Bug 74532 - Sanitize all freed GPU memory
Summary: Sanitize all freed GPU memory
Status: RESOLVED INVALID
Alias: None
Product: DRI
Classification: Unclassified
Component: General (show other bugs)
Version: unspecified
Hardware: All Linux (All)
: medium normal
Assignee: Default DRI bug account
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2014-02-04 19:21 UTC by Nikoli
Modified: 2019-10-14 13:20 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description Nikoli 2014-02-04 19:21:28 UTC
X11 applications are able to get and display in human readable form parts of closed applications, see:
https://github.com/mpv-player/mpv/issues/521

It means applications like skype can silently send much more data, then you expect, even when you run them as separate user.

Asked about this security problem in #gentoo-hardened, #radeon and #dri-devel, summarizing:

0) Currently GPU memory is not sanitized by kernel, nothing enforces and ensures its sanitizing.

1) https://grsecurity.net Linux kernel patches add ability to sanitize all freed memory, but they do not affect GPU memory:
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory

2) The only secure place to clean memory is kernel, because if application or X server crashes, memory will not be erased.

3) Some applications possibly will work slower, so better make sanitizing configurable by adding build and run time kernel options.

4) Most likely this problem affects opencl too.
Comment 1 Martin Peres 2019-10-14 13:20:16 UTC
Hi,

Freedesktop's Bugzilla instance is EOLed and open bugs are about to be migrated to http://gitlab.freedesktop.org.

To avoid migrating out of date bugs, I am now closing all the bugs that did not see any activity in the past year. If the issue is still happening, please create a new bug in the relevant project at https://gitlab.freedesktop.org/drm (use misc by default).

Sorry about the noise!


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.