From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Moni Shoua <monis-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Matan Barak <matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
linux-rdma <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Eran Ben Elisha <eranbe-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Haggai Eran <haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Somnath Kotur
<Somnath.Kotur-1wcpHE2jlwO1Z/+hSey0Gg@public.gmane.org>
Subject: Re: [PATCH for-next V2 00/11] Add RoCE v2 support
Date: Wed, 16 Dec 2015 11:13:12 -0700 [thread overview]
Message-ID: <20151216181312.GE32594@obsidianresearch.com> (raw)
In-Reply-To: <CAG9sBKNa4Hd0WVqhZCLeqXjc2zE2h+dBwF6zVgGT0R_Gt1FEwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Wed, Dec 16, 2015 at 08:56:01AM +0200, Moni Shoua wrote:
> I can't object to that but I really would like to get an example of a
> security risk.
How can anyone give you an example when nobody knows exactly how mlx
hardware works in this area?
>From an kapi prespective, the security design is very simple.
Every single UD packet the kapi side has to process must be
unambiguously associated with a gid_index or dropped. Period full
stop. I would think that is an obvious conclusion based on the design
of the gid cache.
This is why we need a clear API to get this critical information. It
should not be open coded in init_ah_from_wc, it should not be done
some other way in the CMA code.
This is a simple matter of sane kapi design, nothing more.
I have no idea why this is so objectionable.
> scattered to the receive bufs anyway. So, if there is a security hole
> it exists from day one of the IB stack and this is not the time we
> should insist on fixing it.
IB isn't interacting with the net stack in the same way rocev2 is, so
this is not a pre-existing problem.
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-12-16 18:13 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-03 13:47 [PATCH for-next V2 00/11] Add RoCE v2 support Matan Barak
[not found] ` <1449150450-13679-1-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-03 13:47 ` [PATCH for-next V2 01/11] IB/core: Add gid_type to gid attribute Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 02/11] IB/cm: Use the source GID index type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 03/11] IB/core: Add gid attributes to sysfs Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 04/11] IB/core: Add ROCE_UDP_ENCAP (RoCE V2) type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 05/11] IB/core: Add rdma_network_type to wc Matan Barak
[not found] ` <1449150450-13679-6-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-03 14:05 ` Christoph Hellwig
[not found] ` <20151203140543.GA4283-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-12-03 16:19 ` Matan Barak
2015-12-03 16:20 ` Liran Liss
[not found] ` <HE1PR05MB141857FA57EECD82D1533543B10D0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-06 14:03 ` Christoph Hellwig
[not found] ` <20151206140307.GB25487-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-12-06 14:20 ` Moni Shoua
2015-12-07 6:02 ` Jason Gunthorpe
[not found] ` <20151207060241.GA19038-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-07 6:15 ` Moni Shoua
[not found] ` <CAG9sBKO0rsSQK1WcyBciZEONWJsusw9GwR19H7FfAsebEH63dg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-07 6:34 ` Jason Gunthorpe
[not found] ` <20151207063415.GB20066-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-07 6:37 ` Moni Shoua
[not found] ` <CAG9sBKMBt6Toa25Ouasr7hudAcOYrxZyBUFYMXzrMTFZvooWfQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-07 17:12 ` Jason Gunthorpe
[not found] ` <20151207171228.GA26969-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-07 18:34 ` Moni Shoua
[not found] ` <CAG9sBKNXnzp7PgJhfcjbYvje5qgZWYqygJYkbs4WyTZtDc4ckg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-07 18:48 ` Jason Gunthorpe
[not found] ` <20151207184832.GA21402-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-08 7:23 ` Moni Shoua
[not found] ` <CAG9sBKNWMQA3XDGpDc_+2QoJcnnNL9o67p0JNoVqrU0u9UQCrA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-08 22:52 ` Jason Gunthorpe
[not found] ` <20151208225251.GA27609-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-09 9:34 ` Moni Shoua
