Re: RDMA subsystem namespace related questions (was Re: Finding the namespace of a struct ib_device)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/5/20 11:45 PM, Jason Gunthorpe wrote:

On Mon, Oct 05, 2020 at 11:02:18PM +0800, Ka-Cheong Poon wrote:

On 10/5/20 10:25 PM, Jason Gunthorpe wrote:

On Mon, Oct 05, 2020 at 09:57:47PM +0800, Ka-Cheong Poon wrote:

It is a kernel module.  Which FD are you referring to?  It is
unclear why a kernel module must associate itself with a user
space FD.  Is there a particular reason that rdma_create_id()
needs to behave differently than sock_create_kern() in this
regard?


Somehow the kernel module has to be commanded to use this namespace,
and generally I expect that command to be connected to FD.



It is an unnecessary restriction on what a kernel module
can do.  Is it a problem if a kernel module initiates its
own RDMA connection for doing various stuff in a namespace?


Yes, someone has to apply policy to authorize this. Kernel modules
randomly running around using security objects is not OK.


The policy is to allow this.  It is not random stuff.
Can the RDMA subsystem support it?


allow everything is not a policy



It is not allowing everything.  It is the simple case that
a kernel module can have a listener without the namespace
issue.  Kernel socket does not have this problem.



Kernel modules should not be doing networking unless commanded to by
userspace.


It is still not clear why this is an issue with RDMA
connection, but not with general kernel socket.  It is
not random networking.  There is a purpose.


It is a problem with sockets too, how do the socket users trigger
their socket usages? AFAIK all cases originate with userspace



A user starts a namespace.  The module is loaded for servicing
requests.  The module starts a listener.  The user deletes
the namespace.  This scenario will have everything cleaned up
properly if the listener is a kernel socket.  This is not the
case with RDMA.



So if the reason of the current rdma_create_id() behavior
is that there is no such user, I am adding one.  It should
be clear that this difference between kernel socket and
rdma_create_id() causes a problem in namespace handling.


It would be helpful to understand how that works, as I've said I don't
think a kernel module should open listening sockets/cm_ids on every
namespace without being told to do this.



The issue is not about starting a listener.  The issue is on
namespace deletion.




--
K. Poon
ka-cheong.poon@xxxxxxxxxx
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux