From mboxrd@z Thu Jan  1 00:00:00 1970
From: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: [RFCv2 00/15] RFCv2: Consolidated userspace RDMA library repo
Date: Thu, 1 Sep 2016 15:38:13 -0400
Message-ID: <a27267c8-3d5c-cdfe-ed2a-d57cb106a3bf@redhat.com>
References: <20160823185441.GA1233@obsidianresearch.com>
 <cabbd0a7-0918-a8dd-d1e5-0b079f0c4604@redhat.com>
 <c84de2a5-6526-c0a6-6535-519add3fbabb@dev.mellanox.co.il>
 <20160828182715.GA12783@obsidianresearch.com>
 <004e01d20203$156edc30$404c9490$@opengridcomputing.com>
 <20160829161902.GB23557@obsidianresearch.com> <20160830060842.GJ594@leon.nu>
 <9C6B67F36DCAFC479B1CF6A967258A8C7DE04100@ORSMSX115.amr.corp.intel.com>
 <20160831200336.GA4134@obsidianresearch.com>
 <20160901152920.GA23742@phlsvsds.ph.intel.com>
 <20160901170955.GA19982@obsidianresearch.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="BveBDSFvshKwUfbMs1lpS6xCnVsk4LovO"
Return-path: <linux-rdma-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
In-Reply-To: <20160901170955.GA19982-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Sender: linux-rdma-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
To: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>, "ira.weiny" <ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: "Woodruff, Robert J" <robert.j.woodruff-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, Steve Wise <swise-7bPotxP6k4+P2YhJcF5u+vpXobYPEAuW@public.gmane.org>, 'Yishai Hadas' <yishaih-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>, "linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, 'Devesh Sharma' <Devesh.sharma-laKkSmNT4hbQT0dZR+AlfA@public.gmane.org>, 'Hal Rosenstock' <hal-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>, "Marciniszyn, Mike" <mike.marciniszyn-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, 'Moni Shoua' <monis-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, "Hefty, Sean" <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, "Nikolova, Tatyana E" <tatyana.e.nikolova-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, 'Vladimir Sokolovsky' <vlad-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, 'Yishai Hadas' <yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, 'Majd Dibbiny' <majd-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, "liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org" <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, "talal-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org" <talal-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, "yarong-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org" <yarong-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
List-Id: linux-rdma@vger.kernel.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BveBDSFvshKwUfbMs1lpS6xCnVsk4LovO
Content-Type: multipart/mixed; boundary="hgLW9KGudG7fWhRRuntu2teJguTlkOffl";
 protected-headers="v1"
From: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>,
 "ira.weiny" <ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: "Woodruff, Robert J" <robert.j.woodruff-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
 Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
 Steve Wise <swise-7bPotxP6k4+P2YhJcF5u+vpXobYPEAuW@public.gmane.org>,
 'Yishai Hadas' <yishaih-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>,
 "linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
 'Devesh Sharma' <Devesh.sharma-laKkSmNT4hbQT0dZR+AlfA@public.gmane.org>,
 'Hal Rosenstock' <hal-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>,
 "Marciniszyn, Mike" <mike.marciniszyn-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
 'Moni Shoua' <monis-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, "Hefty, Sean" <sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
 "Nikolova, Tatyana E" <tatyana.e.nikolova-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
 'Vladimir Sokolovsky' <vlad-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
 'Yishai Hadas' <yishaih-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>, 'Majd Dibbiny' <majd-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
 "liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org" <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
 "talal-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org" <talal-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
 "yarong-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org" <yarong-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
 "Rimmer, Todd" <todd.rimmer-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Message-ID: <a27267c8-3d5c-cdfe-ed2a-d57cb106a3bf-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: [RFCv2 00/15] RFCv2: Consolidated userspace RDMA library repo
References: <20160823185441.GA1233-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
 <cabbd0a7-0918-a8dd-d1e5-0b079f0c4604-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
 <c84de2a5-6526-c0a6-6535-519add3fbabb-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
 <20160828182715.GA12783-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
 <004e01d20203$156edc30$404c9490$@opengridcomputing.com>
 <20160829161902.GB23557-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> <20160830060842.GJ594-2ukJVAZIZ/Y@public.gmane.org>
 <9C6B67F36DCAFC479B1CF6A967258A8C7DE04100-8oqHQFITsIFqS6EAlXoojrfspsVTdybXVpNB7YpNyf8@public.gmane.org>
 <20160831200336.GA4134-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
 <20160901152920.GA23742-W4f6Xiosr+yv7QzWx2u06xL4W9x8LtSr@public.gmane.org>
 <20160901170955.GA19982-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
In-Reply-To: <20160901170955.GA19982-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>

