[Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
Stefan Metzmacher
metze at samba.org
Sat Sep 22 03:56:26 UTC 2018
Hi,
>> + req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE;
>> + if (need_invalidate)
>> + req->Channel = SMB2_CHANNEL_RDMA_V1;
>> + req->ReadChannelInfoOffset =
>> + offsetof(struct smb2_read_plain_req, Buffer);
>> + req->ReadChannelInfoLength =
>> + sizeof(struct smbd_buffer_descriptor_v1);
>> + v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0];
>> + v1->offset = rdata->mr->mr->iova;
>
> It's unnecessary, and possibly leaking kernel information, to use
> the IOVA as the offset of a memory region which is registered using
> an FRWR. Because such regions are based on the exact bytes targeted
> by the memory handle, the offset can be set to any value, typically
> zero, but nearly arbitrary. As long as the (offset + length) does
> not wrap or otherwise overflow, offset can be set to anything
> convenient.
>
> Since SMB reads and writes range up to 8MB, I'd suggest zeroing the
> least significant 23 bits, which should guarantee it. The other 41
> bits, party on. You could randomize them, pass some clever identifier
> such as MID sequence, whatever.
I just tested that setting:
mr->iova &= (PAGE_SIZE - 1);
mr->iova |= 0xFFFFFFFF00000000;
after the ib_map_mr_sg() and before doing the IB_WR_REG_MR, seems to work.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180922/a9bc061f/signature.sig>
More information about the samba-technical
mailing list