SMAF v10 Secure Memory Allocation Published, Too Late For Linux 4.9
Written by Michael Larabel in Linux Kernel on 4 October 2016 at 08:57 AM EDT. Add A Comment
LINUX KERNEL --
Version 10 of the Secure Memory Allocation Framework (SMAF) is now available as a large patch-set by Linaro for addressing secure-related memory allocation on Linux.

With earlier versions of the SMAF patches some were concerned over this approach for allowing protected video playback and what feels like Digital Rights Management. The SMAF v10 patches clarify some of the use-cases:
One example of SMAF usage is camera preview: on SoC you may use either an USB webcam or the built-in camera interface and the frames could be send directly to the dipslay Ip or handle by GPU. Most of USB interfaces and GPU have mmu but almost all built-in camera interace and display Ips don't have mmu so when selecting how allocate buffer you need to be aware of each devices constraints (contiguous memory, stride, boundary, alignment ...). ION has solve this problem by let userland decide which allocator (heap) to use but this require to adapt userland for each platform and sometime for each use case.
...
In the same camera preview use case, SMAF allow to protect the data from being read by unauthorized IPs (i.e. a malware to dump camera stream). Until now I have only see access rights protection at process/thread level (PKeys/MPK) or on file (SELinux) but nothing allow to drive data bus firewalls. SMAF propose an interface to control and implement those firewalls. Like IOMMU, firewalls IPs can help to protect memory from malicious/faulty devices that are attempting DMA attacks.

With the tenth version of these SMAF patches, they've now been re-based to Linux 4.8 and has a minor typo fix. However, as the Linux 4.9 merge window is already going on, it's looking like this work won't land until at least Linux 4.10. The V10 patches can be seen on the kernel mailing list.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Kernel News
Popular News