lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 10 Jul 2020 17:22:44 +0100
From:   Giovanni Cabiddu <giovanni.cabiddu@...el.com>
To:     Alex Williamson <alex.williamson@...hat.com>
Cc:     Bjorn Helgaas <helgaas@...nel.org>, herbert@...dor.apana.org.au,
        cohuck@...hat.com, nhorman@...hat.com, vdronov@...hat.com,
        bhelgaas@...gle.com, mark.a.chambers@...el.com,
        gordon.mcfadden@...el.com, ahsan.atta@...el.com,
        qat-linux@...el.com, kvm@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-pci@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/5] vfio/pci: add qat devices to blocklist

On Fri, Jul 10, 2020 at 10:10:34AM -0600, Alex Williamson wrote:
> On Fri, 10 Jul 2020 10:44:33 -0500
> Bjorn Helgaas <helgaas@...nel.org> wrote:
> 
> > On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote:
> > > On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote:  
> > > > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote:  
> > > > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:  
> > > > > > The current generation of Intel® QuickAssist Technology devices
> > > > > > are not designed to run in an untrusted environment because of the
> > > > > > following issues reported in the release notes in
> > > > > > https://01.org/intel-quickassist-technology:  
> > > > > 
> > > > > It would be nice if this link were directly clickable, e.g., if there
> > > > > were no trailing ":" or something.
> > > > > 
> > > > > And it would be even better if it went to a specific doc that
> > > > > described these issues.  I assume these are errata, and it's not easy
> > > > > to figure out which doc mentions them.  
> > > > Sure. I will fix the commit message in the next revision and point to the
> > > > actual document:
> > > > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf  
> > > 
> > > Since URLs tend to go stale, please also include the Intel document
> > > number and title.  
> > 
> > Oh, and is "01.org" really the right place for that?  It looks like an
> > Intel document, so I'd expect it to be somewhere on intel.com.
> > 
> > I'm still a little confused.  That doc seems to be about *software*
> > and Linux software in particular.  But when you said these "devices
> > are not designed to run in an untrusted environment", I thought you
> > meant there was some *hardware* design issue that caused a problem.
Yes, the problem is in hardware.

> There seems to be a fair bit of hardware errata in the doc too, see:
> 
> 3.1.2 QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can
> hang the entire Intel® QAT Endpoint
> 
> 3.1.9 QATE-39220 - GEN - QAT API submissions with bad addresses that
> trigger DMA to invalid or unmapped addresses can cause a platform
> hang
> 
> 3.1.17 QATE-52389 - SR-IOV -Huge pages may not be compatible with QAT
> VF usage
> 
> 3.1.19 QATE-60953 - GEN – Intel® QAT API submissions with bad addresses
> that trigger DMA to invalid or unmapped addresses can impact QAT
> service availability
Correct, that document contains errata for both the QAT HW and the
current software.

Regards,

-- 
Giovanni

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