From: Bart Van Assche <Bart.VanAssche@wdc.com>
To: "jinpu.wang@profitbricks.com" <jinpu.wang@profitbricks.com>
Cc: "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"hch@infradead.org" <hch@infradead.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"roman.penyaev@profitbricks.com" <roman.penyaev@profitbricks.com>,
"sagi@grimberg.me" <sagi@grimberg.me>,
"ogerlitz@mellanox.com" <ogerlitz@mellanox.com>,
"axboe@kernel.dk" <axboe@kernel.dk>,
"danil.kipnis@profitbricks.com" <danil.kipnis@profitbricks.com>
Subject: Re: [PATCH 00/24] InfiniBand Transport (IBTRS) and Network Block Device (IBNBD)
Date: Mon, 5 Feb 2018 16:16:49 +0000 [thread overview]
Message-ID: <1517847408.3764.5.camel@wdc.com> (raw)
In-Reply-To: <CAMGffEkhqR9Z5bkMfnVn8an2OUM8k+jYoR5EFdtv3k9en1bh=w@mail.gmail.com>
T24gTW9uLCAyMDE4LTAyLTA1IGF0IDA5OjU2ICswMTAwLCBKaW5wdSBXYW5nIHdyb3RlOg0KPiBI
aSBCYXJ0LA0KPiANCj4gTXkgYW5vdGhlciAyIGNlbnRzOikNCj4gT24gRnJpLCBGZWIgMiwgMjAx
OCBhdCA2OjA1IFBNLCBCYXJ0IFZhbiBBc3NjaGUgPEJhcnQuVmFuQXNzY2hlQHdkYy5jb20+IHdy
b3RlOg0KPiA+IE9uIEZyaSwgMjAxOC0wMi0wMiBhdCAxNTowOCArMDEwMCwgUm9tYW4gUGVuIHdy
b3RlOg0KPiA+ID4gbyBTaW1wbGUgY29uZmlndXJhdGlvbiBvZiBJQk5CRDoNCj4gPiA+ICAgIC0g
U2VydmVyIHNpZGUgaXMgY29tcGxldGVseSBwYXNzaXZlOiB2b2x1bWVzIGRvIG5vdCBuZWVkIHRv
IGJlDQo+ID4gPiAgICAgIGV4cGxpY2l0bHkgZXhwb3J0ZWQuDQo+ID4gDQo+ID4gVGhhdCBzb3Vu
ZHMgbGlrZSBhIHNlY3VyaXR5IGhvbGU/IEkgdGhpbmsgdGhlIGFiaWxpdHkgdG8gY29uZmlndXJl
IHdoZXRoZXIgb3INCj4gPiBub3QgYW4gaW5pdGlhdG9yIGlzIGFsbG93ZWQgdG8gbG9nIGluIGlz
IGVzc2VudGlhbCBhbmQgYWxzbyB3aGljaCB2b2x1bWVzIGFuDQo+ID4gaW5pdGlhdG9yIGhhcyBh
Y2Nlc3MgdG8uDQo+IA0KPiBPdXIgZGVzaWduIHRhcmdldCBmb3Igd2VsbCBjb250cm9sbGVkIHBy
b2R1Y3Rpb24gZW52aXJvbm1lbnQsIHNvIHNlY3VyaXR5IGlzDQo+IGhhbmRsZSBpbiBvdGhlciBs
YXllci4gT24gc2VydmVyIHNpZGUsIGFkbWluIGNhbiBzZXQgdGhlIGRldl9zZWFyY2hfcGF0aCBp
bg0KPiBtb2R1bGUgcGFyYW1ldGVyIHRvIHNldCBwYXJlbnQgZGlyZWN0b3J5LCB0aGlzIHdpbGwg
Y29uY2F0ZW5hdGUgd2l0aCB0aGUgcGF0aA0KPiBjbGllbnQgc2VuZCBpbiBvcGVuIG1lc3NhZ2Ug
dG8gb3BlbiBhIGJsb2NrIGRldmljZS4NCg0KSGVsbG8gSmFjaywNCg0KVGhhdCBhcHByb2FjaCBt
YXkgd29yayB3ZWxsIGZvciB5b3VyIGVtcGxveWVyIGJ1dCBzb3JyeSBJIGRvbid0IHRoaW5rIHRo
aXMgaXMNCnN1ZmZpY2llbnQgZm9yIGFuIHVwc3RyZWFtIGRyaXZlci4gSSB0aGluayB0aGF0IG1v
c3QgdXNlcnMgd2hvIGNvbmZpZ3VyZSBhDQpuZXR3b3JrIHN0b3JhZ2UgdGFyZ2V0IGV4cGVjdCBm
dWxsIGNvbnRyb2wgb3ZlciB3aGljaCBzdG9yYWdlIGRldmljZXMgYXJlIGV4cG9ydGVkDQphbmQg
YWxzbyBvdmVyIHdoaWNoIGNsaWVudHMgZG8gaGF2ZSBhbmQgZG8gbm90IGhhdmUgYWNjZXNzLg0K
DQpCYXJ0Lg==
WARNING: multiple messages have this Message-ID (diff)
From: Bart Van Assche <Bart.VanAssche@wdc.com>
To: "jinpu.wang@profitbricks.com" <jinpu.wang@profitbricks.com>
Cc: "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"hch@infradead.org" <hch@infradead.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"roman.penyaev@profitbricks.com" <roman.penyaev@profitbricks.com>,
"sagi@grimberg.me" <sagi@grimberg.me>,
"ogerlitz@mellanox.com" <ogerlitz@mellanox.com>,
"axboe@kernel.dk" <axboe@kernel.dk>,
"danil.kipnis@profitbricks.com" <danil.kipnis@profitbricks.com>
Subject: Re: [PATCH 00/24] InfiniBand Transport (IBTRS) and Network Block Device (IBNBD)
Date: Mon, 5 Feb 2018 16:16:49 +0000 [thread overview]
Message-ID: <1517847408.3764.5.camel@wdc.com> (raw)
In-Reply-To: <CAMGffEkhqR9Z5bkMfnVn8an2OUM8k+jYoR5EFdtv3k9en1bh=w@mail.gmail.com>
On Mon, 2018-02-05 at 09:56 +0100, Jinpu Wang wrote:
> Hi Bart,
>
> My another 2 cents:)
> On Fri, Feb 2, 2018 at 6:05 PM, Bart Van Assche <Bart.VanAssche@wdc.com> wrote:
> > On Fri, 2018-02-02 at 15:08 +0100, Roman Pen wrote:
> > > o Simple configuration of IBNBD:
