[openib-general] mthca FMR correctness (and memory windows)
Caitlin Bestler
caitlinb at broadcom.com
Tue Mar 21 06:55:56 PST 2006
openib-general-bounces at openib.org wrote:
> Thomas> If I can snoop or guess rkeys (not a huge challenge with
> Thomas> 32 bits), and if I can use them on an arbitrary queuepair,
> Thomas> then I can handily peek and poke at memory that does not
> Thomas> belong to me.
>
> Thomas> For this reason, iWARP requires its steering tags to be
> Thomas> scoped to a single connection. This leverages the IP
> Thomas> security model and provides correctness.
>
> Thomas> It is true that IB implementations generally don't do
> Thomas> this. They should.
>
> Isn't this what IB protection domains solve?
>
The benefit of narrow memory windows is that they separate the scope
of remote access from the scope of local access.
The extremely common model that they support exceedingly well is
a single server that wants to use an SRQ to support thousands
of clients (a model I'm sure Tom is very familiar with).
The Protection Domain can be set at the scope of the application,
allowing a single buffer pool for send/recv, while limiting
any STags advertised to a single connection. That way a server
can have statistical multiplexing of its request buffers while
limiting any buffer advertisements to a single client at at
time (of course many of these servers *never* advertise a
buffer, but if they do they certainly want it confined to
a single client).
More information about the general
mailing list