lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 6 Mar 2019 05:20:56 +0000
From:   Rui Zhao <ruizhao@...rosoft.com>
To:     James Morse <james.morse@....com>
CC:     Sasha Levin <sashal@...nel.org>, "bp@...en8.de" <bp@...en8.de>,
        "mchehab@...nel.org" <mchehab@...nel.org>,
        "linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Linux Kernel <linux-kernel@...rosoft.com>,
        "will.deacon@....com" <will.deacon@....com>,
        "okaya@...nel.org" <okaya@...nel.org>
Subject: RE: [PATCH] EDAC, dmc520:: add DMC520 EDAC driver

Hi James,

> On Tuesday, February 5, 2019 9:31 AM, James Morse wrote:

>> We have firmware to config the memory controller and want to have an EDAC driver to report ECC status.

>> Could you please elaborate a bit on the security concern on this 
>> approach? Like some malicious app/driver can access memory controller registers can cause issue?

> I'm remembering this:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Flinux-arm-kernel%2F9b9c4cd5-4428-c08d-d4a3-7352c6c80583%40arm.com%2F&amp;data=02%7C01%7Cruizhao%40microsoft.com%7C02f5b12bbf01452f9d1208d68b8fc748%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636849846981772601&amp;sdata=DhwIPDGAucHiVN%2Byfa10yHDZz5zZwi5OlyrKHE4KUNQ%3D&amp;reserved=0

> Robin Murphy wrote:
> | [ For anyone interested, it puts the DRAM controller into sleep mode.
> | The kernel can't even panic if all the memory suddenly disappears :D ]

> This would be a problem if you need your Secure-world software needs to keep working, and depends on the memory behind this controller.

> It might be that your secure-world software only uses some other memory, in which case this wouldn't matter.
> It may be linux _is_ your secure-world software, in which case it wouldn't matter either.

We had internal discussion with our security team and in our product we do trust Linux. I'll send an updated patch to move platform specific settings like interrupt config to DT and include DT bindings doc for this driver.

Thanks,
Rui

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