On Fri, Jul 10, 2015 at 01:54:20PM -0600, Jason Gunthorpe wrote: > On Fri, Jul 10, 2015 at 02:42:45PM -0400, Tom Talpey wrote: > > > >>For the proposed iSER patch the problem is very acute, iser makes a > > >>single PD and phys MR at boot time for each device. This means there > > >>is a single machine wide unchanging rkey that allows remote physical > > >>memory access. An attacker only has to repeatedly open QPs to iSER and > > >>guess rkey values until they find it. Add in likely non-crypto > > >>randomness for rkeys, and I bet it isn't even that hard to do. > > > > The rkeys have a PD, wich cannot be forged, so it's not a matter of > > attacking, but it is most definitely a system integrity risk, as I > > mentioned earlier, a simple arithmetic offset mistake can overwrite > > anything. > > Can you explain this conclusion? Okay, so I see, iser is client only, it doesn't create a listening QP, so you have to trick it into connecting to a malicious server, and that is just a trust issue as Doug points out. Presumably this patch doesn't impact isert? But what about NFS? It looks to me like all of the ib_get_dma_mr calls in NFS have the possibility of having IB_ACCESS_REMOTE_WRITE set, but only on older adaptors? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
