[openib-general] Should I use umad -or- osm

shaharf shaharf at voltaire.com
Thu Dec 9 10:16:28 PST 2004


> -----Original Message-----
> From: openib-general-bounces at openib.org [mailto:openib-general-
> bounces at openib.org] On Behalf Of Michael S. Tsirkin
> Sent: Thursday, December 09, 2004 8:02 PM
> Cc: openib-general at openib.org
> Subject: Re: [openib-general] Should I use umad -or- osm
> 
> > > > I guess that in this stage only root will able to use user mode
> > > > mads.
> > > > Later I would consider letting non-root applications use some
mads -
> > > > meaning most of the get/query mads, and some of the set mads. I
> > > > won't
> > > > rely on root access for security. There are mkey, qkey and pkey
to
> > > > handle that.
> > > >
> > > > Shahar
> > >
> > > They are trivial to guess, so kernel would have to touch the MAD
> > > data somehow?
> > > Further, it seems local MADs have the check disabled now?
> > >
> > > MST
> > > _______________________________________________
> >
> > The Mkey should set according to the system policy. They can be non
> > trivial.
> > 64 bits (changing) keys may be relatively strong.
> 
> Depends on your definition of the "relatively" I guess.
> 
> > Currently only trivial keys are used so we won't let non root users
use
> > mads.
> 
> Fine, we are in agreement then.
> 
> > But this is very weak (NFS style) security.
> 
> I'm afraid it wont be easy to get beyond that level of security.
> 
> > Anyone can have root
> > access on his machine.
> 
> 1. Why not on the switch then?
> 

What do you mean? To be able to send/recv mads it is enough to have one
host with HCA. No switch can block root user sending mads unless pkey or
mkey mechanism is used.

> 2. With "anyone can be root" assumption in mind, anyone can for
example,
> do RDMA to a memory region that is enabled for remote write,
> since that is protected only by a 32 bit r_key?
> 
> 3. etc.
> 
This is a real problem. It is true that brute force attacks can break 32
bit keys quite easily, but in practice even breaking 32 bits keys takes
some time. To handle these brute force attacks, I would expect the
attacked target to bombard the SM with key violations traps. This should
trigger SM action to block and neutralize the offending host, hopefully
before the RDMA write succeeds.
Anyhow, this is not worse then a regular Ethernet HCA that you attack
with valid requests to valid ports.

> mst

Shahar



More information about the general mailing list