> > > - Server side is completely passive: volumes do not need to be
> > > explicitly exported.
> >
> > That sounds like a security hole? I think the ability to configure whether or
> > not an initiator is allowed to log in is essential and also which volumes an
> > initiator has access to.
>
> Our design target for well controlled production environment, so security is
> handle in other layer. On server side, admin can set the dev_search_path in
> module parameter to set parent directory, this will concatenate with the path
> client send in open message to open a block device.
Hello Jack,
That approach may work well for your employer but sorry I don't think this is
sufficient for an upstream driver. I think that most users who configure a
network storage target expect full control over which storage devices are exported
and also over which clients do have and do not have access.
Bart.
next prev parent reply other threads:[~2018-02-05 16:16 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-02 14:08 [PATCH 00/24] InfiniBand Transport (IBTRS) and Network Block Device (IBNBD) Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 14:08 ` [PATCH 01/24] ibtrs: public interface header to establish RDMA connections Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 14:08 ` [PATCH 02/24] ibtrs: private headers with IBTRS protocol structs and helpers Roman Pen
2018-02-02 14:08 ` [PATCH 03/24] ibtrs: core: lib functions shared between client and server modules Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-05 10:52 ` Sagi Grimberg
2018-02-06 12:01 ` Roman Penyaev
2018-02-06 16:10 ` Jason Gunthorpe
2018-02-07 10:34 ` Roman Penyaev
2018-02-07 10:34 ` Roman Penyaev
2018-02-02 14:08 ` [PATCH 04/24] ibtrs: client: private header with client structs and functions Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-05 10:59 ` Sagi Grimberg
2018-02-05 10:59 ` Sagi Grimberg
2018-02-06 12:23 ` Roman Penyaev
2018-02-02 14:08 ` [PATCH 05/24] ibtrs: client: main functionality Roman Pen
2018-02-02 16:54 ` Bart Van Assche
2018-02-02 16:54 ` Bart Van Assche
2018-02-05 13:27 ` Roman Penyaev
2018-02-05 14:14 ` Sagi Grimberg
2018-02-05 14:14 ` Sagi Grimberg
2018-02-05 17:05 ` Roman Penyaev
2018-02-05 17:05 ` Roman Penyaev
2018-02-05 11:19 ` Sagi Grimberg
2018-02-05 14:19 ` Roman Penyaev
2018-02-05 14:19 ` Roman Penyaev
2018-02-05 16:24 ` Bart Van Assche
2018-02-05 16:24 ` Bart Van Assche
2018-02-02 14:08 ` [PATCH 06/24] ibtrs: client: statistics functions Roman Pen
2018-02-02 14:08 ` [PATCH 07/24] ibtrs: client: sysfs interface functions Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-05 11:20 ` Sagi Grimberg
2018-02-05 11:20 ` Sagi Grimberg
2018-02-06 12:28 ` Roman Penyaev
2018-02-02 14:08 ` [PATCH 08/24] ibtrs: server: private header with server structs and functions Roman Pen
2018-02-02 14:08 ` [PATCH 09/24] ibtrs: server: main functionality Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-05 11:29 ` Sagi Grimberg
2018-02-05 11:29 ` Sagi Grimberg
2018-02-06 12:46 ` Roman Penyaev
2018-02-02 14:08 ` [PATCH 10/24] ibtrs: server: statistics functions Roman Pen
2018-02-02 14:08 ` [PATCH 11/24] ibtrs: server: sysfs interface functions Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 14:08 ` [PATCH 12/24] ibtrs: include client and server modules into kernel compilation Roman Pen
2018-02-02 14:08 ` [PATCH 13/24] ibtrs: a bit of documentation Roman Pen
