From: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>,
Saeed Mahameed
<saeedm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
Cc: Ilan Tayari <ilant-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Alexei Starovoitov
<alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
"netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"jsorensen-b10kYP2dOMg@public.gmane.org"
<jsorensen-b10kYP2dOMg@public.gmane.org>,
Andy Shevchenko
<andy.shevchenko-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
"linux-fpga-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-fpga-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Alan Tull
<atull-yzvPICuk2ABMcg4IHK0kFoH6Mc4MB0Vx@public.gmane.org>,
"yi1.li-VuQAYsv1563Yd54FQh9/CA@public.gmane.org"
<yi1.li-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
Boris Pismenny <borisp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [for-next 4/6] net/mlx5: FPGA, Add basic support for Innova
Date: Fri, 09 Jun 2017 18:24:01 -0400 [thread overview]
Message-ID: <1497047041.7171.234.camel@redhat.com> (raw)
In-Reply-To: <20170607192132.GA10929-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
On Wed, 2017-06-07 at 13:21 -0600, Jason Gunthorpe wrote:
> On Wed, Jun 07, 2017 at 10:13:43PM +0300, Saeed Mahameed wrote:
> >
> > No !!
> > I am just showing you that the ib_core eventually will end up
> > calling
> > mlx5_core to create a QP.
> > so mlx5_core can create the QP it self since it is the one
> > eventually
> > creating QPs.
> > we just call mlx5_core_create_qp directly.
>
> Which is building a RDMA ULP inside a driver without using the core
> code :(
Aren't the transmit/receive queues of the Ethernet netdevice on
mlx4/mlx5 hardware QPs too? Those bypass the RDMA subsystem entirely.
Just because something uses a QP on hardware that does *everything*
via QPs doesn't necessarily mean it must go through the RDMA subsystem.
Now, the fact that the content of the packets is basically a RoCE
packet does make things a bit fuzzier, but if their packets are
specially crafted RoCE packets that aren't really intended to be fully
RoCE spec compliant (maybe they don't support all the options as normal
RoCE QPs), then I can see hiding them from the larger RoCE portion of
the RDMA stack.
> >
> > >
> > > This keep getting more ugly :(
> > >
> > > What about security? What if user space sends some raw packets to
> > > the
> > > FPGA - can it reprogram the ISPEC settings or worse?
> > >
> >
> > No such thing. This QP is only for internal driver/HW
> > communications,
> > as it is faster from the existing command interface.
> > it is not meant to be exposed for any raw user space usages at all,
> > without proper standard API adapter of course.
>
> I'm not asking about the QP, I'm asking what happens after the NIC
> part. You use ROCE packets to control the FPGA. What prevents
> userspace from forcibly constructing roce packets and sending them to
> the FPGA. How does the FPGA know for certain the packet came from the
> kernel QP and not someplace else.
This is a valid concern.
> This is especially true for mlx nics as there are many raw packet
> bypass mechanisms available to userspace.
Right. The question becomes: Does the firmware filter outgoing raw ETH
QPs such that a nefarious user could not send a crafted RoCE packet
that the bump on the wire would intercept and accept?
--
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
GPG KeyID: B826A3330E572FDD
Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-09 22:24 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-23 11:43 [pull request][for-next 0/6] Mellanox mlx5 updates 2017-05-23 Saeed Mahameed
2017-05-23 11:44 ` [for-next 2/6] net/mlx5: Update the list of the PCI supported devices Saeed Mahameed
2017-05-23 11:44 ` [for-next 3/6] net/mlx5: Introduce trigger_health_work function Saeed Mahameed
2017-05-23 11:44 ` [for-next 4/6] net/mlx5: FPGA, Add basic support for Innova Saeed Mahameed
[not found] ` <20170523114404.20387-5-saeedm-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-24 16:51 ` Alexei Starovoitov
2017-05-25 5:20 ` Ilan Tayari
[not found] ` <AM4PR0501MB1940885C2F1CEF4DDE4EA8D1DBFF0-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-05-25 10:40 ` Saeed Mahameed
[not found] ` <CALzJLG-B_tAmASn_SMmPNiucq-tTpywHniRTkb4N32oGF6Y3Ng-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-25 20:48 ` Jes Sorensen
2017-05-26 8:29 ` Saeed Mahameed
[not found] ` <CALzJLG9YNpagdJAcrh6O0jJhZWtsck6KigRtVxyjkArTm=82ew-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-26 18:31 ` Jes Sorensen
2017-05-28 7:24 ` Ilan Tayari
2017-06-02 20:31 ` Jes Sorensen
[not found] ` <4c164e09-0103-7daf-e9f8-9260223ada08-b10kYP2dOMg@public.gmane.org>
2017-06-02 20:33 ` Doug Ledford
2017-05-26 3:07 ` Alexei Starovoitov
2017-05-26 8:59 ` Saeed Mahameed
[not found] ` <CALzJLG98D=3yMJV_q4sjVNG41AERFRU+6rwqQJsxnRuVeDTPdA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-26 17:56 ` Alexei Starovoitov
2017-05-26 18:15 ` Jason Gunthorpe
[not found] ` <20170526181517.GA3860-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-05-28 7:22 ` Ilan Tayari
[not found] ` <AM4PR0501MB1940330F0EBAA819C87C5278DBF20-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-05-29 15:31 ` Jason Gunthorpe
