lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Jun 2021 08:08:39 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Haakon Bugge <haakon.bugge@...cle.com>
Cc:     Anand Khoje <anand.a.khoje@...cle.com>,
        OFED mailing list <linux-rdma@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "dledford@...hat.com" <dledford@...hat.com>,
        "jgg@...pe.ca" <jgg@...pe.ca>
Subject: Re: [PATCH v3 3/3] IB/core: Obtain subnet_prefix from cache in IB
 devices.

On Mon, Jun 14, 2021 at 04:29:09PM +0000, Haakon Bugge wrote:
> 
> 
> > On 14 Jun 2021, at 09:25, Leon Romanovsky <leon@...nel.org> wrote:
> > 
> > On Mon, Jun 14, 2021 at 03:32:39AM +0000, Haakon Bugge wrote:
> >> 
> >> 
> >>> On 9 Jun 2021, at 12:40, Leon Romanovsky <leon@...nel.org> wrote:
> >>> 
> >>> On Wed, Jun 09, 2021 at 09:26:03AM +0000, Anand Khoje wrote:
> >>>> Hi Leon,
> >>> 
> >>> Please don't do top-posting.
> >>> 
> >>> 
> >>>> 
> >>>> The set_bit()/clear_bit() and enum ib_port_data_flags  has been added as a device that can be used for future enhancements. 
> >>>> Also, usage of set_bit()/clear_bit() ensures the operations on this bit is atomic.
> >>> 
> >>> The bitfield variables are better suit this use case.
> >>> Let's don't overcomplicate code without the reason.
> >> 
> >> The problem is always that people tend to build on what's in there. For example, look at the bitfields in rdma_id_private, tos_set,  timeout_set, and min_rnr_timer_set.
> >> 
> >> What do you think will happen when, let's say, rdma_set_service_type() and rdma_set_ack_timeout() are called in close proximity in time? There is no locking, and the RMW will fail intermittently.
> > 
> > We are talking about device initialization flow that shouldn't be
> > performed in parallel to another initialization of same device, so the
> > comparison to rdma-cm is not valid here.
> 
> I can agree to that. And it is probably not worthwhile to fix the bit-fields in rdma_id_private?

Before this article [1], I would say no, we don't need to fix.
Now, I'm not sure about that.

"He also notes that even though the design flaws are difficult to exploit
 on their own, they can be combined with the other flaws found to make for
 a much more serious problem."

and 

"In other words, people did notice this vulnerability and a defense was standardized,
 but in practice the defense was never adopted. This is a good example that security
 defenses must be adopted before attacks become practical."

Thanks

[1] https://lwn.net/Articles/856044/ - Holes in WiFi

> 
> 
> Thxs, HÃ¥kon
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