Objective of OpenWRT/x86?

Philip Prindeville philipp_subx at redfish-solutions.com
Mon May 1 09:53:45 PDT 2023

> On May 1, 2023, at 9:32 AM, Daniel Golle <daniel at makrotopia.org> wrote:
> On Mon, May 01, 2023 at 09:01:29AM -0600, Philip Prindeville wrote:
>>> On May 1, 2023, at 8:12 AM, Joseph Mullally <jwmullally at gmail.com> wrote:
>>> On Mon, May 1, 2023 at 5:43 AM Philip Prindeville
>>> <philipp_subx at redfish-solutions.com> wrote:
>>>>> On Apr 28, 2023, at 11:18 PM, Elliott Mitchell <ehem+openwrt at m5p.com> wrote:
>>>>>> On Fri, Apr 28, 2023 at 12:04:15PM -0600, Philip Prindeville wrote:
>>>>>> Um... you can't "virtualize" WiFi in any VM I've ever seen.
>>>>> You can though pass PCIe devices to a VM.  The hardware will physically
>>>>> attach to the control host, but a VM will be able to do anything it wants
>>>>> with it.
>>>> So the guest has the potential to crash or hang the host?
>>> I ran the OpenWrt x86/64 image under KVM/libvirtd for years with an
>>> Intel Wifi card connected through exclusive PCI passthrough, and it
>>> worked fine. There is enough conjecture already.
>> From one anecdotal episode I'm not going to extrapolate that this is a robust solution in all cases; I wouldn't get very far as a cyber security engineer thinking this way.
> Maybe the fact that PCI passthrough is facilitated by the IOMMU which
> takes care of resource isolation makes you feel a bit better about it?
> The host from this point on doesn't deal with that PCIe slot any more,
> and passtrough is happening entirely in hardware.
> However, keep in mind that access to PCIe in most cases (such as WiFi
> adapters) doesn't assume the user could be a bad actor. You will probably
> still be able to do bad things with it, esp. if you know the hardware
> well (such as triggering overheat/overcurrent, deliberately creating
> radio interference with other system parts, ...).

Malicious activity aside, there's always the potential of poorly backported device driver patches, or even running a bleeding-edge kernel, to break things badly...

More information about the openwrt-devel mailing list