Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-8874 Adapt ko2iblnd to latest RDMA changes
  3. LU-9026

Adapt to the removal of ib_get_dma_mr()

    XMLWordPrintable

Details

    • Technical task
    • Resolution: Fixed
    • Blocker
    • Lustre 2.10.0, Upstream
    • Lustre 2.10.0, Upstream
    • 9223372036854775807

    Description

         As part of recent (last September) RDMA changes, the routine ib_get_dma_mr() was deleted and an extra "flags" parameter was added to ib_alloc_pd().  This was all done to stop upper layers from accessing the R-key for unregistered DMA memory regions.  It seems that this opens the door to accessing any physical memory you want on a remote system thereby being a security issue.

      For the applicable changes, see these two kernel commits:

       
      from 4.9-rc1: change of arguments number for ib_alloc_pd
      commit ed082d36a7b2c27d1cda55fdfb28af18040c4a89
      Author: Christoph Hellwig <hch@lst.de>
      Date:   Mon Sep 5 12:56:17 2016 +0200
      from 4.9-rc1: removal of ib_get_dma_mr
      commit 5ef990f06bd7e3cf521b5705d898d8e43d04ea90
      Author: Christoph Hellwig <hch@lst.de>
      Date:   Mon Sep 5 12:56:21 2016 +0200
       

      LNet uses unregistered memory regions for short messages (lower latency).  A "method" of still allowing us to work as we did before was added in the form of a PD variable called "unsafe_global_rkey" which is populated if you pass the flag "IB_PD_UNSAFE_GLOBAL_RKEY" as the new flags parameter to ib_alloc_pd().  As the name implies, this is considered unsafe and should not be done unless you are very confident in your security.  Using it will trigger a warning to the kernel console.

      This change has caused a kernel maintainer to mark ko2iblnd as "BROKEN" in the 4.10 kernel build.  To get rid of this broken tag, we need to fix this quickly so I am going to make use of the unsafe flag so I do not have to re-architect ko2iblnd for short messages.  We need to test how much of a performance hit we get on short messages if we have to register all memory regions for better security.  There is not enough time to do that now.

      So, this ticket was created to track the following changes to the staging version of LNet:

      1. Remove the BROKEN tag from lnet/Kconfig.
      2. Pass the IB_PD_UNSAFE_GLOBAL_RKEY flag when calling ib_alloc_pd().
      3. Everywhere we are using the device DMA mr to derive the R-key for non-registered memory regions, use the pd->unsafe_global_rkey value instead (this will get rid of our call to ib_get_dma_mr()).

      Once this is landed to staging, use this ticket to also make the change to community master with the necessary compile hooks to ensure the change is only done when it makes sense.

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. LU-9932 LU-9026, LU-9500, and LU-9472 backports

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-9983 LBUG llog_osd.c:327:llog_osd_declare_write_rec() - all DNE MDS

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-6215 Sync Lustre external tree with lustre linux kernel client

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              doug Doug Oucharek (Inactive)
              doug Doug Oucharek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: