On 02/04/2015 04:28 PM, Paolo Bonzini wrote:
On 04/02/2015 15:02, Daniel P. Berrange wrote:
I'm not sure if it makes sense for RDMA; it already has a couple of hooks
that go around the back of QEMUFile in migration, and it's transferring the
data via DMA so the page data doesn't go through the same path.
Could you ever anticipate any need for authentication or encryption in
the RDMA based channel ? I don't know enough about RDMA myself to know
if it makes sense or not, other than the fact that any channel between
two separate hosts needs security at some level in the stack.
Authentication, possibly; but I don't think encryption makes sense. Marcel?
I personally think that the protocol is safe enough, but as always there are
holes
and I am not a security expert:
"RDMA mechanisms can create a potential security vulnerability. A node may
access another nodes
memory region that was supposed to be banned.
In order to protect remote memory access to unauthorized memory areas,
InfiniBand defines memory
protection mechanisms, where a remote memory access requires a special key
(R_Key). The R_Key is
negotiated between the peers and is validated at the target’s system HCA
card. In case of illegal key the
packet is dropped. The R_Key requirement is built into silicon and driver
code and cannot be disabled
even when attacker compromises root/admin/superuser account on one or multiple
servers."
More on Layer 2 attacks and how Infiniband handle those:
http://www.mellanox.com/related-docs/whitepapers/WP_Secuirty_In_InfiniBand_Fabrics_Final.pdf
I hope I helped,
Marcel
Paolo
