Re: Security (Was: OpenMPI 5.0 to be 32-bit only ?)

To: debian-devel@lists.debian.org
Subject: Re: Security (Was: OpenMPI 5.0 to be 32-bit only ?)
From: Alastair McKinstry <alastair.mckinstry@sceal.ie>
Date: Thu, 9 Feb 2023 09:53:37 +0000
Message-id: <[🔎] a29ea2d3-b1d9-3bd0-ee66-536ccdd0546a@sceal.ie>
In-reply-to: <[🔎] Y+KzGxLUq75jUyNV@loaner.com>
References: <[🔎] c0f73659-8049-3fc9-2168-302f87c13e37@debian.org> <[🔎] Y+KzGxLUq75jUyNV@loaner.com>

Hi,

The push-back from upstream is that they're unconvinced anyone isactually using i386 for MPI.

For example, MPI is configured to use PMIx but its thought that doesn'twork on 32-bit, but no bugs have been reported.

Either we increase our 32-bit testing regime, or realistically considerit marginal and dying.

Currently I'm favouring accepting a move to 64-bit OpenMPI as a faitaccompli as part of code cleanups for 5.X (post Bookworm), and Debianmoving to MPICH on at least 32-bit archs - I'd favour OpenMPI on 64-bitarchs for better incoming-code-and-compatability support.


I'd like to hear the case otherwise.


Best regards
Alastair


On 07/02/2023 20:22, Kingsley G. Morse Jr. wrote:

Hi Alastair,

Thanks for relaying OpenMPI's upstream
maintainer's interest in our opinions on
maintaining 32 bit support.

My humble comments are

1.) 32 bit hardware can be more secure because
     it's so old it predates back doors known as

         Intel's Management Engine[1] and

         AMD's Platform Secure Processor[2]

2.) and I'm OK with reporting bugs.

Thanks again,
Kingsley


[1] https://en.wikipedia.org/wiki/Intel_Management_Engine#Security_vulnerabilities

[2] https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor#Reported_vulnerabilities




On 02/07/2023 09:54, Alastair McKinstry wrote:

Hi

I've been pinged by the upstream maintainer of OpenMPI    Jefff Squyres as
to our opinions on maintaining 32-bit support.

See a  thread here: https://github.com/open-mpi/ompi/pull/11282

Until now I've asked for OMPI to hold off going to 64-bit only; saying we
can help with the maintenance burden with our testing infrastructure.

But we're not well suited to run multi-node test jobs.

If 32-bit support is dropped in OMPI we can switch to MPICH as the default
on those archs instead, but the core problem remains: how much can we
support and test on 32-bit?

(Note:  We're at OpenMPI 4.1.4 now for Bookworm; no change planned)

Comments please,


Alastair McKinstry

--
Alastair McKinstry,
GPG: 82383CE9165B347C787081A2CBE6BB4E5D9AD3A5
e: mckinstry@debian.org, im: @sceal.ie:mckinstry

--
Alastair McKinstry,
GPG: 82383CE9165B347C787081A2CBE6BB4E5D9AD3A5
ph: +353 87 6847928 e: alastair@sceal.ie, im: @sceal.ie:mckinstry

Reply to:

Follow-Ups:
- Re: OpenMPI 5.0 to be 32-bit only ?
  - From: Adrian Bunk <bunk@debian.org>

References:
- OpenMPI 5.0 to be 32-bit only ?
  - From: Alastair McKinstry <mckinstry@debian.org>
- Security (Was: OpenMPI 5.0 to be 32-bit only ?)
  - From: "Kingsley G. Morse Jr." <kingsley@loaner.com>

Prev by Date: Re: OpenMPI 5.0 to be 32-bit only ?
Next by Date: Bug#1030928: ITP: nerdctl -- nerdctl is a Docker-compatible CLI for containerd.
Previous by thread: Security (Was: OpenMPI 5.0 to be 32-bit only ?)
Next by thread: Re: OpenMPI 5.0 to be 32-bit only ?
Index(es):
- Date
- Thread