Re: [RFC PATCH V2 for-next] RDMA/hns: Add UD support for hip08

Linux RDMA and InfiniBand development
 help / color / mirror / Atom feed

From: Leon Romanovsky <leon@kernel.org>
To: Doug Ledford <dledford@redhat.com>
Cc: oulijun <oulijun@huawei.com>, Jason Gunthorpe <jgg@ziepe.ca>,
	linux-rdma@vger.kernel.org, linuxarm@huawei.com
Subject: Re: [RFC PATCH V2 for-next] RDMA/hns: Add UD support for hip08
Date: Tue, 22 Oct 2019 08:44:45 +0300	[thread overview]
Message-ID: <20191022054445.GF4853@unreal> (raw)
In-Reply-To: <4ab0f98e4569a9700d94173c7f3d93e00bd9635b.camel@redhat.com>

On Mon, Oct 21, 2019 at 12:45:56PM -0400, Doug Ledford wrote:
> On Mon, 2019-10-21 at 10:58 -0400, Doug Ledford wrote:
> > On Mon, 2019-10-21 at 22:20 +0800, oulijun wrote:
> > > 在 2019/10/21 22:13, Jason Gunthorpe 写道:
> > > > On Sat, Oct 19, 2019 at 04:46:12PM +0800, Lijun Ou wrote:
> > > > > index bd78ff9..722cc5f 100644
> > > > > +++ b/drivers/infiniband/hw/hns/hns_roce_qp.c
> > > > > @@ -377,6 +377,10 @@ static int hns_roce_set_user_sq_size(struct
> > > > > hns_roce_dev *hr_dev,
> > > > >  		hr_qp->sge.sge_cnt = roundup_pow_of_two(hr_qp-
> > > > > > sq.wqe_cnt *
> > > > >  							(hr_qp-
> > > > > > sq.max_gs - 2));
> > > > >
> > > > > +	if (hr_qp->ibqp.qp_type == IB_QPT_UD)
> > > > > +		hr_qp->sge.sge_cnt = roundup_pow_of_two(hr_qp-
> > > > > > sq.wqe_cnt *
> > > > > +						       hr_qp-
> > > > > > sq.max_gs);
> > > > > +
> > > > >  	if ((hr_qp->sq.max_gs > 2) && (hr_dev->pci_dev->revision
> > > > > ==
> > > > > 0x20)) {
> > > > >  		if (hr_qp->sge.sge_cnt > hr_dev-
> > > > > >caps.max_extend_sg) {
> > > > >  			dev_err(hr_dev->dev,
> > > > > @@ -1022,6 +1026,9 @@ struct ib_qp *hns_roce_create_qp(struct
> > > > > ib_pd *pd,
> > > > >  	int ret;
> > > > >
> > > > >  	switch (init_attr->qp_type) {
> > > > > +	case IB_QPT_UD:
> > > > > +		if (!capable(CAP_NET_RAW))
> > > > > +			return -EPERM;
> > > > This needs a big comment explaining why this HW requires it.
> > > >
> > > > Jason
> > > >
> > > Add the detail comments for HW limit?
> >
> > I can add those comments while taking the pactch.  Plus we need to add
> > a
> > fallthrough annotation at the same place.  I'll fix it up and unfreeze
> > the hns queue.
> >
>
> Does this meet people's approval?

It is much more detailed than I would imagine, Thanks.

>
>         switch (init_attr->qp_type) {
>         case IB_QPT_UD:
>                 /*
>                  * DO NOT REMOVE!
>                  * The HNS RoCE hardware has a security vulnerability.
>                  * Normally, UD packet routing is achieved using nothing
>                  * but the ib_ah struct, which contains the src gid in the
>                  * sgid_attr element.  Th src gid is sufficient for the
>                  * hardware to know if any vlan tag is needed, as well as
>                  * any priority tag.  In the case of HNS RoCE, the vlan
>                  * tag is passed to the hardware along with the src gid.
>                  * This allows a situation where a malicious user could
>                  * intentionally send packets with a gid that belongs to
>                  * vlan A, but direct the packets to go out to vlan B
>                  * instead.
>                  * Because the ability to send out packets with arbitrary
>                  * headers is reserved for CAP_NET_RAW, and because UD
>                  * queue pairs can be tricked into doing that, make all
>                  * UD queue pairs on this hardware require CAP_NET_RAW.
>                  */
>                 if (!capable(CAP_NET_RAW))
>                         return -EPERM;
>                 /* fallthrough */
>         case IB_QPT_RC: {
>
> --
> Doug Ledford <dledford@redhat.com>
>     GPG KeyID: B826A3330E572FDD
>     Fingerprint = AE6B 1BDA 122B 23B4 265B  1274 B826 A333 0E57 2FDD

next prev parent reply	other threads:[~2019-10-22  5:44 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-19  8:46 [RFC PATCH V2 for-next] RDMA/hns: Add UD support for hip08 Lijun Ou
2019-10-21 14:13 ` Jason Gunthorpe
2019-10-21 14:20   ` oulijun
2019-10-21 14:58     ` Doug Ledford
2019-10-21 16:45       ` Doug Ledford
2019-10-22  5:44         ` Leon Romanovsky [this message]
2019-11-13  6:47         ` Weihang Li
2019-10-22  1:07       ` oulijun

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191022054445.GF4853@unreal \
    --to=leon@kernel.org \
    --cc=dledford@redhat.com \
    --cc=jgg@ziepe.ca \
    --cc=linux-rdma@vger.kernel.org \
    --cc=linuxarm@huawei.com \
    --cc=oulijun@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox