|
From: | Akihiko Odaki |
Subject: | Re: [PATCH v13 6/9] gfxstream + rutabaga: add initial support for gfxstream |
Date: | Fri, 22 Sep 2023 16:54:51 +0900 |
User-agent: | Mozilla Thunderbird |
On 2023/09/22 16:42, Alyssa Ross wrote:
Akihiko Odaki <akihiko.odaki@gmail.com> writes:Practically there is very low chance to hit the bug. I think only fuzzers and malicious actors will trigger it, and probably no one will dare using virtio-gpu-rutabaga or virtio-gpu-gl in a security-sensitive context.Well, this is exactly what Chrome OS does, albiet with crosvm rather than QEMU, right?
I think so, but QEMU's virtio-gpu-rutabaga and virtio-gpu-gl should be very different from crosvm in terms that it does not isolate the graphics stack into a separate process while I believe crosvm does so. Having the entire graphics stack in a VMM is a security nightmare; it means giving a complex shader compiler the highest privilege. We need to use vhost-user-gpu instead for process isolation.
Since we already have such a serious security hazard, I don't think we have to care much about security. But security approximately equals to reliability, which matters for virtio-gpu-rutabaga and virtio-gpu-gl too, so it's still nice to get the bug fixed.
[Prev in Thread] | Current Thread | [Next in Thread] |