protection domain question

protection domain question

[Christoph Hellwig]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=unknown-8bit, Size: 561 bytes --]

As far as I can tell from reading the Verbs spec the raison d'êtrefor
protection domains is to allow associating MRs with different address
spaces in userspace programs.

Is there any good reason to have each kernel driver create it's own PDs
instead of simply creating one per device and sticking it into the
ib_device structure?
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: protection domain question

[Sagi Grimberg]

> As far as I can tell from reading the Verbs spec the raison d'êtrefor
> protection domains is to allow associating MRs with different address
> spaces in userspace programs.

The PD number is enforced when accessing the associated MRs (via the
associated QPs). So if someone is accessing a MR that is associated
with a PD via a queue-pair that is not it will fail (its a security
thing).

> Is there any good reason to have each kernel driver create it's own PDs
> instead of simply creating one per device and sticking it into the
> ib_device structure?

There is a theoretical breach here. Say you're connected with a srp
channel to a target, and you send out rkey X to your peer. In case
there is a man-in-the-middle who sniffs it, he can theoretically
read/write to your rkey by connecting to IPoIB in RC mode (which
will connect to anyone).

The fact that srp has it's own PD prevents this from happening.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: protection domain question

[Christoph Hellwig]

On Sun, Apr 10, 2016 at 05:27:03PM +0300, Sagi Grimberg wrote:
> >Is there any good reason to have each kernel driver create it's own PDs
> >instead of simply creating one per device and sticking it into the
> >ib_device structure?
> 
> There is a theoretical breach here. Say you're connected with a srp
> channel to a target, and you send out rkey X to your peer. In case
> there is a man-in-the-middle who sniffs it, he can theoretically
> read/write to your rkey by connecting to IPoIB in RC mode (which
> will connect to anyone).

Already, makes sense.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: protection domain question

[santosh.shilimkar-QHcLZuEGTsvQT0dZR+AlfA]

On 4/10/16 7:55 AM, Christoph Hellwig wrote:
> On Sun, Apr 10, 2016 at 05:27:03PM +0300, Sagi Grimberg wrote:
>>> Is there any good reason to have each kernel driver create it's own PDs
>>> instead of simply creating one per device and sticking it into the
>>> ib_device structure?
>>
>> There is a theoretical breach here. Say you're connected with a srp
>> channel to a target, and you send out rkey X to your peer. In case
>> there is a man-in-the-middle who sniffs it, he can theoretically
>> read/write to your rkey by connecting to IPoIB in RC mode (which
>> will connect to anyone).
>
> Already, makes sense.

Exactly I was also responding with similar response since many ULPs
share the HCA resources and they needs to be isolated which PD does.

Regards,
Santosh
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html