Skip to content

radeonsi,radv/amdgpu: Wipe VRAM on release.

Bas Nieuwenhuizen requested to merge bnieuwenhuizen/mesa:wipe-on-release into main

Security matters. Browers, desktop login managers, password managers, chat apps etc. use graphics too, and users totally have an expectation of privacy (and non-leakage of secrets for security) there.

This is also required by the Vulkan spec (1.3.256 section 3.7)

In particular, any guarantees made by an operating system about whether memory from one process can be visible to another process or not must not be violated by a Vulkan implementation for any memory allocation. Vulkan implementations are not required to make additional security or integrity guarantees beyond those provided by the OS unless explicitly directed by the application’s use of a particular feature or extension.

So unconditionally tell the kernel to not leak our secrets (can't do this in userspace as it also needs to happen when the kernel moves memory around.)

Edited by Bas Nieuwenhuizen

Merge request reports

Loading