From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@freedesktop.org
Subject: [Bug 74532] New: Sanitize all freed GPU memory
Date: Tue, 04 Feb 2014 19:21:28 +0000
Message-ID: <bug-74532-502@http.bugs.freedesktop.org/>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1187377744=="
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from culpepper.freedesktop.org (unknown [131.252.210.165])
	by gabe.freedesktop.org (Postfix) with ESMTP id 2437C106E2C
	for <dri-devel@lists.freedesktop.org>;
	Tue,  4 Feb 2014 11:21:28 -0800 (PST)
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Sender: dri-devel-bounces@lists.freedesktop.org
Errors-To: dri-devel-bounces@lists.freedesktop.org
To: dri-devel@lists.freedesktop.org
List-Id: dri-devel@lists.freedesktop.org


--===============1187377744==
Content-Type: multipart/alternative; boundary="1391541688.B8387A00.14873"; charset="us-ascii"


--1391541688.B8387A00.14873
Date: Tue, 4 Feb 2014 19:21:28 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"

https://bugs.freedesktop.org/show_bug.cgi?id=74532

          Priority: medium
            Bug ID: 74532
          Keywords: security
          Assignee: dri-devel@lists.freedesktop.org
           Summary: Sanitize all freed GPU memory
          Severity: normal
    Classification: Unclassified
                OS: Linux (All)
          Reporter: nikoli@gmx.us
          Hardware: All
            Status: NEW
           Version: unspecified
         Component: General
           Product: DRI

X11 applications are able to get and display in human readable form parts of
closed applications, see:
https://github.com/mpv-player/mpv/issues/521

It means applications like skype can silently send much more data, then you
expect, even when you run them as separate user.

Asked about this security problem in #gentoo-hardened, #radeon and #dri-devel,
summarizing:

0) Currently GPU memory is not sanitized by kernel, nothing enforces and
ensures its sanitizing.

1) https://grsecurity.net Linux kernel patches add ability to sanitize all
freed memory, but they do not affect GPU memory:
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory

2) The only secure place to clean memory is kernel, because if application or X
server crashes, memory will not be erased.

3) Some applications possibly will work slower, so better make sanitizing
configurable by adding build and run time kernel options.

4) Most likely this problem affects opencl too.

-- 
You are receiving this mail because:
You are the assignee for the bug.

--1391541688.B8387A00.14873
Date: Tue, 4 Feb 2014 19:21:28 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"

<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Sanitize all freed GPU memory"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=74532">74532</a>
          </td>
        </tr>

        <tr>
          <th>Keywords</th>
          <td>security
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dri-devel&#64;lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Sanitize all freed GPU memory
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>nikoli&#64;gmx.us
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>General
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>DRI
          </td>
        </tr></table>
      <p>
        <div>
        <pre>X11 applications are able to get and display in human readable form parts of
closed applications, see:
<a href="https://github.com/mpv-player/mpv/issues/521">https://github.com/mpv-player/mpv/issues/521</a>

It means applications like skype can silently send much more data, then you
expect, even when you run them as separate user.

Asked about this security problem in #gentoo-hardened, #radeon and #dri-devel,
summarizing:

0) Currently GPU memory is not sanitized by kernel, nothing enforces and
ensures its sanitizing.

1) <a href="https://grsecurity.net">https://grsecurity.net</a> Linux kernel patches add ability to sanitize all
freed memory, but they do not affect GPU memory:
<a href="https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory">https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory</a>

2) The only secure place to clean memory is kernel, because if application or X
server crashes, memory will not be erased.

3) Some applications possibly will work slower, so better make sanitizing
configurable by adding build and run time kernel options.

4) Most likely this problem affects opencl too.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>

--1391541688.B8387A00.14873--

--===============1187377744==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel

--===============1187377744==--