From: Jack Morgenstein <jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
To: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org,
Liran Liss <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Dotan Barak <dotanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH for-next V2 02/22] IB/core: change pkey table lookups to support full and partial membership for the same pkey
Date: Thu, 13 Sep 2012 10:35:15 +0300 [thread overview]
Message-ID: <201209131035.15318.jackm@dev.mellanox.co.il> (raw)
In-Reply-To: <5050BCDD.50106-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Wednesday 12 September 2012 19:48, Doug Ledford wrote:
> > On the Hypervisor, however, we assume that if both versions of the pkey are in its pkey table,
> > then for its own infiniband operation (as opposed to performing its pkey virtualizing function),
> > it should operate with the highest membership type in its table for a given 15-bit pkey.
>
> That's what I was looking for. So, how can you know this assumption is
> correct? It seems to me that if someone wanted to restrict membership
> of the hypervisor as part of a security lockdown, then give full
> membership to a guest because that guest is some high security, single
> task guest, then this assumption would break things (the user would be
> able to assign the full membership key to the guest OK, but regardless
> of how they wanted the hypervisor to be subscribed to that particular
> pkey, it would always get the full membership from the guest).
>
This issue, unfortunately, opens up a real "can of worms".
ib_find_cached_pkey() is used by the CM in determining the (15-bit) p_key
to be used for the connection (although 16-bit pkeys are placed in the
CM_REQ message (see IB Spec 1.2.1, table 99, page 667). The REQ handler on
the remote side finds the index in its pkey table which contains the
(15-bit) pkey enclosed in the REQ message. This index is then used
when creating the local RC qp as its pkey_index.
AFAIK, no check is performed regarding compatible membership forms (i.e.,
that at least one of the two sides has the full membership form of the
15-bit pkey) -- it is the network administrator's responsibility to see
that the pkey configurations are correct.
Up to now, the ib_core driver has assumed that only 1 membership form per
15-bit pkey is contained in the local pkey table.
Now that both forms may exist in the Hypervisor's table, we do have a problem.
1. We cannot depend on ib_find_cached_pkey simply finding the first 15-bit pkey
which matches its search, since we cannot depend on the order of full vs limited
membership forms appearing in the pkey table (the order is not controllable -- see
the example at the end of this post).
2. We therefore need a consistent policy for preferentially retrieving either the full
or the partial member for a given 15-bit pkey.
3. This policy must be configurable by the administrator per host, per HCA.
The problems that I see:
1. What if the Hypervisor needs to have limited membership for some connections, but
full membership for others? Such a split policy is complex to implement -- it would
require specifying PER PKEY whether the preferential return should be full, or should
be limited.
2. What if the Hypervisor has several HCAs, and wishes a different policy for each HCA?
There may be more problems as well. Liran?
In any event, the issue of multiple pkey forms in a given pkey table is actually separate
from SRIOV (it's just that SRIOV needs multiple forms, so the issue came up).
Solving it will require changes in the ib core driver.
I don't yet have a concrete proposal to fix this at present. Any ideas would be appreciated.
-Jack
P.S. We have the same issue in procedure ib_find_pkey(), also in this patch, in core/device.c .
This procedure is used in lots of places: ipoib, core/multicast, sa_query.
I seem to recall that there were problems with IPoIB when partial membership pkeys are used.
Liran, do you recall something?
======================================
It is also impossible to demand that the pkey table be ordered so that if both limited
and full pkeys are present, then the full membership value always appears first.
A simple example:
1. Fill the entire pkey table with full-membership pkeys. Say pkey A and pkey B are both
in the table, and that pkey A appears first.
2. Delete full-membership pkey A, and add the limited-membership value of Pkey B. This
new limited-pkey-B will be entered into the pkey table by OpenSM in the position just
vacated by the deleted pkey A -- it is the only available slot!.
