Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2229288imm; Wed, 16 May 2018 09:43:12 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrYG2k+9ybMUSdJoCEF9VsvdzUpPacKX87+7m+ZOmFq00d4uDWJ5HWIc9DcsgqVdL0Wr7R4 X-Received: by 2002:a63:7d0f:: with SMTP id y15-v6mr1299732pgc.317.1526488992714; Wed, 16 May 2018 09:43:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526488992; cv=none; d=google.com; s=arc-20160816; b=iP2xM08DMuC0H+iHyTUua7a7pYk7llgUopC0TwtyVH8U7l8DtGlu0AkYRlpxv2qWg4 rlOClXfYbIfEEev0w7q2qJREtwk805iIVRKmYErrV+Y8OWVztuSGZIysX1okY0b261GU bCRE+8MtbuTW0eYRuGl6WSRgMAYCST2spGJ44Ej0YVuMK46RptI+0QkAqHsQK23YB0fL RY+Mi/X6qcMS8jWncgXUoYCCX2auFO9ZbE/XJqOuTqGMzJFXLevj4HNvqeyjlG1W85lN vgP8CI9BN1b2Jrby2n8bzE0eFAeTyn77poB+Ux9ULxny9dxnRyhKPWq4Kp614MGPpCOy 5mvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=oGkfy2tEQyKOs1qlMfQCCxJ30NcmQgpYR8ObXKIKSdw=; b=oXwRoEjToi2abV1uQmJ6PojmCo2Q/3PEtNwx3l4E8HluBsEnXeboKaXfbTr6arF6JW Nus/kd3tSyFldM4AKSjC84mbpiZniTsy/ezdgqfexXfoDFnvp65i6Bgugpa/JtC7i8VX 82R69fnNiF8YrcqajSW1lD7NlDWCDL0q2zc4SsedPwGi2LPVFfr8gkq7wgZDeZlI3oOO Euw6NSOjfLmxCc66tIwZ1RdtK2M07coCk0mws8617AfrS3ezcOd1RQbDn3tTFv7vboMv XVRfXEZz3I8UUwA1Ko111GpSGR9E+tVlr5C8PblzBFcF2MIILeuqLU9po8mtkaPX1CmQ LWjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dev-mellanox-co-il.20150623.gappssmtp.com header.s=20150623 header.b=mClCetW+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mellanox.co.il Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r74-v6si2894928pfl.260.2018.05.16.09.42.57; Wed, 16 May 2018 09:43:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@dev-mellanox-co-il.20150623.gappssmtp.com header.s=20150623 header.b=mClCetW+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mellanox.co.il Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751307AbeEPQmo (ORCPT + 99 others); Wed, 16 May 2018 12:42:44 -0400 Received: from mail-qk0-f195.google.com ([209.85.220.195]:33798 "EHLO mail-qk0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750846AbeEPQmm (ORCPT ); Wed, 16 May 2018 12:42:42 -0400 Received: by mail-qk0-f195.google.com with SMTP id p186-v6so1193744qkd.1 for ; Wed, 16 May 2018 09:42:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dev-mellanox-co-il.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=oGkfy2tEQyKOs1qlMfQCCxJ30NcmQgpYR8ObXKIKSdw=; b=mClCetW+HPSZBGsZHCCclNflfy2kbMg9sEAcO8BlI7x7OwVbY9s5Ni0dj0z7odWtGd g1eIHDJVndi0Av9b3nVJBO2Yh0epPPjvNzMgr47hWdRlb+ikxCuPKv3QfYCvXbOnZskG FbluCuEUl4BqMq0e4tAh2V7yRyABZYlPnyuZsCekTL48d3yNOSUb/hwuivDrfDc8wXbf aDk1KoPdQjCpBylRJDk1jpmMWK55Yq2GC/MXgp53tw3y54xg+49d4Xs9ha5USuSTPmlK xLg7LRHHInPQP28plCDS18ShhempDzui9QAQu4NQ31rUEmvIQdS5Nm1ZEEHMAF1h+2sq Z99Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=oGkfy2tEQyKOs1qlMfQCCxJ30NcmQgpYR8ObXKIKSdw=; b=dt5KGKjNXKxRffTj7UEIy72hg3YgkGecMxSkbppoBnsJcjKNopzV4v0XJAp8Vw9Lan gnzPplFyyL0vuqlLgQLFacvOyhrBt4veEuNG6fJvP3ZguDOx573x+WwLWlqew3aMjBBj KN+Y7RWKM8F7xcmN+iaHGu28dl7OirNeEvfewuVR/7+uL9NnKF0sduAv20rDzIS/0oIB n6eU/fD/pFqF8EzUB70Kh7EcpEAEEmtoynOb61loB+OXAFdOxhtHLB1NXT4kSMiQdfiZ 1JkF1GJoU+MXVxYLnL9DW73pJSS1tM5KiK/PVfcCzpd2pnBxNiAyEdmYlBVWocxM7pzd tK6g== X-Gm-Message-State: ALKqPwfNKpLtSD14qSp+57IjY6b2fbXzOtwHe3lI91drnVcLf6n6nDX6 AI2HgQ+7EQXz1LWKl6kRctAE6m/I X-Received: by 2002:a37:d6d7:: with SMTP id p84-v6mr1681721qkl.74.1526488961029; Wed, 16 May 2018 09:42:41 -0700 (PDT) Received: from [192.168.1.183] (c-73-182-207-166.hsd1.ma.comcast.net. [73.182.207.166]) by smtp.googlemail.com with ESMTPSA id b52-v6sm2312443qta.58.2018.05.16.09.42.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 May 2018 09:42:39 -0700 (PDT) Subject: Re: [PATCH IB/core 2/2] IB/cm: Send authentic pkey in REQ msg and check eligibility of the pkeys To: Jason Gunthorpe , =?UTF-8?Q?H=c3=a5kon_Bugge?