| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240711174531.GH1482543@nvidia.com> Date: Thu, 11 Jul 2024 14:45:31 -0300 From: Jason Gunthorpe <jgg@...dia.com> To: Jonathan Cameron <Jonathan.Cameron@...wei.com> Cc: Dan Williams <dan.j.williams@...el.com>, James Bottomley <James.Bottomley@...senpartnership.com>, ksummit@...ts.linux.dev, linux-cxl@...r.kernel.org, linux-rdma@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [MAINTAINERS SUMMIT] Device Passthrough Considered Harmful? On Thu, Jul 11, 2024 at 06:01:00PM +0100, Jonathan Cameron wrote: > Control plane for the nasty stuff should all be in control > of one entity in the system - termed a fabric manager. > > > > > Sounds sketchy to me :) > > Yes. The model is with the intent that this is only exposed by > hardware to a BMC / Fabric Manager - so security is by wiring. If you rely on physical seperation then I'd say that the Linux who gets access to that physical HW should have rights to operate it, even from userspace. You may say only root/user/label should have those special rights, but it is kind of baked into the model that the special physical connection lets you harm other nodes too. It is important to think what things should be in fwctl, if I were to take a similar situation for IB, the fabric manager plugs into /dev/infiniband/umad* and that is the special interface for exchanging packets between nodes to do fabric management. But IB has a well defined container for fabric management and it is easy to steer things into proper places. Jason
Powered by blists - more mailing lists