>> There were plans to make mlock() available to normal users for
>> cryptographic purposes. There would be a quota to protect the
>> machine. If a user (or group of users) can get 1/32 of the pages
>> below 16 MB, then the system can not allocate 128 kB for DMA.
>
> As I recall, the limit was going to be 1 page per process.
Several pages per user, with the normal system limit.
> In any case, if I want to block DMA buffers, I'll just fork(2) and
> mlock(2) until I can't do it any more. Not having virt->phys
> translations isn't going to stop me.
You would be stopped before you grab enough low memory, because you
would end up with non-DMA memory and hit your limit.
>> In general, it is bad to leak information.
>
> There is information leaking going on all over the place. There's
> little we can do about that. Furthermore, we need to distinguish
> between levels of sensitivity of information. I think there's very
> little you can do with virt->phys translations.
Since there may be worse leaks, we should give up?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html