Quoting r. Roland Dreier <[EMAIL PROTECTED]>: > Subject: Re: CM patch for 2.6.17 merge > > Roland> Not sure I understand this. What's the exploit? > > Michael> Connecting from userspace to an SDP socket. People expect > Michael> sockets to be kernel-level. > > Without SDP upstream I don't see the security issue.
We are protecting the remote system here. Think about time when SDP/CMA are upstream, or about a non-linux system with SDP/CMA listening, connected over IB to a 2.6.17 linux. > Even with SDP > upstream it's dubious: everything coming in from the network should be > untrusted. Yes, but e.g. in linux sending e.g. arp packets i slimited for priviledged users. I agree its weak but ... > I don't see how you can prevent userspace from sending CM > messages on an arbitrary UD QP. Does IB spec require me to accept them? Maybe we should validate the source QP ... -- Michael S. Tsirkin Staff Engineer, Mellanox Technologies _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
