On 3/23/23 7:53 PM, Jason Gunthorpe wrote: > On Thu, Mar 23, 2023 at 02:57:49PM +0800, Cheng Xu wrote: >> >> >> On 3/22/23 10:01 PM, Jason Gunthorpe wrote: >>> On Wed, Mar 22, 2023 at 09:30:41PM +0800, Cheng Xu wrote: >>>> >>>> >>>> On 3/22/23 7:54 PM, Jason Gunthorpe wrote: <...> >> >> It's much clear, thanks for your explanation and patience. >> >> Back to erdma context, we have rethought our implementation. For QPs, >> we have a field *wqe_index* in SQE/RQE, which indicates the validity >> of the current WQE. Incorrect doorbell value from other processes can >> not corrupt the QPC in hardware due to PI range and WQE content >> validation in HW. > > No, validating the DB content is not acceptable security. The attacker > process can always generate valid content if it tries hard enough. > Oh, you may misunderstand what I said, our HW validates the *WQE* content, not *DB* content. The attacker can not generate the WQE of other QPs. This protection and correction is already implemented in our HW. > The only acceptable answer is to do like every other NIC did and link > the DB register to the HW object it is allowed to affect. > Emm, still not acceptable with WQE content validation? If it's acceptable, will reduce some works. Thanks, Cheng Xu
