• Mark Bloch's avatar
    RDMA/mlx5: Create an indirect flow table for steering anchor · e1f4a52a
    Mark Bloch authored
    A misbehaved user can create a steering anchor that points to a kernel
    flow table and then destroy the anchor without freeing the associated
    STC. This creates a problem as the kernel can't destroy the flow
    table since there is still a reference to it. As a result, this can
    exhaust all available flow table resources, preventing other users from
    using the RDMA device.
    
    To prevent this problem, a solution is implemented where a special flow
    table with two steering rules is created when a user creates a steering
    anchor for the first time. The rules include one that drops all traffic
    and another that points to the kernel flow table. If the steering anchor
    is destroyed, only the rule pointing to the kernel's flow table is removed.
    Any traffic reaching the special flow table after that is dropped.
    
    Since the special flow table is not destroyed when the steering anchor is
    destroyed, any issues are prevented from occurring. The remaining resources
    are only destroyed when the RDMA device is destroyed, which happens after
    all DEVX objects are freed, including the STCs, thus mitigating the issue.
    
    Fixes: 0c6ab0ca ("RDMA/mlx5: Expose steering anchor to userspace")
    Signed-off-by: default avatarMark Bloch <mbloch@nvidia.com>
    Reviewed-by: default avatarMaor Gottlieb <maorg@nvidia.com>
    Link: https://lore.kernel.org/r/b4a88a871d651fa4e8f98d552553c1cfe9ba2cd6.1685960567.git.leon@kernel.orgSigned-off-by: default avatarLeon Romanovsky <leon@kernel.org>
    e1f4a52a
mlx5_ib.h 45.3 KB