SA Usage Leakage

Kevin D Butt kdbutt at us.ibm.com
Tue Apr 1 09:47:54 PDT 2008


Formatted message: <A HREF="r0804013_f.htm">HTML-formatted message</A>

We have concerns related to SA usage leakage.  That is, it is possible for 
application clients to create enough SA's in a device server - with the 
timeout values long enough - that the device server is out of resources to 
create another.  While the answer seems obvious - allow the device server 
to implicitly abandon an SA for vendor-specific reasons, there is no 
explicit mention of this in SPC-4 that we can find.  If the DS is not 
allowed to implicitly abandon an SA, the opens up the avenue for Denial of 
Service attacks - an attacker could use up all the SA resources with 
maximum timeout values.
Key points being:
A) the DS needs to be able to clear space for a new SA
B) no notification of lost SA should be reported to AC until the AC 
attempts to use an SA
C) the expected behaviors of the DS and the AC should be explicitly stated 
in SPC-4 and be general (i.e., not tied to each usage defined (e.g., 
ESP-SCSI))
D) There should be a unique additional sense code for when an attempt to 
use an unknown SAI is made
Please provide comments as we will be driving to a proposal to make this 
happen.
Thanks,
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-2869 / 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt at us.ibm.com



More information about the T10 mailing list