe that is inaccessible.
> > > "Inaccessible buffer" per se OTOH sounds like a useless concept.
> > >
> > > It is not secure, because it does not involve security in any way. In
> > > fact, given it's so fragile, I'd classify it as mildly opposite of
> > > secure, as e.g. clients of a Wayland compositor can potentially DoS the
> > > compositor with it by simply sending such a dmabuf. Or DoS the whole
> > > system.
> >
> > I hear what you are saying and DoS is a known problem and attack vector,
> > but regardless, we have use cases where we don't want to expose
> > information in the clear and where we also would like to have some
> > guarantees about correctness. That is where various secure elements and
> > more generally security is needed.
> >
> > So, it sounds like we have two things here, the first is the naming and
> > the meaning behind it. I'm pretty sure the people following and
> > contributing to this thread can agree on a name that makes sense. Would
> > you personally be OK with "restricted" as the name? It sounds like that.
>
> I would. I'm also just a by-stander, not a maintainer of kernel
> anything. I have no power to accept nor reject anything here.
I'd also personally be OK with "restricted", I think it's a lot better
than "secure".
In general I agree with everything Pekka said.
WARNING: multiple messages have this Message-ID (diff)
From: Simon Ser <contact@emersion.fr>
To: Pekka Paalanen <ppaalanen@gmail.com>
Cc: dri-devel@lists.freedesktop.org, John Stultz <jstultz@google.com>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Sumit Semwal <sumit.semwal@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Nicolas Dufresne <nicolas@ndufresne.ca>,
Yong Wu <yong.wu@mediatek.com>,
jianjiao.zeng@mediatek.com, linux-media@vger.kernel.org,
devicetree@vger.kernel.org, Conor Dooley <conor+dt@kernel.org>,
ckoenig.leichtzumerken@gmail.com, linaro-mm-sig@lists.linaro.org,
Rob Herring <robh+dt@kernel.org>,
linux-mediatek@lists.infradead.org,
Matthias Brugger <matthias.bgg@gmail.com>,
Joakim Bech <joakim.bech@linaro.org>,
tjmercier@google.com, linux-arm-kernel@lists.infradead.org,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
kuohong.wang@mediatek.com, linux-kernel@vger.kernel.org,
christian.koenig@amd.com
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap
Date: Fri, 22 Dec 2023 09:40:18 +0000 [thread overview]
Message-ID: <9m8eC1j8YSwxu9Mr8vCXyzF0nfyCSHpFbfc__FtUjjKppew65jElBbUqa-nkzFTN-N_ME893w0YQRcb3r3UbIajQUP-Y5LxnHKKFoiBepSI=@emersion.fr> (raw)
In-Reply-To: <20231213161614.43e5bca8@eldfell>
On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen <ppaalanen@gmail.com> wrote:
> > > It is protected/shielded/fortified from all the kernel and userspace,
> > > but a more familiar word to describe that is inaccessible.
> > > "Inaccessible buffer" per se OTOH sounds like a useless concept.
> > >
> > > It is not secure, because it does not involve security in any way. In
> > > fact, given it's so fragile, I'd classify it as mildly opposite of
> > > secure, as e.g. clients of a Wayland compositor can potentially DoS the
> > > compositor with it by simply sending such a dmabuf. Or DoS the whole
> > > system.
> >
> > I hear what you are saying and DoS is a known problem and attack vector,
> > but regardless, we have use cases where we don't want to expose
> > information in the clear and where we also would like to have some
> > guarantees about correctness. That is where various secure elements and
> > more generally security is needed.
> >
> > So, it sounds like we have two things here, the first is the naming and
> > the meaning behind it. I'm pretty sure the people following and
> > contributing to this thread can agree on a name that makes sense. Would
> > you personally be OK with "restricted" as the name? It sounds like that.
>
> I would. I'm also just a by-stander, not a maintainer of kernel
> anything. I have no power to accept nor reject anything here.
I'd also personally be OK with "restricted", I think it's a lot better
than "secure".
In general I agree with everything Pekka said.
WARNING: multiple messages have this Message-ID (diff)
From: Simon Ser <contact@emersion.fr>
To: Pekka Paalanen <ppaalanen@gmail.com>
Cc: Joakim Bech <joakim.bech@linaro.org>,
Yong Wu <yong.wu@mediatek.com>, Rob Herring <robh+dt@kernel.org>,
Sumit Semwal <sumit.semwal@linaro.org>,
christian.koenig@amd.com,
Matthias Brugger <matthias.bgg@gmail.com>,
dri-devel@lists.freedesktop.org, John Stultz <jstultz@google.com>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@linaro.org>,
Jeffrey Kardatzke <jkardatzke@google.com>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>,
Vijayanand Jitta <quic_vjitta@quicinc.com>,
Nicolas Dufresne <nicolas@ndufresne.ca>,
jianjiao.zeng@mediatek.com, linux-media@vger.kernel.org,
devicetree@vger.kernel.org, Conor Dooley <conor+dt@kernel.org>,
ckoenig.leichtzumerken@gmail.com, linaro-mm-sig@lists.linaro.org,
linux-mediatek@lists.infradead.org, tjmercier@google.com,
linux-arm-kernel@lists.infradead.org,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
kuohong.wang@mediatek.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap
Date: Fri, 22 Dec 2023 09:40:18 +0000 [thread overview]
Message-ID: <9m8eC1j8YSwxu9Mr8vCXyzF0nfyCSHpFbfc__FtUjjKppew65jElBbUqa-nkzFTN-N_ME893w0YQRcb3r3UbIajQUP-Y5LxnHKKFoiBepSI=@emersion.fr> (raw)
In-Reply-To: <20231213161614.43e5bca8@eldfell>
On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen <ppaalanen@gmail.com> wrote:
> > > It is protected/shielded/fortified from all the kernel and userspace,
> > > but a more familiar word to describe that is inaccessible.
