From: Tom Tucker <tom@opengridcomputing.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org, Tom Talpey <Thomas.Talpey@netapp.com>
Subject: Re: [PATCH 10/10] svcrdma: Documentation update for the FastReg memory model
Date: Tue, 30 Sep 2008 13:55:45 -0500 [thread overview]
Message-ID: <48E27631.4090202@opengridcomputing.com> (raw)
In-Reply-To: <20080930184433.GC12268@fieldses.org>
J. Bruce Fields wrote:
> On Mon, Sep 29, 2008 at 10:07:25PM -0500, Tom Tucker wrote:
>> J. Bruce Fields wrote:
>>> On Thu, Sep 25, 2008 at 08:35:26AM -0500, Tom Tucker wrote:
>>>> J. Bruce Fields wrote:
>>>>> This explanation is helpful, thanks. It would also be helpful if we
>>>>> could boil down the advice to just a sentence or two for the busy admin.
>>>>> Something like: unless you have card XYZ and kernel 2.6.y, do *not* use
>>>>> rdma on a network where you cannot trust every machine....
>>>> Would it be better to say, "Do not use RDMA on a network where your
>>>> policy requires a security model stronger than tcp/auth_unix."
>>> I'm not worried about the case where the security provided is roughly
>>> equivalent to that provided by tcp/auth_unix.
>>>
>>> I'm worried about the non-"Fast Reg" case where I thought you were
>>> saying that the network could access memory other than that meant to
>>> hold rpc data.
>>>
>> Ok, so maybe we could state the security exposure of ALLPHYSICAL instead
>> of dwelling on the relative differences between the similar exposures of
>> tcp/auth_unix vs. fastreg?
>
> Right. It's all interesting, so I wouldn't cut anything out--but you
> could put off the details to the end; e.g., start with "in situation
> <...>, nfs/rdma provides roughly the same security as nfs over tcp and
> auth_unix (see below for more details)".
Sounds reasonable.
>
>> I'd also like to get to fastreg as a default at some point.
>
> OK, good.
>
>> What's your perspective on the lifetime of bounce buffers, memory
>> windows, and the other strategies in client?
>
> I'm ignorant. Pointer to something else I should read?
>
> I assume there are similar issues on the client?
>
Sorry, that was a question for Tom Talpey. It's a client specific issue
since the server only implements ALLPHYSICAL and FAST REG.
> --b.
next prev parent reply other threads:[~2008-09-30 18:55 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1221564879-85046-1-git-send-email-tom@opengridcomputing.com>
[not found] ` <1221564879-85046-2-git-send-email-tom@opengridcomputing.com>
2008-09-24 19:11 ` [PATCH 01/10] svcrdma: Add Fast Reg MR Data Types J. Bruce Fields
2008-09-25 14:27 ` Tom Tucker
[not found] ` <1221564879-85046-3-git-send-email-tom@opengridcomputing.com>
2008-09-24 19:45 ` [PATCH 02/10] svcrdma: Add FRMR get/put services J. Bruce Fields
2008-09-25 14:25 ` Tom Tucker
2008-09-25 14:44 ` J. Bruce Fields
2008-09-25 20:31 ` Tom Tucker
[not found] ` <1221564879-85046-4-git-send-email-tom@opengridcomputing.com>
2008-09-24 20:10 ` [PATCH 03/10] svcrdma: Query device for Fast Reg support during connection setup J. Bruce Fields
2008-09-25 14:08 ` Tom Tucker
[not found] ` <1221564879-85046-5-git-send-email-tom@opengridcomputing.com>
2008-09-24 20:25 ` [PATCH 04/10] svcrdma: Add a service to register a Fast Reg MR with the device J. Bruce Fields
2008-09-25 13:31 ` Tom Tucker
[not found] ` <1221564879-85046-6-git-send-email-tom@opengridcomputing.com>
2008-09-24 20:31 ` [PATCH 05/10] svcrdma: Modify post recv path to use local dma key J. Bruce Fields
2008-09-25 13:36 ` Tom Tucker
[not found] ` <1221564879-85046-7-git-send-email-tom@opengridcomputing.com>
[not found] ` <1221564879-85046-8-git-send-email-tom@opengridcomputing.com>
[not found] ` <1221564879-85046-9-git-send-email-tom@opengridcomputing.com>
[not found] ` <1221564879-85046-10-git-send-email-tom@opengridcomputing.com>
[not found] ` <1221564879-85046-11-git-send-email-tom@opengridcomputing.com>
2008-09-24 21:21 ` [PATCH 10/10] svcrdma: Documentation update for the FastReg memory model J. Bruce Fields
2008-09-25 13:35 ` Tom Tucker
2008-09-26 16:01 ` Talpey, Thomas
[not found] ` <RTPCLUEXC2-PRDGryWt0000003c-rtwIt2gI0FxT+ZUat5FNkAK/GNPrWCqfQQ4Iyu8u01E@public.gmane.org>
2008-09-30 2:59 ` Tom Tucker
2008-09-26 23:40 ` J. Bruce Fields
2008-09-30 3:07 ` Tom Tucker
2008-09-30 18:44 ` J. Bruce Fields
2008-09-30 18:55 ` Tom Tucker [this message]
2008-09-30 18:57 ` J. Bruce Fields
2008-09-30 20:17 ` Tom Tucker
2008-10-01 16:17 ` J. Bruce Fields
2008-10-02 0:38 ` Tom Tucker
2008-09-30 19:04 ` Talpey, Thomas
[not found] ` <RTPCLUEXC2-PRDgFrYI00000094-rtwIt2gI0FxT+ZUat5FNkAK/GNPrWCqfQQ4Iyu8u01E@public.gmane.org>
2008-10-01 18:26 ` J. Bruce Fields
2008-10-01 19:18 ` Talpey, Thomas
[not found] ` <RTPCLUEXC2-PRDVjCRG000000bb-rtwIt2gI0FxT+ZUat5FNkAK/GNPrWCqfQQ4Iyu8u01E@public.gmane.org>
2008-10-01 19:23 ` Talpey, Thomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48E27631.4090202@opengridcomputing.com \
--to=tom@opengridcomputing.com \
--cc=Thomas.Talpey@netapp.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.