2018-02-02 14:08 ` [PATCH 14/24] ibnbd: private headers with IBNBD protocol structs and helpers Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 14:08 ` [PATCH 15/24] ibnbd: client: private header with client structs and functions Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 14:08 ` [PATCH 16/24] ibnbd: client: main functionality Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 15:11 ` Jens Axboe
2018-02-02 15:11 ` Jens Axboe
2018-02-05 12:54 ` Roman Penyaev
2018-02-02 14:08 ` [PATCH 17/24] ibnbd: client: sysfs interface functions Roman Pen
2018-02-02 14:08 ` Roman Pen
2018-02-02 14:08 ` [PATCH 18/24] ibnbd: server: private header with server structs and functions Roman Pen
2018-02-02 14:08 ` [PATCH 19/24] ibnbd: server: main functionality Roman Pen
2018-02-02 14:09 ` [PATCH 20/24] ibnbd: server: functionality for IO submission to file or block dev Roman Pen
2018-02-02 14:09 ` Roman Pen
2018-02-02 14:09 ` [PATCH 21/24] ibnbd: server: sysfs interface functions Roman Pen
2018-02-02 14:09 ` Roman Pen
2018-02-02 14:09 ` [PATCH 22/24] ibnbd: include client and server modules into kernel compilation Roman Pen
2018-02-02 14:09 ` [PATCH 23/24] ibnbd: a bit of documentation Roman Pen
2018-02-02 14:09 ` Roman Pen
2018-02-02 15:55 ` Bart Van Assche
2018-02-02 15:55 ` Bart Van Assche
2018-02-05 13:03 ` Roman Penyaev
2018-02-05 14:16 ` Sagi Grimberg
2018-02-02 14:09 ` [PATCH 24/24] MAINTAINERS: Add maintainer for IBNBD/IBTRS modules Roman Pen
2018-02-02 16:07 ` [PATCH 00/24] InfiniBand Transport (IBTRS) and Network Block Device (IBNBD) Bart Van Assche
2018-02-02 16:07 ` Bart Van Assche
2018-02-02 16:40 ` Doug Ledford
2018-02-02 16:40 ` Doug Ledford
2018-02-05 8:45 ` Jinpu Wang
2018-02-05 8:45 ` Jinpu Wang
2018-06-04 12:14 ` Danil Kipnis
2018-02-02 17:05 ` Bart Van Assche
2018-02-02 17:05 ` Bart Van Assche
2018-02-05 8:56 ` Jinpu Wang
2018-02-05 11:36 ` Sagi Grimberg
2018-02-05 13:38 ` Danil Kipnis
2018-02-05 13:38 ` Danil Kipnis
2018-02-05 14:17 ` Sagi Grimberg
2018-02-05 16:40 ` Danil Kipnis
2018-02-05 18:38 ` Bart Van Assche
2018-02-06 9:44 ` Danil Kipnis
2018-02-06 9:44 ` Danil Kipnis
2018-02-06 15:35 ` Bart Van Assche
2018-02-06 15:35 ` Bart Van Assche
2018-02-05 16:16 ` Bart Van Assche [this message]
2018-02-05 16:16 ` Bart Van Assche
2018-02-05 16:36 ` Jinpu Wang
2018-02-05 16:36 ` Jinpu Wang
2018-02-07 16:35 ` Christopher Lameter
2018-02-07 17:18 ` Roman Penyaev
2018-02-07 17:32 ` Bart Van Assche
2018-02-07 17:32 ` Bart Van Assche
2018-02-08 17:38 ` Danil Kipnis
2018-02-08 17:38 ` Danil Kipnis
2018-02-08 18:09 ` Bart Van Assche
2018-02-08 18:09 ` Bart Van Assche
2018-06-04 12:27 ` Danil Kipnis
2018-02-05 12:16 ` Sagi Grimberg
2018-02-05 12:16 ` Sagi Grimberg
2018-02-05 12:30 ` Sagi Grimberg
2018-02-07 13:06 ` Roman Penyaev
2018-02-07 13:06 ` Roman Penyaev
2018-02-05 16:58 ` Bart Van Assche
2018-02-05 16:58 ` Bart Van Assche
2018-02-05 17:16 ` Roman Penyaev
2018-02-05 17:20 ` Bart Van Assche
2018-02-05 17:20 ` Bart Van Assche
2018-02-06 11:47 ` Roman Penyaev
2018-02-06 13:12 ` Roman Penyaev
2018-02-06 13:12 ` Roman Penyaev
2018-02-06 16:01 ` Bart Van Assche
2018-02-06 16:01 ` Bart Van Assche
2018-02-07 12:57 ` Roman Penyaev
2018-02-07 12:57 ` Roman Penyaev
2018-02-07 16:35 ` Bart Van Assche
2018-02-07 16:35 ` Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517847408.3764.5.camel@wdc.com \
--to=bart.vanassche@wdc.com \
--cc=axboe@kernel.dk \
--cc=danil.kipnis@profitbricks.com \
--cc=hch@infradead.org \
--cc=jinpu.wang@profitbricks.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=roman.penyaev@profitbricks.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.