From: Petr Machata <petrm@nvidia.com>
To: Patrisious Haddad <phaddad@nvidia.com>
Cc: <jgg@ziepe.ca>, <leon@kernel.org>, <dsahern@gmail.com>,
<stephen@networkplumber.org>, <netdev@vger.kernel.org>,
<linux-rdma@vger.kernel.org>, <linuxarm@huawei.com>,
<linux-kernel@vger.kernel.org>, <huangjunxian6@hisilicon.com>,
<michaelgur@nvidia.com>
Subject: Re: [PATCH v2 iproute2-next 2/3] rdma: Add an option to set privileged QKEY parameter
Date: Tue, 24 Oct 2023 17:34:46 +0200 [thread overview]
Message-ID: <874jig6m1v.fsf@nvidia.com> (raw)
In-Reply-To: <20231023112217.3439-3-phaddad@nvidia.com>
Patrisious Haddad <phaddad@nvidia.com> writes:
> Enrich rdmatool with an option to enable or disable privileged QKEY.
> When enabled, non-privileged users will be allowed to specify a
> controlled QKEY.
>
> By default this parameter is disabled in order to comply with IB spec.
> According to the IB specification rel-1.6, section 3.5.3:
> "QKEYs with the most significant bit set are considered controlled
> QKEYs, and a HCA does not allow a consumer to arbitrarily specify a
> controlled QKEY."
>
> This allows old applications which existed before the kernel commit:
> 0cadb4db79e1 ("RDMA/uverbs: Restrict usage of privileged QKEYs")
> they can use privileged QKEYs without being a privileged user to now
> be able to work again without being privileged granted they turn on this
> parameter.
>
> rdma tool command examples and output.
>
> $ rdma system show
> netns shared privileged-qkey off copy-on-fork on
>
> $ rdma system set privileged-qkey on
>
> $ rdma system show
> netns shared privileged-qkey on copy-on-fork on
>
> Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
> Reviewed-by: Michael Guralnik <michaelgur@nvidia.com>
Again, I'm not familiar with the subject matter, but mechanically this
looks OK to me.
Reviewed-by: Petr Machata <petrm@nvidia.com>
next prev parent reply other threads:[~2023-10-24 16:08 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 11:22 [PATCH v2 iproute2-next 0/3] Add support to set privileged qkey parameter Patrisious Haddad
2023-10-23 11:22 ` [PATCH v2 iproute2-next 1/3] rdma: update uapi headers Patrisious Haddad
2023-10-23 11:22 ` [PATCH v2 iproute2-next 2/3] rdma: Add an option to set privileged QKEY parameter Patrisious Haddad
2023-10-24 15:34 ` Petr Machata [this message]
2023-10-24 17:02 ` David Ahern
2023-10-25 6:26 ` Patrisious Haddad
2023-10-25 8:34 ` Petr Machata
2023-10-25 8:25 ` Petr Machata
2023-10-23 11:22 ` [PATCH v2 iproute2-next 3/3] rdma: Adjust man page for rdma system set privileged_qkey command Patrisious Haddad
2023-10-24 16:09 ` Petr Machata
2023-10-24 17:04 ` David Ahern
2023-10-25 6:10 ` Patrisious Haddad
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874jig6m1v.fsf@nvidia.com \
--to=petrm@nvidia.com \
--cc=dsahern@gmail.com \
--cc=huangjunxian6@hisilicon.com \
--cc=jgg@ziepe.ca \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=michaelgur@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=phaddad@nvidia.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.