[ofw] NetworkDirect API: Loading of "NDv2 Provider for Mellanox WinOF-2" requires admin privileges

Schmitt, Hubert Hubert.Schmitt at oce.com
Mon Sep 3 03:36:57 PDT 2018


Hello all,
I have an issue in my NetworkDirect RDMA application when loading the Mellanox NDv2 provider. It seems as the newer WinOF-2 driver for ConnectX-4 IB HCAs (mlx5nd.dll) requires that the connecting process has adminstrator privileges.
Because when running my application with normal user privileges, I get an error 0x80070005 (Access denied), whereas this has never been an issue with the older WinOF driver for ConnectX-3 HCAs (mlx4nd.dll).
Here the failing code sequence from my ndhelper.cpp:
static HMODULE      g_hProvider  = NULL;
static IND2Provider g_pIProvider = NULL;
static HRESULT LoadProvider( __in WSAPROTOCOL_INFOW* pProtocol )
{
    WCHAR* pPath = ::GetProviderPath( pProtocol ); // %SystemRoot%\System32\mlx5nd.dll
     g_hProvider = ::LoadLibraryW( pPath );
    ::HeapFree( ::GetProcessHeap(), 0, pPath );
    DLLGETCLASSOBJECT pfnDllGetClassObject = reinterpret_cast<DLLGETCLASSOBJECT>(
        ::GetProcAddress( g_hProvider, "DllGetClassObject" )
    );
    DLLGETCLASSOBJECT pfnDllCanUnloadNow = reinterpret_cast<DLLCANUNLOADNOW>(
        ::GetProcAddress(g_hProvider, "DllCanUnloadNow")
    );
    IClassFactory* pClassFactory;
    HRESULT hr = pfnDllGetClassObject(
        pProtocol->ProviderId,
        IID_IClassFactory,
        reinterpret_cast<void**>(&pClassFactory)
    );
    if (g_pIProvider == NULL) {
        hr = pClassFactory->CreateInstance(
            NULL,
            IID_IND2Provider,
            reinterpret_cast<void**>(&g_pIProvider)
        );
        if (FAILED(hr)) {
            TRACE("ClassFactory->CreateInstance(IID_IND2Provider) failed with error 0x%08X", hr); // Without having admin rights, always ending up here!
            g_pIProvider = NULL;
        }
        pClassFactory->Release();
    }
}

Unfortunately, just giving my process admin privileges is not an option for me. So I would appreciate if someone has an idea how to overcome this issue.
Perhaps some tuning of security configuration via dcomcnfg or the like(?)
BTW: The Mellanox-provided tools nd_read_bw.exe and nd_write_bw.exe have the same behavior:

  *   Those from WinOF driver 5.35 on ConnectX-3 FDR HCA can run WITH or WITHOUT admin privileges.
  *   Those from WinOF-2 driver 1.80 on ConnectX-4 EDR HCA can run only WITH admin privileges.
My system configuration:

  *   HPE DL380Gen10
  *   ConnectX-4 EDR Infiniband HCA (HPEIB EDR/EN 100Gb 2P 840QSFP28)
  *   Windows Server 2012 R2
  *   Mellanox WinOF-2 version 1.80
Thanks and Regards,
Hubert

This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or with a 'reply' message and delete the message and its attachment(s), if any, from your system(s). Thank you for your co-operation.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20180903/4da6be2b/attachment-0001.html>


More information about the ofw mailing list