Skip to content

[CP 1571] security: Mythos AI-scan fixes batch 2 (KUBE-34, KUBE-32)#594

Merged
spraveenio merged 2 commits into
ROCm:mainfrom
ci-penbot-01:CP.O2O.pensando.gpu-operator.1571.rocm.gpu-operator.main
Jul 7, 2026
Merged

[CP 1571] security: Mythos AI-scan fixes batch 2 (KUBE-34, KUBE-32)#594
spraveenio merged 2 commits into
ROCm:mainfrom
ci-penbot-01:CP.O2O.pensando.gpu-operator.1571.rocm.gpu-operator.main

Conversation

@ci-penbot-01

Copy link
Copy Markdown
Contributor

cp of pensando/gpu-operator#1571


Source PR Description (pensando/gpu-operator#1571):

Summary

Internal-fork counterpart of the ROCm batch-2 security fixes. Both findings apply to this repo.

  • KUBE-34 — the RHEL KMM driver-build template passed the Red Hat subscription password via subscription-manager --password inside a RUN layer (exposed in the build ConfigMap, process table, image history, and logs; ; exit 0 masked failures). The path was already dead: the "rhel" case in resolveDockerfile was commented out, DockerfileTemplate.rhel was not embedded or referenced, and the RedhatSubscription* CRD fields it read no longer exist, so osDistro == "rhel" already fell through to "not supported OS". Per team confirmation RHEL support is not being revived, so the dead template and commented block are removed.

  • KUBE-32 — the KMM driver-build templates fetch the apt/dnf GPG trust root from a URL that can be supplied via DeviceConfig (gpgKeyURL/packageRepoURL/amdgpuInstallerRepoURL). This is by design (optional fields for custom-mirror / air-gapped installs), and the only actor who can set them already controls the driver's package source via DeviceConfig write access. The scan's suggested fix would break air-gapped support. Instead, the trust model is documented on the three fields, and the CRD / helm CRD / CSV descriptors are regenerated to match.

Test plan

  • go build ./... passes
  • Generated artifacts produced by make manifests + make bundle-build on this branch; operator-sdk bundle validate ./bundle passes
  • No behavior change (docs-only on live fields for KUBE-32; dead-code-only removal for KUBE-34)

Cherrypick triggered by: ACP-Automation

bhatnitish and others added 2 commits July 7, 2026 03:58
* security(kmm): remove dead RHEL driver-build template (KUBE-34)

The RHEL KMM driver-build template passed the Red Hat subscription
password via subscription-manager --password inside a RUN layer, which
would expose the credential in the build ConfigMap, process table, image
history, and logs (and the ; exit 0 suffix masked registration
failures).

The path was already disabled: the "rhel" case in resolveDockerfile was
commented out, DockerfileTemplate.rhel was not go:embed'd or referenced,
and the RedhatSubscription* CRD fields it read no longer exist, so
osDistro == "rhel" already falls through to "not supported OS". No live
code path could leak the credential.

Per team confirmation RHEL support is not being revived, so remove the
dead template file and the stale commented-out block rather than
hardening an unreachable path.

* security(api): document trust model for driver-build repo/GPG URLs (KUBE-32)

The KMM driver-build templates fetch the apt/dnf GPG trust root from a
URL that can be supplied via DeviceConfig (spec.driver.imageBuild.gpgKeyURL,
packageRepoURL, amdgpuInstallerRepoURL). Since that key verifies the
amdgpu packages for a ring-0 kernel module on every node, controlling it
is high impact.

This is by design, not a defect: these are optional fields added for
custom-mirror / air-gapped installs (ROCm#540), and the only actor who can
set them is someone with write access to DeviceConfig, who already
controls the driver's package source. The scan's recommended fix
(reject a CR-supplied key URL) would break the air-gapped feature.

Rather than change behavior, document the trust model on the three URL
fields: they are trusted, privileged build inputs; DeviceConfig write
access should be treated as control over the driver's package source /
trust root and granted only to trusted admins; prefer https URLs you
control. Regenerated the CRD, helm CRD, and CSV descriptors to match.

* docs(plan): add plan file for Mythos security batch 2

Satisfies the pr-plan-check gate for pensando #1571.

(cherry picked from commit 6c707db4fd8febc42f8f651d0f1c5e02826c0abd)
@spraveenio spraveenio merged commit dbb034a into ROCm:main Jul 7, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants