Re: [question] ibv_reg_mr() returning EACCESS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You need this kernel commit

commit 4785860e04bc8d7e244b25257168e1cf8a5529ab
Author: Jason Gunthorpe <jgg@xxxxxxxx>
Date:   Fri Nov 30 13:06:21 2018 +0200

    RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers
    
    Now that the handlers do not process their own udata we can make a
    sensible ioctl that wrappers them. The ioctl follows the same format as
    the write_ex() and has the user explicitly specify the core and driver
    in/out opaque structures and a command number.
    
    This works for all forms of write commands.
    
    Signed-off-by: Jason Gunthorpe <jgg@xxxxxxxxxxxx>
    Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
    Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx>

And a rdma-core new enough to call UVERBS_METHOD_INVOKE_WRITE

On Mon, Nov 18, 2019 at 10:29:33AM +0530, Vinit Agnihotri wrote:
> Thank you Jason.
> 
> I did went through archives for the same.
> 
> Can you please provide pointer towards documentation or
> 
> sample userspace usage for the same? Or which kernel version to be looked
> into?
> 
> 
> Thanks & Regards,
> 
> Vinit.
> 
> On 15/11/19 7:42 PM, Jason Gunthorpe wrote:
> > On Fri, Nov 15, 2019 at 09:27:40AM +0530, Vinit Agnihotri wrote:
> > > Hi,
> > > 
> > > I am trying to use setfsgid()/setfssid() calls to ensure proper access check
> > > for linux users.
> > > 
> > > However if user is non-root then ibv_reg_mr() returns EACCESS. While I am
> > > sure I am calling ibv_reg_mr()
> > > 
> > > as root user, not sure why it still returns EACCESS.
> > > 
> > > While going through libibverbs sources I realize EACCESS might be returned
> > > by this call:
> > > 
> > > if (write(pd->context->cmd_fd, cmd, cmd_size) != cmd_size)
> > >          return errno;
> > > 
> > > Can anyone provide any insight into this behavior? Does calling these
> > > systems calls in threads can affect
> > > 
> > > entire process? I checked /dev/infiniband/* has appropriate privileges.
> > This is a security limitation, if you want do this flow you need a new
> > enough kernel and rdma-core to support the ioctl() scheme for calling
> > verbs
> > 
> > Jason
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux