Re: Trust model for raw QPs

[Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>]

On 15/08/2012 17:06, Christoph Lameter wrote:
> On Wed, 15 Aug 2012, Or Gerlitz wrote:
>
>> Currently, for an app to open a raw QP from user space, we (verbs) require
>> admin permission, for which we (Mellanox) got customer feedback saying this is
>> problematic on some of the environments.
>
> Well yes it is but the kernel mod is a one line to get rid of this problem.

Its one LOC that has behind it many lines  of reasoning... e.g as 
specified in the change-log, those QP are to some extent the RDMA stack 
form of packet/raw sockets.

>
>
>> Suppose we allow to user to provide source mac+vlan when creating the QP or when modifying its state, and the HW can enforce that -- in that case I think its OK to remove that restriction e.g ala what is allowed today with user space UD QPs when the fabric is IB.
>
> Well yes that would mean that the source mac and vlan are configured with
> admin permissions and then the app would run without within the
> constraints established in priviledged moded.

There a co-existence between the IP stack and the RDMA stack, which is 
for example exercised by the RDMA-CM design, here also, the admin 
configured a MAC and VLAN for a netdevice that is bounded to a HW 
NIC/port we want to create RAW QP on, and there's a non privileged user 
space app that want to  generate frames with this mac/vlan, and we say 
its allowed once the HW can enforce that.

Or.


--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html