> > > "Inaccessible buffer" per se OTOH sounds like a useless concept.
> > >
> > > It is not secure, because it does not involve security in any way. In
> > > fact, given it's so fragile, I'd classify it as mildly opposite of
> > > secure, as e.g. clients of a Wayland compositor can potentially DoS the
> > > compositor with it by simply sending such a dmabuf. Or DoS the whole
> > > system.
> >
> > I hear what you are saying and DoS is a known problem and attack vector,
> > but regardless, we have use cases where we don't want to expose
> > information in the clear and where we also would like to have some
> > guarantees about correctness. That is where various secure elements and
> > more generally security is needed.
> >
> > So, it sounds like we have two things here, the first is the naming and
> > the meaning behind it. I'm pretty sure the people following and
> > contributing to this thread can agree on a name that makes sense. Would
> > you personally be OK with "restricted" as the name? It sounds like that.
>
> I would. I'm also just a by-stander, not a maintainer of kernel
> anything. I have no power to accept nor reject anything here.
I'd also personally be OK with "restricted", I think it's a lot better
than "secure".
In general I agree with everything Pekka said.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-12-22 9:40 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-12 2:46 [PATCH v3 0/7] dma-buf: heaps: Add secure heap Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 1/7] dt-bindings: reserved-memory: Add mediatek,dynamic-secure-region Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 1/7] dt-bindings: reserved-memory: Add mediatek, dynamic-secure-region Yong Wu
2023-12-12 2:46 ` [PATCH v3 2/7] dma-buf: heaps: Initialize a secure heap Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 3/7] dma-buf: heaps: secure_heap: Add private heap ops Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 4/7] dma-buf: heaps: secure_heap: Add dma_ops Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 5/7] dma-buf: heaps: secure_heap: Add MediaTek secure heap and heap_init Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 6/7] dma-buf: heaps: secure_heap_mtk: Add tee memory service call Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` [PATCH v3 7/7] dma_buf: heaps: secure_heap_mtk: Add a new CMA heap Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 2:46 ` Yong Wu
2023-12-12 16:36 ` [PATCH v3 0/7] dma-buf: heaps: Add secure heap Simon Ser
2023-12-12 16:36 ` Simon Ser
2023-12-12 16:36 ` Simon Ser
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 9:05 ` Pekka Paalanen
2023-12-13 10:15 ` Joakim Bech
2023-12-13 10:15 ` Joakim Bech
2023-12-13 10:15 ` Joakim Bech
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 11:38 ` Pekka Paalanen
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:22 ` Joakim Bech
2023-12-13 13:59 ` Christian König
2023-12-13 13:59 ` Christian König
2023-12-13 13:59 ` Christian König
2023-12-13 14:16 ` Pekka Paalanen
2023-12-13 14:16 ` Pekka Paalanen
2023-12-13 14:16 ` Pekka Paalanen
2023-12-22 9:40 ` Simon Ser [this message]
2023-12-22 9:40 ` Simon Ser
2023-12-22 9:40 ` Simon Ser
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-04 19:50 ` Jeffrey Kardatzke
2024-01-05 9:35 ` Christian König
2024-01-05 9:35 ` Christian König
2024-01-05 9:35 ` Christian König
2024-01-09 3:07 ` Yong Wu (吴勇)
2024-01-09 3:07 ` Yong Wu (吴勇)
2024-01-09 3:07 ` Yong Wu (吴勇)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='9m8eC1j8YSwxu9Mr8vCXyzF0nfyCSHpFbfc__FtUjjKppew65jElBbUqa-nkzFTN-N_ME893w0YQRcb3r3UbIajQUP-Y5LxnHKKFoiBepSI=@emersion.fr' \
--to=contact@emersion.fr \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=christian.koenig@amd.com \
--cc=ckoenig.leichtzumerken@gmail.com \
--cc=conor+dt@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=jianjiao.zeng@mediatek.com \
--cc=jkardatzke@google.com \
--cc=joakim.bech@linaro.org \
--cc=jstultz@google.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=kuohong.wang@mediatek.com \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=nicolas@ndufresne.ca \
--cc=ppaalanen@gmail.com \
--cc=quic_vjitta@quicinc.com \
--cc=robh+dt@kernel.org \
--cc=sumit.semwal@linaro.org \
--cc=tjmercier@google.com \
--cc=yong.wu@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.