[not found] ` <CAG9sBKM2s9BMv8priCHnFaMcSnuafn4vf+6+0Rooc6Gw0ZSaLA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-09 18:01 ` Jason Gunthorpe
[not found] ` <20151209180129.GD31636-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-10 7:58 ` Moni Shoua
[not found] ` <CAG9sBKPNWsO7ugdyhd5sYp_yOSrUkG0b-Lfq6Eenrydg3MzyvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-10 17:38 ` Jason Gunthorpe
2015-12-09 9:38 ` Liran Liss
[not found] ` <HE1PR05MB1418B1F0F393AD0D92424043B1E80-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-09 18:09 ` Jason Gunthorpe
[not found] ` <20151209180920.GE31636-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-10 7:53 ` Moni Shoua
2015-12-13 13:56 ` Liran Liss
[not found] ` <HE1PR05MB141868A873246D76F580401FB1EC0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-13 14:03 ` Matan Barak
2015-12-09 9:41 ` Moni Shoua
2015-12-07 6:21 ` Parav Pandit
2015-12-03 16:36 ` Jason Gunthorpe
2015-12-03 13:47 ` [PATCH for-next V2 06/11] IB/core: Move rdma_is_upper_dev_rcu to header file Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 07/11] IB/core: Validate route in ib_init_ah_from_wc and ib_init_ah_from_path Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 08/11] IB/rdma_cm: Add wrapper for cma reference count Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 09/11] IB/cma: Add configfs for rdma_cm Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 10/11] IB/core: Initialize UD header structure with IP and UDP headers Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 11/11] IB/cma: Join and leave multicast groups with IGMP Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 00/11] Add RoCE v2 support Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 01/11] IB/core: Add gid_type to gid attribute Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 02/11] IB/cm: Use the source GID index type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 03/11] IB/core: Add gid attributes to sysfs Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 04/11] IB/core: Add ROCE_UDP_ENCAP (RoCE V2) type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 05/11] IB/core: Add rdma_network_type to wc Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 06/11] IB/core: Move rdma_is_upper_dev_rcu to header file Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 07/11] IB/core: Validate route in ib_init_ah_from_wc and ib_init_ah_from_path Matan Barak
[not found] ` <1449150450-13679-20-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-07 13:42 ` Haggai Eran
[not found] ` <56658CB4.7090402-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-10 17:36 ` Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 08/11] IB/rdma_cm: Add wrapper for cma reference count Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 09/11] IB/cma: Add configfs for rdma_cm Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 10/11] IB/core: Initialize UD header structure with IP and UDP headers Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 11/11] IB/cma: Join and leave multicast groups with IGMP Matan Barak
2015-12-15 7:15 ` [PATCH for-next V2 00/11] Add RoCE v2 support Moni Shoua
[not found] ` <CAG9sBKM7j6w+Gk4PXXO+0mHpFeVaBdeNmr-z9V9fPR562o+kmw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-15 21:45 ` Doug Ledford
[not found] ` <567089F1.30004-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-12-15 22:00 ` Jason Gunthorpe
[not found] ` <20151215220033.GB30404-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-16 9:57 ` Liran Liss
[not found] ` <HE1PR05MB14188FDA12D077BA2720C84BB1EF0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-16 18:02 ` Jason Gunthorpe
2015-12-16 6:56 ` Moni Shoua
[not found] ` <CAG9sBKNa4Hd0WVqhZCLeqXjc2zE2h+dBwF6zVgGT0R_Gt1FEwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-16 18:13 ` Jason Gunthorpe [this message]
2015-12-16 20:39 ` Doug Ledford
[not found] ` <5671CBF4.4060602-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-12-16 21:25 ` Jason Gunthorpe
2015-12-17 10:04 ` Moni Shoua
2015-12-17 10:14 ` Liran Liss
2015-12-16 14:18 ` Liran Liss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151216181312.GE32594@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=Somnath.Kotur-1wcpHE2jlwO1Z/+hSey0Gg@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eranbe-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=monis-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.