2008-09-30 02:59:17

by Tom Tucker

[permalink] [raw]
Subject: Re: [PATCH 10/10] svcrdma: Documentation update for the FastReg memory model

Talpey, Thomas wrote:
> At 09:35 AM 9/25/2008, Tom Tucker wrote:
>>> This explanation is helpful, thanks. It would also be helpful if we
>>> could boil down the advice to just a sentence or two for the busy admin.
>>> Something like: unless you have card XYZ and kernel 2.6.y, do *not* use
>>> rdma on a network where you cannot trust every machine....
>> Would it be better to say, "Do not use RDMA on a network where your
>> policy requires a security model stronger than tcp/auth_unix."
> No! This would confuse integrity and privacy concerns (the root of the
> RDMA attack you describe) with authentication. While it's true there are
> different attacks with a different transport, they do not in any way
> contravene the protections in the RPC and NFS layers.
> In fact, I believe the text is unfairly protraying a vulnerability in iWARP
> as to be residing in NFS/RDMA, which is isn't.
> While many of today's adapters allow so-called "type 2" RKEYs, the
> protocol does not encourage them, and their use introduces these
> risks. The risks are avoidable. The IETF RFCs describe these in detail,
> for both RDDP and NFS/RPC/RDMA.

Ok, but I need some text that correctly represents the guidance to the
naive administrator. I think Bruce's goal is a good one, but I thought
his text was only "point in time" relevant.

I'm open to suggestions for specific wording!


> Tom.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html