On Tue, Oct 31, 2017 at 10:20 AM, Daniel Jurgens <danielj@xxxxxxxxxxxx> wrote: > On 10/31/2017 10:15 AM, Leon Romanovsky wrote: >> On Tue, Oct 31, 2017 at 09:09:01AM -0600, Jason Gunthorpe wrote: >>> On Tue, Oct 31, 2017 at 10:01:49AM -0500, Daniel Jurgens wrote: >>> >>>>>> Adding the new return sure makes alot of sense as well.. >>>>>> >>>>>> Hal, Ira, would you check this routine too? kernel oops's are bad.. >>>>> Patch looks needed for just the point that Parav made above (that if >>>>> security check fails, then ib_free_recv_mad will cause the >>>>> mad_recv_wc->rmpp_list to be accessed so it needs to be initialized >>>>> before security is enforced). >>>> Agree the patch is needed regardless. >>> Someone please send it.. >> Parav/Daniel, >> >> Please send it directly to the mailing list. >> >>>>> I don't have mthca to try this. Maybe Chris can try this patch (with >>>>> CONFIG_SECURITY_INFINIBAND=y). >>>> Chris, are you running with SELinux enabled? If this addresses your issue it means permission is denied, so once the crash is resolved additional policy will be required in order for it to work as expected. >>> If Chris has selinux turned on in his distro would you expect this >>> test to just fail? Doesn't that mean we have missed installing security labels >>> for things like opensm? >> Chris has SELinux enabled, see his gist: https://gist.github.com/riptidewave93/b3b83c13e93ab3be4254c855885f5b3a > > That doesn't indicate if he has SELinux enabled or not, just that CONFIG_SECURITY_INFINIBAND is enabled. Also, even if SELinux enabled in the kernel config it must be turned on via /etc/selinux/config, and also set into enforcing mode, if it were to cause this problem. There's no enough info there to determine any of that. > >> Thanks >> >>> Jason > > Hello All, I have installed the kernel with the mentioned patch, as well as CONFIG_SECURITY_INFINIBAND enabled. Sadly I am back to the issue where my compute node is reporting: kernel: infiniband mthca0: ib_post_send_mad error As soon as I roll back to a kernel with CONFIG_SECURITY_INFINIBAND disabled, the issue goes away and things work as expected. Regards, Chris Blake -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html