Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1603919imm; Tue, 15 May 2018 23:48:19 -0700 (PDT) X-Google-Smtp-Source: AB8JxZra5/PS1z37jaYHupB8UOMUp+mAJw51N/EDRuM1O9oyEiHGQlVLqututw8wt3hrkTww4S/+ X-Received: by 2002:a65:4586:: with SMTP id o6-v6mr7421979pgq.197.1526453299762; Tue, 15 May 2018 23:48:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526453299; cv=none; d=google.com; s=arc-20160816; b=VoiL/NedZ7gynK2cqrwqYqcH7wD3maishVJG3IFW5EQ+TNy05Lx94Nm0PZtvWRTFMe 9Lpa6gACJKZ6YmawJIkGP9+59srl2vOVOpr7ad2g0R7jSPtsbjuAa46y7rGCD02V22ZI tvX/gBjD2UoBgcZkntba7+4Fckn2b/YOisNF5knhdXNika2qMrwIPjZMS+pw8k+RwBfC edyhpMOn+NbLul7lvpyqDJF8b6VlVuzH15MW6Ng4oCx8TnBozLQ9KmZhMfIIw/8uw8XD tYZg88Dvq6VU8FjQnyJsAz+TsF0cZHgsg7CrNhZG1VnXPChi1z/puCJXjJTetjG/Okvv Jw5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:references:message-id :content-transfer-encoding:cc:date:in-reply-to:from:subject :mime-version:dkim-signature:arc-authentication-results; bh=FqPfXbgIzwGa1wleH6hXVc7m6g/4uR/q0hCgIOS4qis=; b=WZgDq7yMdSnnFaNWOXlNlwe4WplYibR/W/cW6Hxc+ajh/A2ItW3/tdM6O0klF3rB9s 6NvEtR2oZidTdvuvruaZv2rFZ3ar9zYFt3BcsBkHI8HMWJoJLO3U9mJnEhXBPPm/R/Kf SuWwfdARrFmJpR28HmNPmEQuXHACaCZHX6tR6hDiikVaIFJF6qOYlKZmhLZ5jutFZLd/ Bl2hpKlnn6VbAaDF7yKlAxau4ZVlzsuINtZ+Ah0Wg4qBzUWXlHkZnhpxcZtAdIRm5103 bTjwOqyRr1BMsn+PZtv5dJembNUrG3I5PH5Zv4yvjlkvrvvQ/BhJcfJpti2ance7fUR7 PoJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=rFj2YX9Y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12-v6si1888798plr.42.2018.05.15.23.48.05; Tue, 15 May 2018 23:48:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=rFj2YX9Y; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752452AbeEPGrt (ORCPT + 99 others); Wed, 16 May 2018 02:47:49 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:53192 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752351AbeEPGrp (ORCPT ); Wed, 16 May 2018 02:47:45 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4G6knOj094481; Wed, 16 May 2018 06:47:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2017-10-26; bh=FqPfXbgIzwGa1wleH6hXVc7m6g/4uR/q0hCgIOS4qis=; b=rFj2YX9YB6e3intsl72/XwmnKfNzeBM5Y0cC2SFJNhdG+wWgc96Bk7hBmp3fKIkIyitV RRvKDPwu3ornVE+WLRBpj9Ub1BzGNJO6xnWbljCm2n8Ub6xdU/hDB71NIwfAIPTUhDXj ybc7UPcz/bik15W6kqx0ElkNyOiRpubNKwsoenAbGTGYSpkvffS6kxDcNtnIReP0pv65 dfoML85tomxNFDd17BJ7NqKoKtuRRWynJFYlCWSZwXFDfyFlBkZw73kXW0l6TheiOvi3 j4YYbdByG1/e6/nJ5zBb+hOejvarTEGOlv6d3tFF+CvVB0lTjH/Vd6BZOc/1yvqq99UX ig== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2120.oracle.com with ESMTP id 2hx29w3c04-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 May 2018 06:47:29 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w4G6lSI0015473 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 16 May 2018 06:47:28 GMT Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w4G6lRUk010607; Wed, 16 May 2018 06:47:27 GMT Received: from [192.168.10.196] (/51.175.236.248) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 15 May 2018 23:47:27 -0700 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Subject: Re: [PATCH IB/core 2/2] IB/cm: Send authentic pkey in REQ msg and check eligibility of the pkeys From: =?utf-8?Q?H=C3=A5kon_Bugge?= In-Reply-To: <20180515190424.GL5615@ziepe.ca> Date: Wed, 16 May 2018 08:47:21 +0200 Cc: Hal Rosenstock , Doug Ledford , Don Hiatt , Ira Weiny , Sean Hefty , OFED mailing list , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Message-Id: <3E15B62F-E705-43BD-8A72-9E74F784D40E@oracle.com> References: <20180509093020.24503-1-Haakon.Bugge@oracle.com> <20180509093020.24503-3-Haakon.Bugge@oracle.com> <3bee76df-49a6-cf3c-6df4-749a6309358e@dev.mellanox.co.il> <20180514210200.GN21531@ziepe.ca> <20180515190424.GL5615@ziepe.ca> To: Jason Gunthorpe X-Mailer: Apple Mail (2.3445.6.18) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8894 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805160069 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On 15 May 2018, at 21:04, Jason Gunthorpe wrote: >=20 > On Tue, May 15, 2018 at 08:11:09PM +0200, H=C3=A5kon Bugge wrote: >>> On 15 May 2018, at 02:38, Hal Rosenstock = wrote: >>>=20 >>> On 5/14/2018 5:02 PM, Jason Gunthorpe wrote: >>>> On Thu, May 10, 2018 at 05:16:28PM +0200, H=C3=A5kon Bugge wrote: >>>>=20 >>>>> We are talking about two things here. The PKey in the BTH and the >>>>> PKey in the CM REQ payload. They differ. >>>>>=20 >>>>> I am out of office, but if my memory serves me correct, the PKey = in >>>>> the BTH in the MAD packet will be the default PKey. Further, we = have >>>>> per IBTA: >>>>=20 >>>> This sounds like a Linux bug. >>>>=20 >>>> Linux does not do a PR to get a reversible path dedicated to the = GMP> so it always uses the data flow path, thus the GMP path paramenters >>>> and those in the REQ should always exactly match. >>>>=20 >>>> Where is Linux setting the BTH.PKey and how did it choose to use = the >>>> default pkey? Lets fix that at least for sure. >>=20 >> Linux isn=E2=80=99t. The BTH.PKey is inserted by the HCA (hw or fw) = coming from the P_Key table (10.9.2 in IBTA), selected by a pkey_index = associated with the QP. >>=20 >> As per C10-133: Packets sent from the Send Queue of a GSI QP shall >> attach a P_Key associated with that QP, just as a P_Key is >> associated with nonmanagement QPs >=20 > That language doesn't mean the PKey is forced to the default, it says > the pkey is programmable. >=20 > Linux implemented programmable PKeys for the GSI by using the work > request, so it deviates from what the spec imagined (which was > probably one GSI QP per PKey). >=20 > See ib_create_send_mad for instance: >=20 > mad_send_wr->send_wr.wr.wr_cqe =3D &mad_send_wr->mad_list.cqe; > mad_send_wr->send_wr.wr.sg_list =3D mad_send_wr->sg_list; > mad_send_wr->send_wr.wr.num_sge =3D 2; > mad_send_wr->send_wr.wr.opcode =3D IB_WR_SEND; > mad_send_wr->send_wr.wr.send_flags =3D IB_SEND_SIGNALED; > mad_send_wr->send_wr.remote_qpn =3D remote_qpn; > mad_send_wr->send_wr.remote_qkey =3D IB_QP_SET_QKEY; > mad_send_wr->send_wr.pkey_index =3D pkey_index; >=20 > The pkey_index associated with the QP1 is ignored: >=20 > /* > * PKey index for QP1 is irrelevant but > * one is needed for the Reset to Init transition > */ > attr->qp_state =3D IB_QPS_INIT; > attr->pkey_index =3D pkey_index; > attr->qkey =3D (qp->qp_num =3D=3D 0) ? 0 : IB_QP1_QKEY; > ret =3D ib_modify_qp(qp, attr, IB_QP_STATE | > IB_QP_PKEY_INDEX | = IB_QP_QKEY); >=20 > Since is is present in every WR. >=20 >>>> Basically this means that any pkey in the REQ could randomly be the >>>> full or limited value, and that in-of-itself has not bearing on the >>>> connection. >>>>=20 >>>> So it is quite wrong to insist that the pkey be limited or full = when >>>> processing the REQ. The end port is expected to match against the >>>> local table. >>>=20 >>> Note that there is thorny issue with shared (physical) port >>> virtualization. In shared port virtualization, the VF pkey = assignment is >>> a local matter. Only thing SM knows is the physical port pkeys where >>> both full and limited membership of same partition is possible. It = is >>> conceivable that CM REQ contains limited partition key between 2 = limited >>> VFs and for that a new REJ reason code appears to be needed. >>=20 >> +1 >=20 > This is not a difficult issue. >=20 > If the GMP is properly tagged with the right PKey then it will never > be delivered to the VM if the VM does not have the PKey in the > table. Not quite right. For the shared port model, a GMP will (most probably) = be accepted by the physical port, due to: IBTA 3.9.5: QP1 is a member of all of the port=E2=80=99s partitions = (i.e., can accept any packet specifying a P_Key contained in the = port=E2=80=99s P_Key table). and=20 C9-42: If the destination QP is QP1, the BTH:P_Key shall be compared to = the set of P_Keys associated with the port on which the packet arrived. = If the P_Key matches any of the keys associated with the port, it shall = be considered valid. So, if the GMP is destined to VM1, which is a limited member, but we = have another VM2 which is a full member of the same partition, the GMP = will pass the HCA=E2=80=99s PKey check. > It is up to the hypervisor to block GMPs that have Pkeys not in > the virtual PKey table of the VF. The packet is received by the HCA and stripped from IB headers, in = particular the BTH. How can the "hypervisor" block it when its doesn=E2=80= =99t have access to the GMP=E2=80=99s BTH.PKey? > The only time you could need a new REJ code is if the GMP is using a > PKey different from the REQ - which is a pretty goofy thing to do > considering this VM case. Its goofy. In the CX-3 shared port model, the BTH.PKey is the default = one and the REQ.PKey is the full one even if the sending VM=E2=80=99s = port only is a limited member. This patch series fixes the last issue. > Remember the SM doesn't know what Pkeys are in the VM, so it is > basically impossible for the REQ side to reliably select two different > pkeys and know that they will bothmake it to the VM. The active side should use the "authentic" PKey in the REQ message. That = is the one that would be used in BTH.PKey when communication has been = established. This is implemented by this patch series. Not sure what you mean by "reliably select two different pkeys". The CM = REQ message contains one PKey. > One pkey could be done reliably if it matched ipoib, for instance, but > two really cannot in the general case. >=20 > So again - the bug here is that the GMP is being sent with the wrong > pkey. Fix that, then see what is left to fix.. See above, not sure how that could be implemented. And if it is solved = by the HCA trapping the GMP due to the PKey check, it doesn=E2=80=99t = help me, as the purpose of the series is to avoid (excessive) PKey traps = sent to the SM. > If I recall there were bugs here in mlx drivers, where the driver sent > with the wrong Pkey. I think this has actually been fixed now, so > please check the upstream kernel to be sure the Pkey is not what it is > supposed to be. Let me get back to you with some ibdumps here. H=C3=A5kon