lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 16 Mar 2021 15:41:29 +0000
From:   Russell King - ARM Linux admin <linux@...linux.org.uk>
To:     Stefan Chulski <stefanc@...vell.com>
Cc:     Andrew Lunn <andrew@...n.ch>, "kuba@...nel.org" <kuba@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "thomas.petazzoni@...tlin.com" <thomas.petazzoni@...tlin.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        Nadav Haklai <nadavh@...vell.com>,
        Yan Markman <ymarkman@...vell.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "mw@...ihalf.com" <mw@...ihalf.com>,
        "atenart@...nel.org" <atenart@...nel.org>,
        "rabeeh@...id-run.com" <rabeeh@...id-run.com>
Subject: Re: [EXT] Re: [V2 net-next] net: mvpp2: Add reserved port private
 flag configuration

On Tue, Mar 16, 2021 at 03:28:51PM +0000, Stefan Chulski wrote:
> No XDP doesn't require this. One of the use cases of the port reservation feature is the Marvell User Space SDK (MUSDK) which its latest code is publicly available here:
> https://github.com/MarvellEmbeddedProcessors/musdk-marvell
> You can find example use case for this application here:
> http://wiki.macchiatobin.net/tiki-index.php?page=MUSDK+Introduction

I really, really hope that someone has thought this through:

  Packet Processor I/O Interface (PPIO)

   The MUSDK PPIO driver provides low-level network interface API for
   User-Space network drivers/applications. The PPIO infrastrcuture maps
   Marvell's Packet Processor (PPv2) configuration space and I/O descriptors
   space directly to user-space memory. This allows user-space
   driver/application to directly process the packet processor I/O rings from
   user space, without any overhead of a copy operation.

I realy, really hope that you are not exposing the I/O descriptors to
userspace, allowing userspace to manipulate the physical addresses in
those descriptors, and that userspace is not dealing with physical
addresses.

If userspace has access to the I/O descriptors with physical addresses,
or userspace is dealing with physical addresses, then you can say
good bye to any kind of security on the platform. Essentially, in such
a scenario, the entire system memory becomes accessible to userspace,
which includes the kernel.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