From: Cheng Xu <chengyou@linux.alibaba.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Leon Romanovsky <leon@kernel.org>,
linux-rdma@vger.kernel.org, KaiShen@linux.alibaba.com
Subject: Re: [PATCH for-next v2 2/2] RDMA/erdma: Support non-4K page size in doorbell allocation
Date: Wed, 22 Mar 2023 21:30:41 +0800 [thread overview]
Message-ID: <6c982b76-61b2-7317-ab76-8ff0b4fb4471@linux.alibaba.com> (raw)
In-Reply-To: <ZBrsexPDqDIej/2/@ziepe.ca>
On 3/22/23 7:54 PM, Jason Gunthorpe wrote:
> On Wed, Mar 22, 2023 at 03:05:29PM +0800, Cheng Xu wrote:
>
>> The current generation of erdma devices do not have this capability due to
>> implementation complexity. Without this HW capability, isolating the MMIO
>> space in software doesn't prevent the attack, because the malicious APPs
>> can map mmio itself, not through verbs interface.
>
> This doesn't meet the security model of Linux, verbs HW is expected to
> protect one process from another process.
OK, I see.
So the key point is that HW should restrict each process to use its own doorbell
space. If hardware can do this, share or do not share MMIO pages both will meet
the security requirement. Do I get it right?
It seems that EFA uses shared MMIO pages with hardware security assurance.
> if this is the case we should consider restricting this HW to
> CAP_SYS_RAW_IO only.
>
Please give us a chance to fix this issue first.
> You should come with an explanation why this HW is safe enough to
> avoid this.
I need to discuss with our HW guys and implement the similar security check
in HW, and this won't be long.
Thanks,
Cheng Xu
next prev parent reply other threads:[~2023-03-22 13:30 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-07 10:29 [PATCH for-next v2 0/2] RDMA/erdma: Add non-4K page size support Cheng Xu
2023-03-07 10:29 ` [PATCH for-next v2 1/2] RDMA/erdma: Use fixed hardware page size Cheng Xu
2023-03-24 14:34 ` Jason Gunthorpe
2023-03-07 10:29 ` [PATCH for-next v2 2/2] RDMA/erdma: Support non-4K page size in doorbell allocation Cheng Xu
2023-03-14 10:23 ` Leon Romanovsky
[not found] ` <5b0cc34d-a185-d9b4-c312-27bc959d929d@linux.alibaba.com>
2023-03-14 11:34 ` Cheng Xu
2023-03-14 11:50 ` Cheng Xu
2023-03-14 14:10 ` Leon Romanovsky
2023-03-15 1:58 ` Cheng Xu
2023-03-15 10:22 ` Leon Romanovsky
2023-03-21 14:30 ` Jason Gunthorpe
2023-03-22 7:05 ` Cheng Xu
2023-03-22 11:54 ` Jason Gunthorpe
2023-03-22 13:30 ` Cheng Xu [this message]
2023-03-22 14:01 ` Jason Gunthorpe
2023-03-22 15:09 ` Gal Pressman
2023-03-23 6:57 ` Cheng Xu
2023-03-23 11:53 ` Jason Gunthorpe
2023-03-23 12:33 ` Cheng Xu
2023-03-23 13:05 ` Jason Gunthorpe
2023-03-23 14:10 ` Cheng Xu
2023-03-23 14:18 ` Jason Gunthorpe
2023-03-26 0:10 ` Cheng Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6c982b76-61b2-7317-ab76-8ff0b4fb4471@linux.alibaba.com \
--to=chengyou@linux.alibaba.com \
--cc=KaiShen@linux.alibaba.com \
--cc=jgg@ziepe.ca \
--cc=leon@kernel.org \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox