From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Liran Liss <liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: Haggai Eran <haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Guy Shapiro <guysh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Shachar Raindel <raindel-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>,
Yotam Kenneth <yotamke-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH v1 08/12] IB/cma: Add net_dev and private data checks to RDMA CM
Date: Wed, 15 Jul 2015 15:03:42 -0600 [thread overview]
Message-ID: <20150715210342.GA32516@obsidianresearch.com> (raw)
In-Reply-To: <HE1PR05MB1418C82958B3CCF0D3531E5BB19A0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
On Wed, Jul 15, 2015 at 08:27:06PM +0000, Liran Liss wrote:
> If you want to restrict a container to a specific set of pkeys, use
> cgroups.
Ideally yes, but in the absence of a cgroup the set of pkeys assigned
to the container via ipoib is a reasonable alternate.
> This would apply both to CM MADs and QPs.
> - In the MAD case, CM MADs would be first matched to a namespace and rdma_id and dropped upon pkey conflict (with either the headers or the payload).
> - In the QP case, modify_qp() would fail on conflict.
> Partitioning needs to be enforced also for applications that don't use the CM at all...
Yep, that is how pkey checking should work, cgroup or not.
So, you agree with me.
I say that until we get a cgroup capability, the pkey list of the
container is the set of IPoIB interfaces associated with it, and we
still have to do the various checks above. The first check is relavent
to this patchset and should be done by using the GMP's headers to
locate the net device.
> For namespaces, it seems more natural to lookup the namespace based
> solely on the CM payload.
How so? Which payload content do you use? The primary path? The
alternate path?
> After all, it is the payload that designates the entity that you
> want to establish a connection to, rather than the packet headers,
> which are just meant to relay the packet to the proper CM
No, that isn't right. The IBA uses the GMP's destination first, then
serviceID as the demux. Services IDs are not globally unique, they are
scoped by the destination.
The path data is just *routing* it doesn't describe at all the entity
we want to talk to, it is only a proposal for how to flow data to it.
In any event, both the GMP headers and the path data needs to be
checked against the container's pkey list. I don't know why this is so
contentions.
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-07-15 21:03 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-22 12:42 [PATCH v1 00/12] Demux IB CM requests in the rdma_cm module Haggai Eran
2015-06-22 12:42 ` [PATCH v1 01/12] IB/core: pass client data to remove() callbacks Haggai Eran
2015-07-08 20:29 ` Jason Gunthorpe
2015-07-08 21:34 ` Jason Gunthorpe
[not found] ` <20150708213410.GA19624-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-14 14:54 ` Haggai Eran
2015-06-22 12:42 ` [PATCH v1 02/12] IB/core: Find the network device matching connection parameters Haggai Eran
2015-07-08 20:33 ` Jason Gunthorpe
[not found] ` <20150708203325.GB16812-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-09 10:18 ` Haggai Eran
2015-06-22 12:42 ` [PATCH v1 04/12] IB/cm: Expose service ID in request events Haggai Eran
[not found] ` <1434976961-27424-1-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-06-22 12:42 ` [PATCH v1 03/12] IB/ipoib: Return IPoIB devices matching connection parameters Haggai Eran
[not found] ` <1434976961-27424-4-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-07-08 23:41 ` Jason Gunthorpe
[not found] ` <20150708234111.GC16812-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-09 9:57 ` Haggai Eran
2015-06-22 12:42 ` [PATCH v1 05/12] IB/cm: Share listening CM IDs Haggai Eran
[not found] ` <1434976961-27424-6-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-07-13 17:48 ` Jason Gunthorpe
[not found] ` <20150713174837.GH23832-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-14 8:45 ` Haggai Eran
[not found] ` <55A4CC1B.1060201-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-07-14 17:38 ` Jason Gunthorpe
2015-06-22 12:42 ` [PATCH v1 06/12] IB/cma: Refactor RDMA IP CM private-data parsing code Haggai Eran
2015-06-22 12:42 ` [PATCH v1 07/12] IB/cma: Helper functions to access port space IDRs Haggai Eran
2015-06-22 12:42 ` [PATCH v1 08/12] IB/cma: Add net_dev and private data checks to RDMA CM Haggai Eran
[not found] ` <1434976961-27424-9-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-07-13 18:14 ` Jason Gunthorpe
[not found] ` <20150713181414.GJ23832-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-15 10:57 ` Haggai Eran
2015-07-15 18:49 ` Jason Gunthorpe
[not found] ` <20150715184934.GD23588-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-15 20:27 ` Liran Liss
[not found] ` <HE1PR05MB1418C82958B3CCF0D3531E5BB19A0-eBadYZ65MZ87O8BmmlM1zNqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2015-07-15 21:03 ` Jason Gunthorpe [this message]
[not found] ` <20150715210342.GA32516-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-16 12:01 ` Liran Liss
2015-07-16 18:22 ` Jason Gunthorpe
2015-06-22 12:42 ` [PATCH v1 09/12] IB/cma: validate routing of incoming requests Haggai Eran
2015-06-22 12:42 ` [PATCH v1 10/12] IB/cma: use found net_dev for passive connections Haggai Eran
2015-06-22 12:42 ` [PATCH v1 11/12] IB/cma: Share ib_cm_ids between rdma_cm_ids Haggai Eran
[not found] ` <1434976961-27424-12-git-send-email-haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2015-07-13 18:06 ` Jason Gunthorpe
2015-07-14 8:47 ` Haggai Eran
2015-06-22 12:42 ` [PATCH v1 12/12] IB/cm: Remove compare_data checks Haggai Eran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150715210342.GA32516@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=guysh-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=haggaie-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=liranl-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=raindel-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=yotamke-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).