| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240722132754.GA3371438@nvidia.com> Date: Mon, 22 Jul 2024 10:27:54 -0300 From: Jason Gunthorpe <jgg@...dia.com> To: Laurent Pinchart <laurent.pinchart@...asonboard.com> Cc: Dan Williams <dan.j.williams@...el.com>, Christoph Hellwig <hch@...radead.org>, ksummit@...ts.linux.dev, linux-cxl@...r.kernel.org, linux-rdma@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [MAINTAINERS SUMMIT] Device Passthrough Considered Harmful? On Sun, Jul 21, 2024 at 09:51:05PM +0300, Laurent Pinchart wrote: > That may be the case in the server world, and for protocols such as > NVMe. My experience in the media world differs. I've seen too many > horrors to list them all here, so I'll only mention one of the worst > examples coming to my mind, of an (BSP) driver taking a physical address > from unpriviledged userspace and giving it to a DMA engine without any > filtering. I think this was mostly to be blamed on the developer not > knowing better, there was no malicious intent. > > In general, can we trust closed-source firmwares when they document the > side effects of pass-through commands ? Again, I think the answer > differs between different classes of devices, the security culture is > not uniform across the whole IT industry. That does make sense to me, and I certainly don't feel the same comfort when looking at embedded or consumer HW that has a historically much weaker security story. Jason
Powered by blists - more mailing lists