Alex Granovsky
gran@classic.chem.msu.su
>P.S. Working on the Linux port of our MP4/CUDA code initially
>developed a year ago for Windows version, we unexpectedly found
>that (unlike Windowd CUDA implementation), cudaHostAlloc/cuMemHostAlloc
>CUDA API calls return non-initialized pinned memory.
>Depending on how exactly this pinned memory is allocated by CUDA
>runtime/CUDA driver, this may be the serious system-wide security
>hole potentially allowing one to examine regions of memory previously
>used by other programs and Linux kernel itself. We are now in contact
>with NVidia trying to clarify as much details on this problem as
>possible. Meanwhile, we'd recommend everybody to stop running CUDA
>drivers on any multiuser Linux system.
After some more tests, we can confirm this is indeed the
very serious security hole. E.g, we were able to examine contents
of pages evicted from Linux file cache using this hole.
For reference purposes, here is the info on CUDA driver version: devdriver_3.2_linux_64_260.19.26.run and Linux version: OpenSuSE 11.3 x64, uname -a: Linux phen 2.6.34-12-desktop #1 SMP PREEMPT 2010-06-29 02:39:08 +0200 x86_64 x86_64 x86_64 GNU/Linux
Regards,
Alex Granovsky
[ This message was edited on Thu Jan 6 '11 at 5:02pm by the author ]