> -----Original Message----- > From: Jason Gunthorpe > Sent: Wednesday, February 20, 2019 11:48 AM > To: Parav Pandit <parav@xxxxxxxxxxxx> > Cc: Doug Ledford <dledford@xxxxxxxxxx>; Leon Romanovsky > <leon@xxxxxxxxxx>; Leon Romanovsky <leonro@xxxxxxxxxxxx>; RDMA > mailing list <linux-rdma@xxxxxxxxxxxxxxx> > Subject: Re: [PATCH rdma-next 5/5] RDMA/core: Add command to set > ib_core device net namspace sharing mode > > On Wed, Feb 20, 2019 at 10:37:32AM -0700, Parav Pandit wrote: > > > > > > > From: Doug Ledford <dledford@xxxxxxxxxx> > > > Sent: Wednesday, February 20, 2019 11:29 AM > > > To: Leon Romanovsky <leon@xxxxxxxxxx>; Jason Gunthorpe > > > <jgg@xxxxxxxxxxxx> > > > Cc: Leon Romanovsky <leonro@xxxxxxxxxxxx>; RDMA mailing list <linux- > > > rdma@xxxxxxxxxxxxxxx>; Parav Pandit <parav@xxxxxxxxxxxx> > > > Subject: Re: [PATCH rdma-next 5/5] RDMA/core: Add command to set > > > ib_core device net namspace sharing mode > > > > > > On Wed, 2019-02-13 at 19:29 +0200, Leon Romanovsky wrote: > > > > Add netlink command that enables/disables sharing rdma device > > > > among multiple net namespaces. > > > > > > > > Using rdma tool, > > > > $rdma sys set netns shared (default mode) > > > > > > > > When rdma subsystem netns mode is set to shared mode, rdma > devices > > > > will be accessible in all net namespaces. > > > > > > > > Using rdma tool, > > > > $rdma sys set netns exclusive > > > > > > > > When rdma subsystem netns mode is set to exclusive mode, devices > > > > will be accessible in only one net namespace at any given point of time. > > > > Any rdma resources created or in-use before netns mode set to > > > > exclusive, will remain in shared mode, in other words, changing > > > > netns mode to exclusive or shared has no effect on already open > devices. > > > > > > But what if we *want* it to disconnect running apps that are > > > violating namespace? Let's say for instance that a machine boots up > > > with namespace shared enabled (by accident, maybe it booted from an > > > old initrd image or something), and apps start leaking across > > > namespaces willy nilly, and the admin goes "Oh crap!" and wants to lock > things down? > > > > > > I have a possible solution in mind that would enable this, but I > > > need to go read your other patchset to see if I'm way off base. > > > > > We can possibly do same what we do for rdma net namespace change > function. > > i.e. to unregister clients and re-register. > > This will terminate the traffic and start clean after mode is set to exclusive. > > It does make sense, and it fits the enable/disable flow nicely. > > Although it means that executing this command wrecks all the kernel objects > like ipoib setup for instance. So it really can't be used except during very > early boot. > > We'd realy need a module option to set the default in this case. > Yes. we have the module parameter option in this series. I came across a user who didn't have LOM nics. They are directly using rdma nics in their cluster as primary and only interface. I do not know if such IB based networks exist. And if they do, when they change this mode, they will have connectivity loss. So we probably shouldn't be doing client unregister-register sequence as part of this sys operation done by advance user.
