[openib-general] Should I use umad -or- osm
Michael S. Tsirkin
mst at mellanox.co.il
Thu Dec 9 10:29:57 PST 2004
Hello!
Quoting r. shaharf (shaharf at voltaire.com) "RE: [openib-general] Should I use umad -or- osm":
> > > Anyone can have root
> > > access on his machine.
> >
> > 1. Why not on the switch then?
> >
>
> What do you mean? To be able to send/recv mads it is enough to have one
> host with HCA. No switch can block root user sending mads unless pkey or
> mkey mechanism is used.
I mean that if a malicious user has control of a switch he can
cause even more problems.
> > 2. With "anyone can be root" assumption in mind, anyone can for
> > example,
> > do RDMA to a memory region that is enabled for remote write,
> > since that is protected only by a 32 bit r_key?
> >
> > 3. etc.
> >
> This is a real problem. It is true that brute force attacks can break 32
> bit keys quite easily, but in practice even breaking 32 bits keys takes
> some time. To handle these brute force attacks, I would expect the
> attacked target to bombard the SM with key violations traps. This should
> trigger SM action to block and neutralize the offending host, hopefully
> before the RDMA write succeeds.
> Anyhow, this is not worse then a regular Ethernet HCA that you attack
> with valid requests to valid ports.
Anyway, I'm just trying to say its not easy.
mst
More information about the general
mailing list