On Sat, Jun 10, 2017 at 02:11:13PM +0000, Majd Dibbiny wrote: > >> This is especially true for mlx nics as there are many raw packet > >> bypass mechanisms available to userspace. > All of the Raw packet bypass mechanisms are restricted to > CAP_NET_RAW, and thus malicious users can't simply open a RAW Packet > QP and send it to the FPGA.. It is big expansion of CAP_NET_RAW to also basically also include reconfiguring ipsec xfrm. Plus, if someone configures ethernet bridging (eg in a VM situation) then could a hacked VM reconfigure this FPGA? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
