Secondo un post di blog di Google , Google ha ha sperimentato fornendo un accesso raw ai dispositivi PCIe in un ambiente remoto. Hanno deciso di scoprire quali funzionalità di Access Control Service (ACS, vedere la sezione 4.3 di la carta Intel per ulteriori informazioni) sono necessari per fare questo:
We discovered some curiosities. For instance, on one incorrect configuration, some undocumented debug registers on the switch were incorrectly exposed to downstream devices, which we discovered could cause serious malfunctioning of the switch under certain access patterns. If a device can cause out-of-spec behavior in the switch it’s connected to, it may be able to cause insecure routing, which would compromise the entire network. The value of fuzzing is its ability to find vulnerabilities in undocumented and undefined areas, outside the normal set of behaviors and operations defined in the spec. But by the end of the process, we had determined a minimum set of ACS features necessary to securely run GPUs in the cloud.
Enfasi mia. Mi piacerebbe sapere quali sono queste caratteristiche. Google li ha pubblicati?