On Wed, Feb 04, 2015 at 04:48:44PM +0200, Marcel Apfelbaum wrote: > On 02/04/2015 04:28 PM, Paolo Bonzini wrote: > > > > > >On 04/02/2015 15:02, Daniel P. Berrange wrote: > >>>I'm not sure if it makes sense for RDMA; it already has a couple of hooks > >>>that go around the back of QEMUFile in migration, and it's transferring the > >>>data via DMA so the page data doesn't go through the same path. > >> > >>Could you ever anticipate any need for authentication or encryption in > >>the RDMA based channel ? I don't know enough about RDMA myself to know > >>if it makes sense or not, other than the fact that any channel between > >>two separate hosts needs security at some level in the stack. > > > >Authentication, possibly; but I don't think encryption makes sense. Marcel? > I personally think that the protocol is safe enough, but as always there are > holes > and I am not a security expert: > > "RDMA mechanisms can create a potential security vulnerability. A node > may access another nodes > memory region that was supposed to be banned. > In order to protect remote memory access to unauthorized memory areas, > InfiniBand defines memory > protection mechanisms, where a remote memory access requires a special > key (R_Key). The R_Key is > negotiated between the peers and is validated at the target’s system HCA > card. In case of illegal key the > packet is dropped. The R_Key requirement is built into silicon and > driver code and cannot be disabled > even when attacker compromises root/admin/superuser account on one or > multiple servers." > > More on Layer 2 attacks and how Infiniband handle those: > > http://www.mellanox.com/related-docs/whitepapers/WP_Secuirty_In_InfiniBand_Fabrics_Final.pdf >
Ok I guess we could probably just assume RDMA is sufficient as is for now. We can fairly easily revisit it later if we find it it needs more work Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
