From: Vinit Agnihotri <vinita@ryussi.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: linux-rdma@vger.kernel.org
Subject: Re: [question] ibv_reg_mr() returning EACCESS
Date: Wed, 20 Nov 2019 09:35:12 +0530 [thread overview]
Message-ID: <1d17a8f1-388f-239b-9032-db4706842dd1@ryussi.com> (raw)
In-Reply-To: <20191119233400.GP4991@ziepe.ca>
Thank you Jason,
I'll sure take a look.
Regards,
Vinit.
On 20/11/19 5:04 AM, Jason Gunthorpe wrote:
> You need this kernel commit
>
> commit 4785860e04bc8d7e244b25257168e1cf8a5529ab
> Author: Jason Gunthorpe <jgg@ziepe.ca>
> Date: Fri Nov 30 13:06:21 2018 +0200
>
> RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers
>
> Now that the handlers do not process their own udata we can make a
> sensible ioctl that wrappers them. The ioctl follows the same format as
> the write_ex() and has the user explicitly specify the core and driver
> in/out opaque structures and a command number.
>
> This works for all forms of write commands.
>
> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
> Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
> Signed-off-by: Doug Ledford <dledford@redhat.com>
>
> And a rdma-core new enough to call UVERBS_METHOD_INVOKE_WRITE
>
> On Mon, Nov 18, 2019 at 10:29:33AM +0530, Vinit Agnihotri wrote:
>> Thank you Jason.
>>
>> I did went through archives for the same.
>>
>> Can you please provide pointer towards documentation or
>>
>> sample userspace usage for the same? Or which kernel version to be looked
>> into?
>>
>>
>> Thanks & Regards,
>>
>> Vinit.
>>
>> On 15/11/19 7:42 PM, Jason Gunthorpe wrote:
>>> On Fri, Nov 15, 2019 at 09:27:40AM +0530, Vinit Agnihotri wrote:
>>>> Hi,
>>>>
>>>> I am trying to use setfsgid()/setfssid() calls to ensure proper access check
>>>> for linux users.
>>>>
>>>> However if user is non-root then ibv_reg_mr() returns EACCESS. While I am
>>>> sure I am calling ibv_reg_mr()
>>>>
>>>> as root user, not sure why it still returns EACCESS.
>>>>
>>>> While going through libibverbs sources I realize EACCESS might be returned
>>>> by this call:
>>>>
>>>> if (write(pd->context->cmd_fd, cmd, cmd_size) != cmd_size)
>>>> return errno;
>>>>
>>>> Can anyone provide any insight into this behavior? Does calling these
>>>> systems calls in threads can affect
>>>>
>>>> entire process? I checked /dev/infiniband/* has appropriate privileges.
>>> This is a security limitation, if you want do this flow you need a new
>>> enough kernel and rdma-core to support the ioctl() scheme for calling
>>> verbs
>>>
>>> Jason
prev parent reply other threads:[~2019-11-20 4:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-15 3:57 [question] ibv_reg_mr() returning EACCESS Vinit Agnihotri
2019-11-15 14:12 ` Jason Gunthorpe
2019-11-18 4:59 ` Vinit Agnihotri
2019-11-19 23:34 ` Jason Gunthorpe
2019-11-20 4:05 ` Vinit Agnihotri [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d17a8f1-388f-239b-9032-db4706842dd1@ryussi.com \
--to=vinita@ryussi.com \
--cc=jgg@ziepe.ca \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox