Re: Trust model for raw QPs

[Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>]

On 15/08/2012 16:40, Steve Wise wrote:
> On 8/15/2012 8:28 AM, Or Gerlitz wrote:
>> Currently, for an app to open a raw QP from user space, we (verbs) 
>> require admin permission, for which we (Mellanox) got customer 
>> feedback saying this is problematic on some of the environments.
>>
>> Suppose we allow to user to provide source mac+vlan when creating the 
>> QP or when modifying its state, and the HW can enforce that -- in 
>> that case I think its OK to remove that restriction e.g ala what is 
>> allowed today with user space UD QPs when the fabric is IB.
>>
> We have similar requirements from customers.   I don't understand how 
> mac+vlan allows the driver to enforce anything?  Can you explain this 
> further?

Its what's  called HW anti spoofing support, very common in the 
virtualization world when you want te HW to enforce source mac/vlan for 
Ethernet frames sent by a VM using an SRIOV VF -- user-space is a 
private case of that very same problem. Its not driver enforcement, its 
driver advertizing the ability of the HW to enforce.

Or.

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html