From: Hal Rosenstock <hal-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
To: Jim Foraker <foraker1-i2BcT+NCU+M@public.gmane.org>
Cc: "linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Weiny, Ira K." <weiny2-i2BcT+NCU+M@public.gmane.org>
Subject: Re: [PATCH V2 3/5] ib-diags/saquery: Fix smkey handling
Date: Wed, 25 Apr 2012 08:57:09 -0400 [thread overview]
Message-ID: <4F97F4A5.40007@dev.mellanox.co.il> (raw)
In-Reply-To: <1335310971.17237.407.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
On 4/24/2012 7:42 PM, Jim Foraker wrote:
>
> On Tue, 2012-04-24 at 07:17 -0700, Hal Rosenstock wrote:
>> On 4/23/2012 8:56 PM, Jim Foraker wrote:
>>> smkey is already defined as a global inside saquery.c, so remove
>>> broken support for passing it around as a function parameter
>>>
>>> Signed-off-by: Jim Foraker <foraker1-i2BcT+NCU+M@public.gmane.org>
>>> ---
>>> src/saquery.c | 59 ++++++++++++++++++++++++++++-----------------------------
>>> 1 file changed, 29 insertions(+), 30 deletions(-)
>>>
>>> diff --git a/src/saquery.c b/src/saquery.c
>>> index e5fdb25..029228c 100644
>>> --- a/src/saquery.c
>>> +++ b/src/saquery.c
>>> @@ -85,7 +85,7 @@ struct query_cmd {
>>>
>>> static char *node_name_map_file = NULL;
>>> static nn_map_t *node_name_map = NULL;
>>> -static uint64_t smkey = 1;
>>> +static uint64_t smkey = 0;
>>
>> Why is the default for smkey being changed from 1 to 0 ? Note that even
>> though the name is smkey (due to the spec), it is really the default SA key.
> Previous to the patch, smkey was defined as 1, but rarely passed
> thru to functions. In particular, the only SA requests that were using
> the default value of 1 were MCMember records, via either the -m option
> or the MCMR query. All other types were hard coded to smkey values of
> 0, and hence executing untrusted SA requests, regardless of either the
> smkey variable defaulting to 1 or of any "--smkey" being passed on the
> command line.
In addition to MCMemberRecords, trust is supported for
P_KeyTableRecords, PortInfoRecords, and ServiceRecords AFAIT. Patch
shortly for InformInfoRecords and InformInfo.
> Changing the variable default to 0 causes the patch to effect the
> least change in observable behavior.
Not sure what you mean by that.
> In particular, for commands not
> specifying a smkey on the command line, the visible changes are limited
> to MCMember records. For subnets not using partitioning, the change in
> MCMember records is limited to the specifics for that record type
> covered in C15-0.2-1.16.
Even without partitioning, this is important for validating all members
in MC group (for IPoIB debug).
It also affects the previously aforementioned SA records as well.
> Setting the default to 1 may provide better behavior, in terms of
> making the diags "just work" for an out-of-the-box OpenSM config,
Yes, that was the original intention.
> but it
> seems to me that the continued existence of this bug shows that
> authenticated requests might not be particularly important for simple
> configs. Plus, it extracts a penalty -- post-patch, if the default is
> set to 1, a user who chooses to change their SA smkey will be penalized
> in the sense that they will always need to pass an smkey on the command
> line, either the correct one or "--smkey 0" to execute an untrusted
> request (packets with incorrect smkeys are dropped, not considered
> untrusted).
That is the tradeoff and it was the decision made. I can dig out the
threads on the list if need be.
> With a default of 0, we are not providing users
> encouragement to leave their SA smkey (which in turn protects other
> authentication keys on the fabric) at a well-known, insecure value.
Yes, it comes down ease of use v. "security". Also, changing this now
becomes a flag day/backward compatibility issue (at least in terms of
support).
> A compromise would be for someone to write a patch that adds
> support for a default SA smkey to the diags config file.
Makes sense.
> In that case, I think the right behavior would be for the compiled utility to still
> default to 0 so that saquery works on hosts without an smkey set in the
> conf (the default config file might set the value to 1), which means
> this patch as written does not get in the way.
OK but IMO we shouldn't change the smkey value here until this occurs.
-- Hal
> Jim
>
>>
>> -- Hal
>>
>> <snip...>
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-04-25 12:57 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-24 0:53 [PATCH V2 0/5] Mkey support in infiniband-diags Jim Foraker
[not found] ` <1335228837.17237.302.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-04-24 0:56 ` [PATCH V2 1/5] infiniband-diags/ibportstate.c: Support MKey, lease, and protect bits Jim Foraker
[not found] ` <1335229017-10677-1-git-send-email-foraker1-i2BcT+NCU+M@public.gmane.org>
2012-04-24 0:56 ` [PATCH V2 2/5] infiniband-diags: Allow specification of an mkey to use on the command line Jim Foraker
[not found] ` <1335229017-10677-2-git-send-email-foraker1-i2BcT+NCU+M@public.gmane.org>
2012-04-24 14:17 ` Hal Rosenstock
[not found] ` <4F96B5F1.7080906-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-04-24 17:21 ` Ira Weiny
2012-04-24 0:56 ` [PATCH V2 3/5] ib-diags/saquery: Fix smkey handling Jim Foraker
[not found] ` <1335229017-10677-3-git-send-email-foraker1-i2BcT+NCU+M@public.gmane.org>
2012-04-24 14:17 ` Hal Rosenstock
[not found] ` <4F96B5F8.8070801-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-04-24 23:42 ` Jim Foraker
[not found] ` <1335310971.17237.407.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-04-25 12:57 ` Hal Rosenstock [this message]
[not found] ` <4F97F4A5.40007-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-04-25 23:24 ` Jim Foraker
[not found] ` <1335396262.17237.494.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-04-26 12:04 ` Hal Rosenstock
[not found] ` <4F9939B9.8090104-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-04-27 0:45 ` Jim Foraker
[not found] ` <1335487548.17237.605.camel-mxTxeWJot8FliZ7u+bvwcg@public.gmane.org>
2012-04-27 11:54 ` Hal Rosenstock
2012-04-24 0:56 ` [PATCH V2 4/5] infiniband-diags: install config file mode 400 Jim Foraker
2012-04-24 0:56 ` [PATCH V2 5/5] infiniband-diags: Add m_key option to config file Jim Foraker
2012-04-24 14:16 ` [PATCH V2 1/5] infiniband-diags/ibportstate.c: Support MKey, lease, and protect bits Hal Rosenstock
2012-04-24 14:15 ` [PATCH V2 0/5] Mkey support in infiniband-diags Hal Rosenstock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F97F4A5.40007@dev.mellanox.co.il \
--to=hal-ldsdmyg8hgv8yrgs2mwiifqbs+8scbdb@public.gmane.org \
--cc=foraker1-i2BcT+NCU+M@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=weiny2-i2BcT+NCU+M@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.