Secure Sharing of NvSciBufObj

NvSciBuf supports secure sharing on x86 with the aid of nvsci_mm and nvsciipc KMD (Kernel Mode Drivers). NvSciBuf will fall back to non-secure sharing of buffers if any of the two KMDs are not installed.

nvsci_mm KMD

Nvsci_mm facilitates secure sharing of NvSciBufObj by mutually authenticating the import using NvSciIpcEndpoint as identifier. Without nvsciipc KMD, nvsci_mm cannot perform mutual authentication of the importer process and will fall back to no authentication.

nvsci_mm has three configurable settings that can be adjusted during installation of KMD.

  1. Maximum pending exports: During installation of nvsci_mm KMD, you can set an upper limit of the number of pending NvSciBufObj exports. Any export request above the maximum configured limit will fail.

    This setting protects against a malicious process trying to export a NvSciBufObj multiple times, overwhelming the nvsci_mm KMD, and affecting all kernel system resources.

  2. User group authorization: During installation of nvsci_mm KMD, you can restrict access to nvsci_mm device node /dev/nvsci_mm to certain Linux users within the allowed Linux user group. Applications run by Linux users that are part of the allowed Linux user group can import and export buffers. Applications run by the Linux users that are not part of the allowed Linux user group will fail to import or export buffers.

  3. Mutual authentication of importer: This feature is active if nvsciipc KMD is installed. During export, nvsci_mm stores the authentication data of the NvSciIpcEndpoint, which is paired to the exporter's NvSciIpcEndpoint. During import, nvsci_mm verifies authentication, and then importing of buffers is allowed. This ensures that the buffer can be imported by the NvSciIpcEndpoint to which the exporter intended to export.