From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Moni Shoua <monis-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Matan Barak <matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
linux-rdma <linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Eran Ben Elisha <eranbe-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Haggai Eran <haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Or Gerlitz <ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Somnath Kotur
<Somnath.Kotur-1wcpHE2jlwO1Z/+hSey0Gg@public.gmane.org>
Subject: Re: [PATCH for-next V2 00/11] Add RoCE v2 support
Date: Wed, 16 Dec 2015 11:13:12 -0700 [thread overview]
Message-ID: <20151216181312.GE32594@obsidianresearch.com> (raw)
In-Reply-To: <CAG9sBKNa4Hd0WVqhZCLeqXjc2zE2h+dBwF6zVgGT0R_Gt1FEwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Wed, Dec 16, 2015 at 08:56:01AM +0200, Moni Shoua wrote:
> I can't object to that but I really would like to get an example of a
> security risk.
How can anyone give you an example when nobody knows exactly how mlx
hardware works in this area?
>From an kapi prespective, the security design is very simple.
Every single UD packet the kapi side has to process must be
unambiguously associated with a gid_index or dropped. Period full
stop. I would think that is an obvious conclusion based on the design
of the gid cache.
This is why we need a clear API to get this critical information. It
should not be open coded in init_ah_from_wc, it should not be done
some other way in the CMA code.
This is a simple matter of sane kapi design, nothing more.
I have no idea why this is so objectionable.
> scattered to the receive bufs anyway. So, if there is a security hole
> it exists from day one of the IB stack and this is not the time we
> should insist on fixing it.
IB isn't interacting with the net stack in the same way rocev2 is, so
this is not a pre-existing problem.
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-12-16 18:13 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-03 13:47 [PATCH for-next V2 00/11] Add RoCE v2 support Matan Barak
[not found] ` <1449150450-13679-1-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-03 13:47 ` [PATCH for-next V2 01/11] IB/core: Add gid_type to gid attribute Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 02/11] IB/cm: Use the source GID index type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 03/11] IB/core: Add gid attributes to sysfs Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 04/11] IB/core: Add ROCE_UDP_ENCAP (RoCE V2) type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 05/11] IB/core: Add rdma_network_type to wc Matan Barak
[not found] ` <1449150450-13679-6-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-03 14:05 ` Christoph Hellwig
[not found] ` <20151203140543.GA4283-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-12-03 16:19 ` Matan Barak
2015-12-03 16:20 ` Liran Liss
[not found] ` <HE1PR05MB141857FA57EECD82D1533543B10D0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-06 14:03 ` Christoph Hellwig
[not found] ` <20151206140307.GB25487-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-12-06 14:20 ` Moni Shoua
2015-12-07 6:02 ` Jason Gunthorpe
[not found] ` <20151207060241.GA19038-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-07 6:15 ` Moni Shoua
[not found] ` <CAG9sBKO0rsSQK1WcyBciZEONWJsusw9GwR19H7FfAsebEH63dg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-07 6:34 ` Jason Gunthorpe
[not found] ` <20151207063415.GB20066-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-07 6:37 ` Moni Shoua
[not found] ` <CAG9sBKMBt6Toa25Ouasr7hudAcOYrxZyBUFYMXzrMTFZvooWfQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-07 17:12 ` Jason Gunthorpe
[not found] ` <20151207171228.GA26969-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-07 18:34 ` Moni Shoua
[not found] ` <CAG9sBKNXnzp7PgJhfcjbYvje5qgZWYqygJYkbs4WyTZtDc4ckg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-07 18:48 ` Jason Gunthorpe
[not found] ` <20151207184832.GA21402-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-08 7:23 ` Moni Shoua
[not found] ` <CAG9sBKNWMQA3XDGpDc_+2QoJcnnNL9o67p0JNoVqrU0u9UQCrA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-08 22:52 ` Jason Gunthorpe
[not found] ` <20151208225251.GA27609-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-09 9:34 ` Moni Shoua
[not found] ` <CAG9sBKM2s9BMv8priCHnFaMcSnuafn4vf+6+0Rooc6Gw0ZSaLA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-09 18:01 ` Jason Gunthorpe
