[ofw] WinVerbs address translation required administrative privileges

Hefty, Sean sean.hefty at intel.com
Wed Mar 7 14:07:37 PST 2012


According to the initial bug report, the function below is what's failing.  There's nothing obvious to me why it should fail without administrative permission.  It sounds like the CreateFileW() call is failing.

TranslateAddress(const SOCKADDR* pAddress, WV_DEVICE_ADDRESS* pDeviceAddress)
{
	HANDLE hIbat;
	IOCTL_IBAT_IP_TO_PORT_IN addr;
	IBAT_PORT_RECORD port;
	DWORD bytes;
	HRESULT hr;

	hIbat = CreateFileW(IBAT_WIN32_NAME, GENERIC_READ | GENERIC_WRITE,
						FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
						OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
	if (hIbat == INVALID_HANDLE_VALUE) {
		return HRESULT_FROM_WIN32(GetLastError());
	}

	addr.Version = IBAT_IOCTL_VERSION;
	if (pAddress->sa_family == AF_INET) {
		addr.Address.IpVersion = 4;
		RtlCopyMemory(addr.Address.Address + 12,
					  &((SOCKADDR_IN *)pAddress)->sin_addr, 4);
	} else {
		addr.Address.IpVersion = 6;
		RtlCopyMemory(addr.Address.Address,
					  &((SOCKADDR_IN6 *)pAddress)->sin6_addr, 16);
	}

	if (DeviceIoControl(hIbat, IOCTL_IBAT_IP_TO_PORT,
						&addr, sizeof addr, &port, sizeof port, &bytes, NULL)) {
		hr = WV_SUCCESS;
		pDeviceAddress->DeviceGuid = port.CaGuid;
		pDeviceAddress->Pkey = port.PKey;
		pDeviceAddress->PortNumber = port.PortNum;
	} else {
		hr = HRESULT_FROM_WIN32(GetLastError());
	}

	CloseHandle(hIbat);
	return hr;
}

If the printip test is included in the OFED release, that could be run to see if the permission issue is specific to IBAT, rather than some interaction between winverbs and ibat.  The following code in ipoib is where the ibat file gets created.

void
ipoib_ref_ibat()
{
	UNICODE_STRING      DeviceName;
    UNICODE_STRING      DeviceLinkUnicodeString;
    NDIS_DEVICE_OBJECT_ATTRIBUTES   DeviceObjectAttributes;
    PDRIVER_DISPATCH    DispatchTable[IRP_MJ_MAXIMUM_FUNCTION+1];

	NDIS_STATUS         Status = NDIS_STATUS_SUCCESS;

	IPOIB_ENTER( IPOIB_DBG_IOCTL );

	if( InterlockedIncrement( &g_ipoib.ibat_ref ) == 1 )
	{

		memset(DispatchTable, 0, (IRP_MJ_MAXIMUM_FUNCTION+1) * sizeof(PDRIVER_DISPATCH));
				
		DispatchTable[IRP_MJ_CREATE]					= __ipoib_create;
		DispatchTable[IRP_MJ_CLEANUP]					= __ipoib_cleanup;
		DispatchTable[IRP_MJ_CLOSE]						= __ipoib_close;
		DispatchTable[IRP_MJ_DEVICE_CONTROL]			= __ipoib_dispatch;
		DispatchTable[IRP_MJ_INTERNAL_DEVICE_CONTROL] 	= __ipoib_dispatch;		
		
				
		NdisInitUnicodeString( &DeviceName, IBAT_DEV_NAME );
		NdisInitUnicodeString( &DeviceLinkUnicodeString, IBAT_DOS_DEV_NAME );
				
		
		memset(&DeviceObjectAttributes, 0, sizeof(NDIS_DEVICE_OBJECT_ATTRIBUTES));
		
		DeviceObjectAttributes.Header.Type = NDIS_OBJECT_TYPE_DEFAULT; // type implicit from the context
		DeviceObjectAttributes.Header.Revision = NDIS_DEVICE_OBJECT_ATTRIBUTES_REVISION_1;
		DeviceObjectAttributes.Header.Size = sizeof(NDIS_DEVICE_OBJECT_ATTRIBUTES);
		DeviceObjectAttributes.DeviceName = &DeviceName;
		DeviceObjectAttributes.SymbolicName = &DeviceLinkUnicodeString;
		DeviceObjectAttributes.MajorFunctions = &DispatchTable[0];
		DeviceObjectAttributes.ExtensionSize = 0;
		DeviceObjectAttributes.DefaultSDDLString = NULL;
		DeviceObjectAttributes.DeviceClassGuid = 0;
		
		Status = NdisRegisterDeviceEx(
							g_IpoibMiniportDriverHandle,
							&DeviceObjectAttributes,
							&g_ipoib.h_ibat_dev,
							&g_ipoib.h_ibat_dev_handle);


	
		if( Status != NDIS_STATUS_SUCCESS )
		{
			IPOIB_PRINT( TRACE_LEVEL_ERROR, IPOIB_DBG_ERROR, 
				("NdisRegisterDeviceEx failed with status of %d\n", Status) );
		}
	}

	IPOIB_EXIT( IPOIB_DBG_IOCTL );
}

Note that the default SDDL string is set to NULL.  Is there a registry setting for ipoib (possibly inherited from NDIS or somewhere else) that gets used if the SDDL is NULL?

- Sean



More information about the ofw mailing list