[openib-general] Should I use umad -or- osm
Michael S. Tsirkin
mst at mellanox.co.il
Thu Dec 9 10:01:37 PST 2004
Hello!
Quoting r. shaharf (shaharf at voltaire.com) "RE: [openib-general] Should I use umad -or- osm":
>
>
> > -----Original Message-----
> > From: openib-general-bounces at openib.org [mailto:openib-general-
> > bounces at openib.org] On Behalf Of Michael S. Tsirkin
> > Sent: Thursday, December 09, 2004 7:07 PM
> > To: openib-general at openib.org
> > Subject: Re: [openib-general] Should I use umad -or- osm
> > >
> > > I guess that in this stage only root will able to use user mode
> > > mads.
> > > Later I would consider letting non-root applications use some mads -
> > > meaning most of the get/query mads, and some of the set mads. I
> > > won't
> > > rely on root access for security. There are mkey, qkey and pkey to
> > > handle that.
> > >
> > > Shahar
> >
> > They are trivial to guess, so kernel would have to touch the MAD
> > data somehow?
> > Further, it seems local MADs have the check disabled now?
> >
> > MST
> > _______________________________________________
>
> The Mkey should set according to the system policy. They can be non
> trivial.
> 64 bits (changing) keys may be relatively strong.
Depends on your definition of the "relatively" I guess.
> Currently only trivial keys are used so we won't let non root users use
> mads.
Fine, we are in agreement then.
> But this is very weak (NFS style) security.
I'm afraid it wont be easy to get beyond that level of security.
> Anyone can have root
> access on his machine.
1. Why not on the switch then?
2. With "anyone can be root" assumption in mind, anyone can for example,
do RDMA to a memory region that is enabled for remote write,
since that is protected only by a 32 bit r_key?
3. etc.
mst
More information about the general
mailing list