Re: [PATCH 00/16] Intel FPGA Device Drivers

From: Luebbers, Enno
Date: Fri Apr 14 2017 - 15:52:02 EST

Next message: Dave Hansen: "Re: [PATCH] x86/mpx, selftests: Only check bounds-vs-shadow when we keep shadow"
Previous message: Matthias Kaehlcke: "Re: [PATCH v2] PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant"
In reply to: Jerome Glisse: "Re: [PATCH 00/16] Intel FPGA Device Drivers"
Next in thread: Jerome Glisse: "Re: [PATCH 00/16] Intel FPGA Device Drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 12, 2017 at 11:37:49AM -0400, Jerome Glisse wrote:
> On Wed, Apr 12, 2017 at 07:46:19AM -0700, Moritz Fischer wrote:
> > On Wed, Apr 12, 2017 at 6:29 AM, Jerome Glisse <jglisse@xxxxxxxxxx> wrote:
> >
> > > It is like if on GPU we only had close source compiler for the GPU
> > > instructions set. So FPGA is definitly following different rules than
> > > open source upstream GPU kernel driver abides to.
> > >
> > > I see this as highly problematic if not only for security purposes
> > > there is no way for anyone to audit how secure and sane the API you
> > > want to expose to userspace. Those FPGA might have connection to
> > > memory bus or device bus and thus they might get access to any memory.
> >
> > It's up to the user to plug a specific piece of hardware into their
> > machine. After that it is up to the user to decide whether he wants
> > to load a bitstream that he doesn't have the source code for and
> > that he needs to compile with closed source software. Do you know if
> > NVIDIA has backdoors in their GPU, Intel in their NIC, or AMD in their
> > processor? What about that RTC, do you have the source code they
> > synthesized their ASIC design from?
>
> User do not always know what program their executing. Think someone browsing
> some random website, through javascript program you might be able to escape
> the web browser and look for fpga device file, if on is present then it
> might be able to load a bitstream that would allow it to overwritte system
> memory and gain root privilege.
>
> Even if you restrict the ioctl to upload bitstream to root user or some
> privilege user, you have to think about VM world. Someone from inside a
> vm that has access to an fpga device might be able to upload a bitstream
> that would allow to escape the vm and gain root privilege on the host
> operating system.

If you're worried about an accelerator on an FPGA going rogue and accessing
arbitrary host memory, consider that other (non-FPGA) hardware devices could
potentially do that, too (e.g. a PCIe device with a programmable DMA engine).
So this is not really an FPGA-specific concern.

Also, I don't think having an open-source toolchain would help defend against
these kind of attacks at all. Just because you can generate bitstreams with an
open-source tool doesn't prevent the attacker from loading his own bitstreams.
Instead, you'll need to make sure that their bitstream (open-source or not), or,
in fact, any device, is prevented from accessing memory it's not authorized to
access, e.g. with an IOMMU programmed via the kernel's DMA API.

But that's not a toolchain issue.

Thanks
- Enno

Next message: Dave Hansen: "Re: [PATCH] x86/mpx, selftests: Only check bounds-vs-shadow when we keep shadow"
Previous message: Matthias Kaehlcke: "Re: [PATCH v2] PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant"
In reply to: Jerome Glisse: "Re: [PATCH 00/16] Intel FPGA Device Drivers"
Next in thread: Jerome Glisse: "Re: [PATCH 00/16] Intel FPGA Device Drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]