= Cc: Doug Ledford , Don Hiatt , Ira Weiny , Sean Hefty , OFED mailing list , linux-kernel@vger.kernel.org References: <20180509093020.24503-3-Haakon.Bugge@oracle.com> <3bee76df-49a6-cf3c-6df4-749a6309358e@dev.mellanox.co.il> <20180514210200.GN21531@ziepe.ca> <20180515190424.GL5615@ziepe.ca> <3E15B62F-E705-43BD-8A72-9E74F784D40E@oracle.com> <20180516151201.GA25661@ziepe.ca> From: Hal Rosenstock Message-ID: <695ae613-931a-50ba-2b83-9d172e0ac2bc@dev.mellanox.co.il> Date: Wed, 16 May 2018 12:42:37 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180516151201.GA25661@ziepe.ca> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/16/2018 11:12 AM, Jason Gunthorpe wrote: > On Wed, May 16, 2018 at 08:47:21AM +0200, Håkon Bugge wrote: > >>> This is not a difficult issue. >>> >>> If the GMP is properly tagged with the right PKey then it will never >>> be delivered to the VM if the VM does not have the PKey in the >>> table. >> >> Not quite right. For the shared port model, a GMP will (most >> probably) be accepted by the physical port, due to: > > Sure, but I am talking about the VM's 'virtual port'. > >> So, if the GMP is destined to VM1, which is a limited member, but we >> have another VM2 which is a full member of the same partition, the >> GMP will pass the HCA’s PKey check. > > Sure. > >>> It is up to the hypervisor to block GMPs that have Pkeys not in >>> the virtual PKey table of the VF. >> >> The packet is received by the HCA and stripped from IB headers, in >> particular the BTH. How can the "hypervisor" block it when its >> doesn’t have access to the GMP’s BTH.PKey? > > This is wrong too, in Linux the WC's for GMP packets include the pkey > index that was used to RX the packet. This is a Linux extension > matching the one on the sending side. > > The hypervisor *must* block these GMPs, it is a hard requirement of > the pkey security model for VMs. Aside from the pkey enforcement at the VF, there is also the issue of the pkey trap - if physical port model is followed for shared virtual ports, trap should be generated which could look confusing to SM as well as counting in some error counter (for physical port, it's either PortCounter:Port[Xmit Rcv]ConstraintErrors. > AFAIK the Mellanox drivers do this right - do you know differently? > >>> The only time you could need a new REJ code is if the GMP is using a >>> PKey different from the REQ - which is a pretty goofy thing to do >>> considering this VM case. >> >> Its goofy. In the CX-3 shared port model, the BTH.PKey is the >> default one and the REQ.PKey is the full one even if the sending >> VM’s port only is a limited member. This patch series fixes the last >> issue. > > Again, this is wrong, the BTH.Pkey and REQ.Pkey should be the same - I do not believe there is anything in the spec that requires this. I agree it's the simplest use model though. > please fix that first before trying to change anything else. > >>> Remember the SM doesn't know what Pkeys are in the VM, so it is >>> basically impossible for the REQ side to reliably select two different >>> pkeys and know that they will bothmake it to the VM. >> >> The active side should use the "authentic" PKey in the REQ >> message. That is the one that would be used in BTH.PKey when >> communication has been established. This is implemented by this >> patch series. >> >> Not sure what you mean by "reliably select two different pkeys". The >> CM REQ message contains one PKey. > > If BTH.Pkey != REQ.PKey then the requestor side has to obviously > select two PKeys, which is basically impossible. > > The VM should not be part of the default partition, for instance. I think that the VM is at least a limited member of the default partition. -- Hal >> See above, not sure how that could be implemented. And if it is >> solved by the HCA trapping the GMP due to the PKey check, it doesn’t >> help me, as the purpose of the series is to avoid (excessive) PKey >> traps sent to the SM. > > It might not help you, but is shows this fix for the pkey trap issue > is wrong. You must fix the pkey traps on the sending side, not on the > responder side.. > >>> If I recall there were bugs here in mlx drivers, where the driver >>> sent with the wrong Pkey. I think this has actually been fixed >>> now, so please check the upstream kernel to be sure the Pkey is >>> not what it is supposed to be. >> >> Let me get back to you with some ibdumps here. > > Upstream kernel (eg 4.16) and newish Mellanox firmware please. > > And it would be fantastic if you could ID why this is happening, AFAIK > it should be OK in the kernel. > > Jason >