| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jun 2017 10:17:46 -0600
From: Jason Gunthorpe <jgunthorpe@...idianresearch.com>
To: Majd Dibbiny <majd@...lanox.com>
Cc: Doug Ledford <dledford@...hat.com>,
Saeed Mahameed <saeedm@....mellanox.co.il>,
Ilan Tayari <ilant@...lanox.com>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
"David S. Miller" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>,
"jsorensen@...com" <jsorensen@...com>,
Andy Shevchenko <andy.shevchenko@...il.com>,
"linux-fpga@...r.kernel.org" <linux-fpga@...r.kernel.org>,
Alan Tull <atull@...nsource.altera.com>,
"yi1.li@...ux.intel.com" <yi1.li@...ux.intel.com>,
Boris Pismenny <borisp@...lanox.com>
Subject: Re: [for-next 4/6] net/mlx5: FPGA, Add basic support for Innova
On Sat, Jun 10, 2017 at 02:11:13PM +0000, Majd Dibbiny wrote:
> >> This is especially true for mlx nics as there are many raw packet
> >> bypass mechanisms available to userspace.
> All of the Raw packet bypass mechanisms are restricted to
> CAP_NET_RAW, and thus malicious users can't simply open a RAW Packet
> QP and send it to the FPGA..
It is big expansion of CAP_NET_RAW to also basically also include
reconfiguring ipsec xfrm.
Plus, if someone configures ethernet bridging (eg in a VM situation)
then could a hacked VM reconfigure this FPGA?
Jason
Powered by blists - more mailing lists