On Mon, Oct 05, 2020 at 11:02:18PM +0800, Ka-Cheong Poon wrote: > On 10/5/20 10:25 PM, Jason Gunthorpe wrote: > > On Mon, Oct 05, 2020 at 09:57:47PM +0800, Ka-Cheong Poon wrote: > > > > > It is a kernel module. Which FD are you referring to? It is > > > > > unclear why a kernel module must associate itself with a user > > > > > space FD. Is there a particular reason that rdma_create_id() > > > > > needs to behave differently than sock_create_kern() in this > > > > > regard? > > > > > > > > Somehow the kernel module has to be commanded to use this namespace, > > > > and generally I expect that command to be connected to FD. > > > > > > > > > It is an unnecessary restriction on what a kernel module > > > can do. Is it a problem if a kernel module initiates its > > > own RDMA connection for doing various stuff in a namespace? > > > > Yes, someone has to apply policy to authorize this. Kernel modules > > randomly running around using security objects is not OK. > > The policy is to allow this. It is not random stuff. > Can the RDMA subsystem support it? allow everything is not a policy > > Kernel modules should not be doing networking unless commanded to by > > userspace. > > It is still not clear why this is an issue with RDMA > connection, but not with general kernel socket. It is > not random networking. There is a purpose. It is a problem with sockets too, how do the socket users trigger their socket usages? AFAIK all cases originate with userspace > So if the reason of the current rdma_create_id() behavior > is that there is no such user, I am adding one. It should > be clear that this difference between kernel socket and > rdma_create_id() causes a problem in namespace handling. It would be helpful to understand how that works, as I've said I don't think a kernel module should open listening sockets/cm_ids on every namespace without being told to do this. > If the cma_wq is re-designed, number of namespaces should be one > input parameter on creating how many threads and other resources > allocation/scheduling. One cma_wq per namespace is the simplest > allocation. no, it will just run all CM_IDs concurrently on all processors. Namespaces are not cgroups, we don't guarentee anything about resource consumption for namespaces. Jason