3. The Limited-membership pkey-B value will therefore unavoidably appear in the table
before the full-membership pkey-B value.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-09-13 7:35 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-03 8:40 [PATCH for-next V2 00/22] Add SRIOV support for IB interfaces Jack Morgenstein
[not found] ` <1343983258-6268-1-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-08-03 8:40 ` [PATCH for-next V2 01/22] IB/core: Reserve bits in enum ib_qp_create_flags for low-level driver use Jack Morgenstein
[not found] ` <1343983258-6268-2-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-05 14:55 ` Doug Ledford
[not found] ` <504767EB.6090004-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-09-06 10:06 ` Jack Morgenstein
2012-09-24 19:34 ` Roland Dreier
[not found] ` <CAL1RGDXrJ+c2tgxYsLMZQVz+os7E3FZROMJ9D7oqPiQbdk1g7w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-09-25 8:28 ` Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 02/22] IB/core: change pkey table lookups to support full and partial membership for the same pkey Jack Morgenstein
[not found] ` <1343983258-6268-3-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-11 16:52 ` Doug Ledford
[not found] ` <504F6C4F.6050207-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-09-12 7:56 ` Jack Morgenstein
[not found] ` <201209121056.00309.jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-12 16:48 ` Doug Ledford
[not found] ` <5050BCDD.50106-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-09-13 7:35 ` Jack Morgenstein [this message]
[not found] ` <201209131035.15318.jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-13 8:18 ` Or Gerlitz
2012-09-13 8:20 ` Or Gerlitz
2012-09-13 15:53 ` Or Gerlitz
[not found] ` <50520193.2010304-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2012-09-13 16:00 ` Or Gerlitz
2012-08-03 8:40 ` [PATCH for-next V2 03/22] IB/core: Add ib_find_exact_cached_pkey() to search for 16-bit pkey match Jack Morgenstein
[not found] ` <1343983258-6268-4-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-11 16:53 ` Doug Ledford
2012-09-11 17:12 ` Doug Ledford
[not found] ` <504F70FB.6030806-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-09-11 19:07 ` Roland Dreier
[not found] ` <CAL1RGDW6D25s+R8HuxK-DMrsS_wvKDTL+LSp2X-TK8gB8Vm2Fg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-09-11 20:34 ` Doug Ledford
[not found] ` <504FA064.6040002-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-09-11 20:43 ` Roland Dreier
[not found] ` <CAL1RGDXpeK3KjrmzyivQs8FOs2dg5MqSmuVsdRE+bVD5OXe6BA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-09-11 22:51 ` Doug Ledford
2012-08-03 8:40 ` [PATCH for-next V2 04/22] IB/mlx4: SRIOV IB context objects and proxy/tunnel sqp support Jack Morgenstein
[not found] ` <1343983258-6268-5-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-11 17:10 ` Doug Ledford
[not found] ` <504F7068.6020606-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-09-20 23:15 ` Or Gerlitz
[not found] ` <CAJZOPZ+-1EUpGozrG+XsyPmS0RL791zP0=7OT8JMsmhwgL7QPQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-09-21 7:42 ` Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 05/22] net/mlx4_core: Add proxy and tunnel QPs to the reserved QP area Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 06/22] IB/mlx4: Initialize SRIOV IB support for slaves in master context Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 07/22] {NET,IB}/mlx4: Implement QP paravirtualization and maintain phys_pkey_cache for smp_snoop Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 08/22] IB/mlx4: SRIOV multiplex and demultiplex MADs Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 09/22] {NET,IB}/mlx4: MAD_IFC paravirtualization Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 10/22] IB/mlx4: Added Multicast Groups (MCG) para-virtualization for SRIOV Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 11/22] IB/mlx4: Add CM paravirtualization Jack Morgenstein
[not found] ` <1343983258-6268-12-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-24 19:33 ` Roland Dreier
2012-08-03 8:40 ` [PATCH for-next V2 12/22] net/mlx4_core: Add IB port-state machine, and port mgmt event propagation infrastructure Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 13/22] {NET,IB}/mlx4: Add alias_guid mechanism Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 14/22] IB/mlx4: Propagate pkey and guid change port management events to slaves Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 15/22] IB/mlx4: Add iov directory in sysfs under the ib device Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 16/22] net/mlx4_core: Adjustments to SET_PORT for SRIOV-IB Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 17/22] net/mlx4_core: INIT/CLOSE port logic for IB ports in SRIOV mode Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 18/22] IB/mlx4: Miscellaneous adjustments to SRIOV IB support Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 19/22] {NET,IB}/mlx4: Activate SRIOV mode for IB Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 20/22] {NET,IB}/mlx4: Paravirtualize Node Guids for slaves Jack Morgenstein
2012-08-03 8:40 ` [PATCH for-next V2 21/22] {NET,IB}/mlx4: Modify proxy/tunnel QP mechanism so that guests do no calculations Jack Morgenstein
[not found] ` <1343983258-6268-22-git-send-email-jackm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2012-09-22 10:25 ` Roland Dreier
2012-08-03 8:40 ` [PATCH for-next V2 22/22] IB/mlx4: Create pv contexts for active VFs when PF (master) ib driver initializes Jack Morgenstein
2012-08-03 9:00 ` [PATCH for-next V2 00/22] Add SRIOV support for IB interfaces Tziporet Koren
2012-08-12 9:34 ` Or Gerlitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201209131035.15318.jackm@dev.mellanox.co.il \
--to=jackm-ldsdmyg8hgv8yrgs2mwiifqbs+8scbdb@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dotanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=roland-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).