Re: [PATCH rdma-next v2 1/1] RDMA/mana_ib: return PD number to the user

Next message: Harshit Mogalapalli: "Re: [PATCH v5 next 5/7] iio: sca3000: use guard(mutex) to simplify return paths"
Previous message: Andy Shevchenko: "Re: [PATCH v6 5/5] iio: adc: ad9467: check for backend capabilities"
In reply to: Jason Gunthorpe: "Re: [PATCH rdma-next v2 1/1] RDMA/mana_ib: return PD number to the user"
Next in thread: Jason Gunthorpe: "Re: [PATCH rdma-next v2 1/1] RDMA/mana_ib: return PD number to the user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Konstantin Taranov

Date: Thu Feb 05 2026 - 11:39:34 EST

> On Thu, Feb 05, 2026 at 04:13:54AM -0800, Konstantin Taranov wrote:
> > From: Konstantin Taranov <kotaranov@xxxxxxxxxxxxx>
> >
> > Implement returning to userspace applications PDNs of created PDs.
> > The PDN is used by applications that build work requests outside of
> > the rdma-core code base. The PDN is used to build work requests that
> > require additional PD isolation checks. The requests can fit only 16 bit
> PDNs.
> > Allow users to request short PDNs which are 16 bits.
>
> What?
>
> PDN is protected information it should never be given to the HW directly
> from userspace.
>
> How can this possibly be secure?

As far as I know, it is secure as classical PD check for WQ exists and it is just some
additional requirement to mention PDN in a request. I am not the one
who created this requirement to mention PDN in the request, but I got an ask to
expose that since some vendors do that, and there were no security concerns
(see struct mlx5dv_pd from mlx5dv_init_obj()). It seems is not a concern when
the PDN is set from user-space into the address vector (see fill_ud_av() from hns,
mlx4_create_ah(). and mthca_alloc_av()). As far as I understand, the use-case
aimed here is similar to address vectors.

- Konstantin

>
> Jason