lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Jul 2020 16:28:12 -0500
From:   Bjorn Helgaas <helgaas@...nel.org>
To:     Giovanni Cabiddu <giovanni.cabiddu@...el.com>
Cc:     alex.williamson@...hat.com, herbert@...dor.apana.org.au,
        cohuck@...hat.com, nhorman@...hat.com, vdronov@...hat.com,
        bhelgaas@...gle.com, mark.a.chambers@...el.com,
        gordon.mcfadden@...el.com, ahsan.atta@...el.com,
        qat-linux@...el.com, kvm@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-pci@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/5] vfio/pci: add qat devices to blocklist

On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:
> The current generation of Intel® QuickAssist Technology devices
> are not designed to run in an untrusted environment because of the
> following issues reported in the release notes in
> https://01.org/intel-quickassist-technology:

It would be nice if this link were directly clickable, e.g., if there
were no trailing ":" or something.

And it would be even better if it went to a specific doc that
described these issues.  I assume these are errata, and it's not easy
to figure out which doc mentions them.

> QATE-39220 - GEN - Intel® QAT API submissions with bad addresses that
>              trigger DMA to invalid or unmapped addresses can cause a
>              platform hang
> QATE-7495  - GEN - An incorrectly formatted request to Intel® QAT can
>              hang the entire Intel® QAT Endpoint
> 
> This patch adds the following QAT devices to the blocklist: DH895XCC,
> C3XXX and C62X.
> 
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@...el.com>
> ---
>  drivers/vfio/pci/vfio_pci.c | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index ea5904ca6cbf..dcac5408c764 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -75,6 +75,21 @@ static inline bool vfio_vga_disabled(void)
>  
>  static bool vfio_pci_dev_in_blocklist(struct pci_dev *pdev)
>  {
> +	switch (pdev->vendor) {
> +	case PCI_VENDOR_ID_INTEL:
> +		switch (pdev->device) {
> +		case PCI_DEVICE_ID_INTEL_QAT_C3XXX:
> +		case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF:
> +		case PCI_DEVICE_ID_INTEL_QAT_C62X:
> +		case PCI_DEVICE_ID_INTEL_QAT_C62X_VF:
> +		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC:
> +		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF:
> +			return true;
> +		default:
> +			return false;
> +		}
> +	}
> +
>  	return false;
>  }
>  
> -- 
> 2.26.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