[not found] ` <20170529153131.GB7924-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-05-29 15:58 ` Ilan Tayari
[not found] ` <AM4PR0501MB1940D05A19F098286B99EAD0DBF30-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-05-29 16:02 ` Jason Gunthorpe
2017-05-29 16:05 ` Ilan Tayari
[not found] ` <AM4PR0501MB194037FF8F17466BC9ECC73DDBF30-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-05-29 16:09 ` Ilan Tayari
[not found] ` <AM4PR0501MB19409139227E11A4A7F82F0FDBF30-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-06-01 15:37 ` Jason Gunthorpe
[not found] ` <20170601153704.GA1680-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-06-04 7:51 ` Ilan Tayari
[not found] ` <AM4PR0501MB19404B83A69B87AFB1326B45DBF50-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-06-05 15:17 ` Jason Gunthorpe
[not found] ` <20170605151724.GA20182-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-06-06 6:52 ` Ilan Tayari
[not found] ` <AM4PR0501MB194008AAABEB6AAAA2ADFC82DBCB0-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-06-06 15:50 ` David Miller
2017-06-06 16:17 ` Jason Gunthorpe
[not found] ` <20170606161709.GA8671-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-06-06 17:42 ` Alexei Starovoitov
[not found] ` <20170606174233.w377ctwtapzccsk7-+o4/htvd0TCa6kscz5V53/3mLCh9rsb+VpNB7YpNyf8@public.gmane.org>
2017-06-06 17:47 ` David Miller
2017-06-06 18:34 ` Alexei Starovoitov
2017-06-06 18:38 ` David Miller
[not found] ` <20170606.143824.717466091308335341.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2017-06-06 18:55 ` Alexei Starovoitov
[not found] ` <20170606185532.2byjdonwsyan2asl-+o4/htvd0TCa6kscz5V53/3mLCh9rsb+VpNB7YpNyf8@public.gmane.org>
2017-06-06 19:01 ` David Miller
[not found] ` <20170606.150151.1650636686526694540.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2017-06-06 22:44 ` Alexei Starovoitov
2017-06-07 0:48 ` Andrew Lunn
2017-06-07 3:47 ` Saeed Mahameed
2017-06-07 4:16 ` Saeed Mahameed
2017-06-07 15:48 ` Jason Gunthorpe
2017-06-07 19:13 ` Saeed Mahameed
2017-06-07 19:21 ` Jason Gunthorpe
[not found] ` <20170607192132.GA10929-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-06-09 22:24 ` Doug Ledford [this message]
[not found] ` <1497047041.7171.234.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-06-10 14:11 ` Majd Dibbiny
2017-06-12 16:17 ` Jason Gunthorpe
2017-06-13 16:05 ` Saeed Mahameed
2017-06-11 5:59 ` Ilan Tayari
[not found] ` <AM4PR0501MB19401208254971445E61367EDBCC0-dp/nxUn679gfNUYDR5dMTsDSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-06-12 16:14 ` Jason Gunthorpe
2017-05-28 12:33 ` Or Gerlitz
2017-05-26 3:58 ` please revert. Was: " Alexei Starovoitov
2017-05-26 4:13 ` David Miller
2017-05-26 4:40 ` Alexei Starovoitov
2017-05-26 14:51 ` David Miller
2017-05-23 11:44 ` [for-next 5/6] net/mlx5: Bump driver version Saeed Mahameed
[not found] ` <20170523114404.20387-6-saeedm-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-26 12:56 ` Dennis Dalessandro
2017-05-26 16:35 ` Saeed Mahameed
[not found] ` <CALzJLG_ha-XiPAMnoKrUgm_EwPx2yH0T2y4EBRfrWNYSZi1cTg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-05-26 16:55 ` Dennis Dalessandro
[not found] ` <ee23ad82-4a2e-8546-d41b-11f979b127bb-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-05-26 18:10 ` Leon Romanovsky
2017-05-26 21:53 ` Jakub Kicinski
[not found] ` <20170526145318.7fd8c8e2-68UzVGuGftmUSpRRplVxJ1aTQe2KTcn/@public.gmane.org>
2017-05-29 5:47 ` Leon Romanovsky
[not found] ` <20170523114404.20387-1-saeedm-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-05-23 11:43 ` [for-next 1/6] {net, IB}/mlx5: Replace mlx5_vzalloc with kvzalloc Saeed Mahameed
2017-05-23 11:44 ` [for-next 6/6] IB/mlx5: Bump driver version Saeed Mahameed
2017-05-25 16:02 ` [pull request][for-next 0/6] Mellanox mlx5 updates 2017-05-23 David Miller
2017-06-01 22:57 ` Doug Ledford
[not found] ` <1496357879.7171.76.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-06-02 15:39 ` Leon Romanovsky
[not found] ` <20170602153940.GX5406-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-06-02 16:06 ` Alexei Starovoitov
[not found] ` <20170602160641.ylowbobe5v72ui7g-+o4/htvd0TCa6kscz5V53/3mLCh9rsb+VpNB7YpNyf8@public.gmane.org>
2017-06-02 16:08 ` David Miller
[not found] ` <20170602.120839.1394660754953676217.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2017-06-02 16:57 ` Alexei Starovoitov
[not found] ` <20170602165736.nwunidodmu6xsmuv-+o4/htvd0TCa6kscz5V53/3mLCh9rsb+VpNB7YpNyf8@public.gmane.org>
2017-06-03 19:46 ` Or Gerlitz
2017-06-03 22:45 ` Saeed Mahameed
2017-06-14 19:30 ` Doug Ledford
2017-06-14 19:44 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1497047041.7171.234.camel@redhat.com \
--to=dledford-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=andy.shevchenko-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=atull-yzvPICuk2ABMcg4IHK0kFoH6Mc4MB0Vx@public.gmane.org \
--cc=borisp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=ilant-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=jsorensen-b10kYP2dOMg@public.gmane.org \
--cc=linux-fpga-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=saeedm-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org \
--cc=yi1.li-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).