[EMAIL PROTECTED] wrote: > Thomas> If I can snoop or guess rkeys (not a huge challenge with > Thomas> 32 bits), and if I can use them on an arbitrary queuepair, > Thomas> then I can handily peek and poke at memory that does not > Thomas> belong to me. > > Thomas> For this reason, iWARP requires its steering tags to be > Thomas> scoped to a single connection. This leverages the IP > Thomas> security model and provides correctness. > > Thomas> It is true that IB implementations generally don't do > Thomas> this. They should. > > Isn't this what IB protection domains solve? >
The benefit of narrow memory windows is that they separate the scope of remote access from the scope of local access. The extremely common model that they support exceedingly well is a single server that wants to use an SRQ to support thousands of clients (a model I'm sure Tom is very familiar with). The Protection Domain can be set at the scope of the application, allowing a single buffer pool for send/recv, while limiting any STags advertised to a single connection. That way a server can have statistical multiplexing of its request buffers while limiting any buffer advertisements to a single client at at time (of course many of these servers *never* advertise a buffer, but if they do they certainly want it confined to a single client). _______________________________________________ openib-general mailing list [email protected] http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
