On Fri, Dec 20, 2019 at 04:50:44PM +0100, Jack Wang wrote: > Hi all, > > here is V5 of the RTRS (former IBTRS) rdma transport library and the > corresponding RNBD (former IBNBD) rdma network block device. > > Main changes are the following: > 1. Fix the security problem pointed out by Jason > 2. Implement code-style/readability/API/etc suggestions by Bart van Assche > 3. Rename IBTRS and IBNBD to RTRS and RNBD accordingly > 4. Fileio mode support in rnbd-srv has been removed. > > The main functional change is a fix for the security problem pointed out by > Jason and discussed both on the mailing list and during the last LPC RDMA MC 2019. > On the server side we now invalidate in RTRS each rdma buffer before we hand it > over to RNBD server and in turn to the block layer. A new rkey is generated and > registered for the buffer after it returns back from the block layer and RNBD > server. The new rkey is sent back to the client along with the IO result. > The procedure is the default behaviour of the driver. This invalidation and > registration on each IO causes performance drop of up to 20%. A user of the > driver may choose to load the modules with this mechanism switched off > (always_invalidate=N), if he understands and can take the risk of a malicious > client being able to corrupt memory of a server it is connected to. This might > be a reasonable option in a scenario where all the clients and all the servers > are located within a secure datacenter. > > Huge thanks to Bart van Assche for the very detailed review of both RNBD and > RTRS. These included suggestions for style fixes, better readability and > documentation, code simplifications, eliminating usage of deprecated APIs, > too many to name. > > The transport library and the network block device using it have been renamed to > RTRS and RNBD accordingly in order to reflect the fact that they are based on > the rdma subsystem and not bound to InfiniBand only. > > Fileio mode support in rnbd-server is not so efficent as pointed out by Bart, > and we can use loop device in between if there is need, hence we just > removed the fileio mode support. Thanks for pushing the code forward.
