-----"Jason Gunthorpe" <jgg@xxxxxxxx> wrote: ----- >To: "Bernard Metzler" <bmt@xxxxxxxxxxxxxx> >From: "Jason Gunthorpe" <jgg@xxxxxxxx> >Date: 03/11/2019 03:14PM >Cc: linux-rdma@xxxxxxxxxxxxxxx >Subject: Re: [PATCH v5 00/13] SIW: Request for Comments > >On Tue, Feb 19, 2019 at 11:08:50AM +0100, Bernard Metzler wrote: >> This patch set contributes version 5 of the SoftiWarp >> driver, as originally introduced to the list Oct 6th, 2017. >> SoftiWarp (siw) implements the iWarp RDMA protocol over >> kernel TCP sockets. The driver integrates with the >> linux-rdma framework. >> >> In response to the various helpful feedback, we fixed (besides >> other small fixes) the following issues: > >What I'd like to hear is that the uapi is designed properly in this >driver from a security perspective. > >1) Kernel can only read-once any memory under control of user space >to > avoid execution integrity security problems Right, I reworked relevant pieces accordingly. RFC v6 will have it. > >2) Userspace never provides data that is unsafe, ie MAC addresses, IP > addresses, VLAN #s, etc. Anything that goes in a L2/L3 header of a > packet is a security problem siw adheres to that. we randomize values for user visible information during creation: memory reservation keys, QP and CQ ID's. > >3) We don't have bugs like rxe has where the netdev side is assuming > lifetimes of IB objects that are not guaranteed - ie qps, ib_devs, > etc can be destroyed async to netdev stuff if userspace tries > hard enough. > I hope I tried hard enough. >Finally, I want to hear from other people that this driver actually >works: > >- Chuck, does it run NFS work loads without crashing? >- Sagi, does it run NVMe workloads. >- Does it pass the various user space rdma-core ping test commands? >- Can it pass verbs fabtests from libfabric? > >etc > >Jason > scaling might be another topic. We tried with up to 8k nodes running Spectrum Scale (aka GPFS) and IOR on top of it, which helped to solve related issues. We did not test with larger setups though. Thanks Bernard. >