[not found] ` <20151209180129.GD31636-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-10 7:58 ` Moni Shoua
[not found] ` <CAG9sBKPNWsO7ugdyhd5sYp_yOSrUkG0b-Lfq6Eenrydg3MzyvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-10 17:38 ` Jason Gunthorpe
2015-12-09 9:38 ` Liran Liss
[not found] ` <HE1PR05MB1418B1F0F393AD0D92424043B1E80-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-09 18:09 ` Jason Gunthorpe
[not found] ` <20151209180920.GE31636-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-10 7:53 ` Moni Shoua
2015-12-13 13:56 ` Liran Liss
[not found] ` <HE1PR05MB141868A873246D76F580401FB1EC0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-13 14:03 ` Matan Barak
2015-12-09 9:41 ` Moni Shoua
2015-12-07 6:21 ` Parav Pandit
2015-12-03 16:36 ` Jason Gunthorpe
2015-12-03 13:47 ` [PATCH for-next V2 06/11] IB/core: Move rdma_is_upper_dev_rcu to header file Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 07/11] IB/core: Validate route in ib_init_ah_from_wc and ib_init_ah_from_path Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 08/11] IB/rdma_cm: Add wrapper for cma reference count Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 09/11] IB/cma: Add configfs for rdma_cm Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 10/11] IB/core: Initialize UD header structure with IP and UDP headers Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 11/11] IB/cma: Join and leave multicast groups with IGMP Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 00/11] Add RoCE v2 support Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 01/11] IB/core: Add gid_type to gid attribute Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 02/11] IB/cm: Use the source GID index type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 03/11] IB/core: Add gid attributes to sysfs Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 04/11] IB/core: Add ROCE_UDP_ENCAP (RoCE V2) type Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 05/11] IB/core: Add rdma_network_type to wc Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 06/11] IB/core: Move rdma_is_upper_dev_rcu to header file Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 07/11] IB/core: Validate route in ib_init_ah_from_wc and ib_init_ah_from_path Matan Barak
[not found] ` <1449150450-13679-20-git-send-email-matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-07 13:42 ` Haggai Eran
[not found] ` <56658CB4.7090402-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-12-10 17:36 ` Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 08/11] IB/rdma_cm: Add wrapper for cma reference count Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 09/11] IB/cma: Add configfs for rdma_cm Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 10/11] IB/core: Initialize UD header structure with IP and UDP headers Matan Barak
2015-12-03 13:47 ` [PATCH for-next V2 11/11] IB/cma: Join and leave multicast groups with IGMP Matan Barak
2015-12-15 7:15 ` [PATCH for-next V2 00/11] Add RoCE v2 support Moni Shoua
[not found] ` <CAG9sBKM7j6w+Gk4PXXO+0mHpFeVaBdeNmr-z9V9fPR562o+kmw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-15 21:45 ` Doug Ledford
[not found] ` <567089F1.30004-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-12-15 22:00 ` Jason Gunthorpe
[not found] ` <20151215220033.GB30404-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-16 9:57 ` Liran Liss
[not found] ` <HE1PR05MB14188FDA12D077BA2720C84BB1EF0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-12-16 18:02 ` Jason Gunthorpe
2015-12-16 6:56 ` Moni Shoua
[not found] ` <CAG9sBKNa4Hd0WVqhZCLeqXjc2zE2h+dBwF6zVgGT0R_Gt1FEwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-16 18:13 ` Jason Gunthorpe [this message]
2015-12-16 20:39 ` Doug Ledford
[not found] ` <5671CBF4.4060602-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-12-16 21:25 ` Jason Gunthorpe
2015-12-17 10:04 ` Moni Shoua
2015-12-17 10:14 ` Liran Liss
2015-12-16 14:18 ` Liran Liss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151216181312.GE32594@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=Somnath.Kotur-1wcpHE2jlwO1Z/+hSey0Gg@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eranbe-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matanb-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=monis-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=ogerlitz-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).