[openib-general] Should I use umad -or- osm

Michael S. Tsirkin mst at mellanox.co.il
Thu Dec 9 10:01:37 PST 2004


Hello!
Quoting r. shaharf (shaharf at voltaire.com) "RE: [openib-general] Should I use umad -or- osm":
> 
> 
> > -----Original Message-----
> > From: openib-general-bounces at openib.org [mailto:openib-general-
> > bounces at openib.org] On Behalf Of Michael S. Tsirkin
> > Sent: Thursday, December 09, 2004 7:07 PM
> > To: openib-general at openib.org
> > Subject: Re: [openib-general] Should I use umad -or- osm
> > >
> > > I guess that in this stage only root will able to use user mode
> > > mads.
> > > Later I would consider letting non-root applications use some mads -
> > > meaning most of the get/query mads, and some of the set mads. I
> > > won't
> > > rely on root access for security. There are mkey, qkey and pkey to
> > > handle that.
> > >
> > > Shahar
> > 
> > They are trivial to guess, so kernel would have to touch the MAD
> > data somehow?
> > Further, it seems local MADs have the check disabled now?
> > 
> > MST
> > _______________________________________________
> 
> The Mkey should set according to the system policy. They can be non
> trivial.
> 64 bits (changing) keys may be relatively strong.

Depends on your definition of the "relatively" I guess.

> Currently only trivial keys are used so we won't let non root users use
> mads.

Fine, we are in agreement then.

> But this is very weak (NFS style) security.

I'm afraid it wont be easy to get beyond that level of security.

> Anyone can have root
> access on his machine.

1. Why not on the switch then?

2. With "anyone can be root" assumption in mind, anyone can for example,
do RDMA to a memory region that is enabled for remote write,
since that is protected only by a 32 bit r_key?

3. etc.

mst



More information about the general mailing list