Received: by 10.192.165.148 with SMTP id m20csp5291234imm;
        Wed, 9 May 2018 02:34:03 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZr+an4giakOYSJtvCgf/fBSFJ3qAq+P6ijk4FP/CAv3gOo7mvREV7aIN8zL9fL0Z7q5NCt/
X-Received: by 2002:a63:744a:: with SMTP id e10-v6mr31265992pgn.275.1525858443300;
        Wed, 09 May 2018 02:34:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525858443; cv=none;
        d=google.com; s=arc-20160816;
        b=k7QxqQOYFI66aKYkd68QVfyXZ7+6GNw8T0MklBeURpjPb9MjYma/aGKmS6JyfBd44J
         sopHaEMCD+/z8JDfFxK6c3kMRVWz1a03jKZxdgY8Sc2BuRXfuOaXUomSrDwwJG7ceKHZ
         ZT3rKzxtIlUCm7gDTG7GMoCrY8eyLE7ASII7SyH497uaZ6m9IjGgycjdx6Q8Aoo5BMEY
         y57y+c9Hr6k/ushm3Fy20jKNDR+zRZCF+I4/QydWL7N5CJZBUmB9a3X8kjEAkfq3EyF0
         myrxqGMlHmnBY3G2/ZjcKZzgnA+sY//VeJMHF/x/gIsVvFgkKzbrUhBRoMgxe3cFa5gC
         cmzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=gZDwTM+HaBNDOAsoGpKPmdCjoT9U1mU7SM2LzpP46Sc=;
        b=APh/9fAIv7lklu3/8C6kut8pfUxrg/3wrJ7UbNEI1WuA7kwsLRlgxxTM97S4gVbreL
         VGC7LI+guSDJptR6KUld6Jxvh1efaFs2l64SyJzvVOqhM/L9lTU9xEcJpN5YYksEUugg
         qGarNdByiFUjzL2/L/U2JnrCLI5PxgjIJ5kYNo3eyVOmEjtmFpcLB/yEeWLtWh2jQPbW
         FhRmLXOkwkpSMZVrhrChob/UUlkwFVkiIOXWtU9E7pMooc0RaQMPY/NBmspW9p0urVYM
         a5KSWGlq8v2/00mEkKsKa+o01FBs79gRKQcwvn2xfAwRe90fN3IyHxVjb/5QOOBqs2jA
         QEdw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=hyABwIpQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s75-v6si3239704pgc.215.2018.05.09.02.33.48;
        Wed, 09 May 2018 02:34:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=hyABwIpQ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933959AbeEIJaw (ORCPT <rfc822;hououinredflag@gmail.com>
        + 99 others); Wed, 9 May 2018 05:30:52 -0400
Received: from userp2130.oracle.com ([156.151.31.86]:49356 "EHLO
        userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933846AbeEIJat (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 May 2018 05:30:49 -0400
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1])
        by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w499PuKb091987;
        Wed, 9 May 2018 09:30:31 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc :
 subject : date : message-id : mime-version : content-type :
 content-transfer-encoding; s=corp-2017-10-26;
 bh=gZDwTM+HaBNDOAsoGpKPmdCjoT9U1mU7SM2LzpP46Sc=;
 b=hyABwIpQm80GZJpJcSLoCpiF6icOeRLYBwiaHqucQfjSioWXseX2PvD2OFpf1+gs61Vw
 REhHWirBBQTRASWEHAYy7byHkvSC+ZU3u0ANlgjOei2jZv7KhmW9ThYZgCf1zaNGSVev
 h+9Zx57D2VHMPhlAB9k+QLH07ezlhMPKKdUH9UBU9PFKL4fa38xe/TFw2pfwTLBFuT+O
 qMJT5UYqYLPyqPA2M0/aW2sLzlTghUlrlDGrDOryfReo+FzJmXN6AyaDcMeBfMk3WsLM
 DaHLAayxcFiCpswlpEBxRpkEfr5vlXtVXJkrwDnsORFdTwDdyj9osaaIuvqVYiCKxiSc qA== 
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
        by userp2130.oracle.com with ESMTP id 2hs426mjg8-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 09 May 2018 09:30:30 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
        by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w499UTZI031262
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 9 May 2018 09:30:30 GMT
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12])
        by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w499UTTI014992;
        Wed, 9 May 2018 09:30:29 GMT
Received: from lab02.no.oracle.com (/10.172.144.56)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Wed, 09 May 2018 02:30:28 -0700
From:   =?UTF-8?q?H=C3=A5kon=20Bugge?= <Haakon.Bugge@oracle.com>
To:     Doug Ledford <dledford@redhat.com>,
        Don Hiatt <don.hiatt@intel.com>,
        Ira Weiny <ira.weiny@intel.com>,
        Sean Hefty <sean.hefty@intel.com>
Cc:     linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org,
        =?UTF-8?q?H=C3=A5kon=20Bugge?= <haakon.bugge@oracle.com>
Subject: [PATCH IB/core 0/2] Do not form IB connections between limited partition members
Date:   Wed,  9 May 2018 11:30:18 +0200
Message-Id: <20180509093020.24503-1-Haakon.Bugge@oracle.com>
X-Mailer: git-send-email 2.13.6
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8887 signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=766
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1805090090
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Systems using IB partitions might be exposed to excessive pkey
violation traps which are sent to the OpenSM. This can be close to
a DoS attack, and in addition, the OpenSM logs are flooded with these
messages, hiding potential other log messages deemed important in
order to investigate important issues.

This series prohibit RDMA CM to establish connections between two
limited partition members. This avoids pkey violation traps stemming
from unicast messages to be sent to the OpenSM.

[If this patch series get accepted by the community, I ask if
the maintainer can update the reference to the first commit in the
second commit message with a correct 12 chars SHA]

Håkon Bugge (2):
  IB/core: A full pkey is required to match a limited one
  IB/cm: Send authentic pkey in REQ msg and check eligibility of the
    pkeys

 drivers/infiniband/core/cache.c | 32 +++++++++++++++++++++++++++-----
 drivers/infiniband/core/cm.c    | 39 ++++++++++++++++++++++++++++++++-------
 include/rdma/ib_cache.h         | 18 ++++++++++++++++++
 include/rdma/ib_cm.h            |  4 +++-
 4 files changed, 80 insertions(+), 13 deletions(-)

--
2.13.6