lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <f5f60ab0-52c6-e8f2-4654-bc52658c93b0@linux.vnet.ibm.com>
Date:   Tue, 16 May 2017 17:04:00 +0200
From:   Ursula Braun <ubraun@...ux.vnet.ibm.com>
To:     Leon Romanovsky <leon@...nel.org>, davem@...emloft.net
Cc:     netdev@...r.kernel.org, iinux-rdma@...r.kernel.org,
        Christoph Hellwig <hch@....de>
Subject: Re: [PATCH net v1] net/smc: Add warning about remote memory exposure

On 05/16/2017 08:51 AM, Leon Romanovsky wrote:
> From: Christoph Hellwig <hch@....de>
> 
> The driver explicitly bypasses APIs to register all memory once a
> connection is made, and thus allows remote access to memory.
> 
> Signed-off-by: Christoph Hellwig <hch@....de>
> Signed-off-by: Leon Romanovsky <leon@...nel.org>
> ---
> Dave,
> Can you please forward this patch to stable?
> Thanks
> ---
>  Changes from v0:
>   * Remove BROKEN Kconfig option as a followup of this discussion
>     https://patchwork.ozlabs.org/patch/760454/
>   * Refine commit message
> ---
>  net/smc/Kconfig | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/net/smc/Kconfig b/net/smc/Kconfig
> index c717ef0896aa..33954852f3f8 100644
> --- a/net/smc/Kconfig
> +++ b/net/smc/Kconfig
> @@ -8,6 +8,10 @@ config SMC
>  	  The Linux implementation of the SMC-R solution is designed as
>  	  a separate socket family SMC.
> 
> +	  Warning: SMC will expose all memory for remote reads and writes
> +	  once a connection is established.  Don't enable this option except
> +	  for tightly controlled lab environment.
> +
>  	  Select this option if you want to run SMC socket applications
> 
>  config SMC_DIAG
> --
> 2.12.2
> 

Acked-by: Ursula Braun <ubraun@...ux.vnet.ibm.com>

Powered by blists - more mailing lists