--hgLW9KGudG7fWhRRuntu2teJguTlkOffl
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 9/1/2016 1:09 PM, Jason Gunthorpe wrote:

> I'll write a patch to enable 'run from build' in a way which should
> make this even more straight forward.
>=20
> However, things are already fine today, you just drop your driver in
> /opt/intel-opa/lib/libhfi1.so and customize
> /etc/libverbs/hfi1verbs.driver with an absolute path to the .so (I
> wrote the absolute path patch for this years ago for exactly this
> reason)

We do have to be a little bit careful here.

1)  The override directory needs to be a fixed place.
2)  The driver files need to only allow names.  The absolute path patch
sounds like an immediate security issue.
3)  libibverbs needs to be modified to search the overrides directory
for <name>.so first, then the normal directory.  No other searches
should be performed.
4)  The overrides directory and the normal directory need to be system
paths so that both file system permissions and SELinux context (if
enabled) prevent random files from being dropped there.

Basically, with the idea you outline above, you would have to change the
file type of the /etc/libibverbs.d/hfi1verbs.driver file (and all the
other driver files) to be a changeable config file, which prevents rpm
(and other) security scanners from being able to detect that it's been
modified (and the modification might be nefarious) and it also means
that on package upgrade, the file is not automatically re-written to the
official form (meaning a nefarious modification would survive a package
update).  And with the full path patch, the driver could be pointed to
anywhere.  And then you have something like opensm being run as root and
loading up this nefarious driver from wherever.  It's a big security issu=
e.

If you instead have just one official override directory, and search it
before the regular directory, then an updated driver can be distributed
as a simple rpm (or deb) that just installs the .so in the right location=
=2E


--=20
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
    GPG Key ID: 0E572FDD


--hgLW9KGudG7fWhRRuntu2teJguTlkOffl--

--BveBDSFvshKwUfbMs1lpS6xCnVsk4LovO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXyIOlAAoJELgmozMOVy/dfd8P/RvqLPx0e2osyJ+xeyrDAALJ
8wFY5ANBxhXEh/hIX78Fnlp6tpF+yAsSYxpqsJBG0Jsmyz3KwYv6LuuVIbPHNrZV
5SKkJcDKLqaS4GjEjlDPw8o0vu6UsOqT3P5lCzTA7sMgzeJXCmlpqvuKfFJ0EBMR
zqypr/wEkCzeOD7wUic52Lj8L6apFi2OkMHOG5al2BvOP0VcNou7mKMmlwE6gbMx
4Grd0TWhu02c1fqTvcLAup81L6k24Jz5tQRJtqzjFciCUC/Nmxp314wnRh2EnCpb
amwawVVScIC9yFMPinibWQiKwhunVIH9TQE3UU7VTRR8jfPIdVlnXTZeFHGG+qBA
ifjBJ/V+nwsEnclMscgapAnuF1lKVM+wpYZ62BG6tplnb06kV41aAlt5kpuSAHrf
chHwj9eNwm7z7LBmqVRfc1aA0JOSRw3fF4A777siRUGGaXSE+/sfeKm8z5RMjRLm
9+UHfdQ0qqol0qqMHtdB0vr9mqlTCr3dJFpWjl8mSDdOY14dzzIYjYoHZFwTIo/q
1pfEUPHdGnyylCsTUAJjke0AEewA6QqMempmgC/gDL5ndPbK8j+YKaAUr5HhOU+Q
52wLBeXPq5r1w2nMVMri3RsK8v3HBzRyQBhP5DYWE8dfsPg8PbY+3AJSgDiZ0mHh
bQU9OtyPe8kx2LaPS+yc
=uq/z
-----END PGP SIGNATURE-----

--BveBDSFvshKwUfbMs1lpS6xCnVsk4LovO--
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html