[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio-dev] Re: [RFC PATCH v6] virtio-video: Add virtio video device specification
Hi Alexandre, On 21.04.23 06:02, Alexandre Courbot wrote:
* I am still not convinced that V4L2 is lacking from a security perspective. It would take just one valid example to change my mind (and no, the way the queues are named is not valid). And btw, if it really introduces security issues, then this makes it invalid for inclusion in virtio entirely, just not OpSy's hypervisor.
I'd like to start with this and then answer everything else later. Let's compare VIRTIO_VIDEO_CMD_RESOURCE_QUEUE with VIDIOC_QBUF+VIDIOC_DQBUF. Including the parameters, of course. First, let's compare the word count to get a very rough estimate of complexity. I counted 585 words for VIRTIO_VIDEO_CMD_RESOURCE_QUEUE, including the parameters. VIDIOC_QBUF+VIDIOC_DQBUF are defined together and take 1206 words, they both use struct v4l2_buffer as a parameter. The struct takes 2716 words to be described. So the whole thing takes 3922 words. This is 6.7 times more, than VIRTIO_VIDEO_CMD_RESOURCE_QUEUE. If we check the definitions of the structs, it is also very obvious, that V4L2 UAPI is almost like an order of magnitude more complex. Also please read: https://medium.com/starting-up-security/evidence-of-absence-8148958da092 https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html Kind regards, Alexander Gordeev -- Alexander Gordeev Senior Software Engineer OpenSynergy GmbH Rotherstr. 20, 10245 Berlin Phone: +49 30 60 98 54 0 - 88 Fax: +49 (30) 60 98 54 0 - 99 EMail: alexander.gordeev@opensynergy.com www.opensynergy.com Handelsregister/Commercial Registry: Amtsgericht Charlottenburg, HRB 108616B GeschÃftsfÃhrer/Managing Director: RÃgis Adjamah Please mind our privacy notice<https://www.opensynergy.com/datenschutzerklaerung/privacy-notice-for-business-partners-pursuant-to-article-13-of-the-general-data-protection-regulation-gdpr/> pursuant to Art. 13 GDPR. // Unsere Hinweise zum Datenschutz gem. Art. 13 DSGVO finden Sie hier.<https://www.opensynergy.com/de/datenschutzerklaerung/datenschutzhinweise-fuer-geschaeftspartner-gem-art-13-dsgvo/>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]