[ofw] NetworkDirect API: Loading of "NDv2 Provider for Mellanox WinOF-2" requires admin privileges

Tziporet Koren tziporet at mellanox.com
Tue Sep 4 09:52:55 PDT 2018


Sean

Thanks for answering.
Eilon can you look into this?



Tziporet Koren
VP of SW
Mellanox Technologies Ltd.
Mobile: +972-54-4689426


-------- Original message --------
From: "Hefty, Sean" <sean.hefty at intel.com>
Date: 04/09/2018 7:33 pm (GMT+02:00)
To: "Schmitt, Hubert" <Hubert.Schmitt at oce.com>, ofw at lists.openfabrics.org
Subject: Re: [ofw] NetworkDirect API: Loading of "NDv2 Provider for Mellanox WinOF-2" requires admin privileges

I didn't realize this mailing list was still active.  For most windows questions, you will need to contact the vendor directly.  AFAIK, the Windows OFED development hasn't been active in years, and went away once Microsoft created NetworkDirect.

- Sean


> Hello all,
>
> I have an issue in my NetworkDirect RDMA application when loading the
> Mellanox NDv2 provider. It seems as the newer WinOF-2 driver for
> ConnectX-4 IB HCAs (mlx5nd.dll) requires that the connecting process
> has adminstrator privileges.
>
> Because when running my application with normal user privileges, I get
> an error 0x80070005 (Access denied), whereas this has never been an
> issue with the older WinOF driver for ConnectX-3 HCAs (mlx4nd.dll).
>
> Here the failing code sequence from my ndhelper.cpp:
>
> static HMODULE      g_hProvider  = NULL;
> static IND2Provider g_pIProvider = NULL;
>
> static HRESULT LoadProvider( __in WSAPROTOCOL_INFOW* pProtocol ) {
>     WCHAR* pPath = ::GetProviderPath( pProtocol ); //
> %SystemRoot%\System32\mlx5nd.dll
>      g_hProvider = ::LoadLibraryW( pPath );
>     ::HeapFree( ::GetProcessHeap(), 0, pPath );
>
>     DLLGETCLASSOBJECT pfnDllGetClassObject =
> reinterpret_cast<DLLGETCLASSOBJECT>(
>         ::GetProcAddress( g_hProvider, "DllGetClassObject" )
>     );
>
>     DLLGETCLASSOBJECT pfnDllCanUnloadNow =
> reinterpret_cast<DLLCANUNLOADNOW>(
>         ::GetProcAddress(g_hProvider, "DllCanUnloadNow")
>     );
>
>     IClassFactory* pClassFactory;
>
>     HRESULT hr = pfnDllGetClassObject(
>         pProtocol->ProviderId,
>         IID_IClassFactory,
>         reinterpret_cast<void**>(&pClassFactory)
>     );
>
>     if (g_pIProvider == NULL) {
>         hr = pClassFactory->CreateInstance(
>             NULL,
>             IID_IND2Provider,
>             reinterpret_cast<void**>(&g_pIProvider)
>         );
>         if (FAILED(hr)) {
>             TRACE("ClassFactory->CreateInstance(IID_IND2Provider)
> failed with error 0x%08X", hr); // Without having admin rights, always
> ending up here!
>             g_pIProvider = NULL;
>         }
>         pClassFactory->Release();
>     }
> }
>
>
>
> Unfortunately, just giving my process admin privileges is not an
> option for me. So I would appreciate if someone has an idea how to
> overcome this issue.
> Perhaps some tuning of security configuration via dcomcnfg or the
> like(?)
>
> BTW: The Mellanox-provided tools nd_read_bw.exe and nd_write_bw.exe
> have the same behavior:
>
> *     Those from WinOF driver 5.35 on ConnectX-3 FDR HCA can run WITH
> or WITHOUT admin privileges.
> *     Those from WinOF-2 driver 1.80 on ConnectX-4 EDR HCA can run
> only WITH admin privileges.
>
> My system configuration:
>
> *     HPE DL380Gen10
> *     ConnectX-4 EDR Infiniband HCA (HPEIB EDR/EN 100Gb 2P 840QSFP28)
> *     Windows Server 2012 R2
> *     Mellanox WinOF-2 version 1.80
>
> Thanks and Regards,
> Hubert
>
>
>
> This message and attachment(s) are intended solely for use by the
> addressee and may contain information that is privileged, confidential
> or otherwise exempt from disclosure under applicable law. If you are
> not the intended recipient or agent thereof responsible for delivering
> this message to the intended recipient, you are hereby notified that
> any dissemination, distribution or copying of this communication is
> strictly prohibited. If you have received this communication in error,
> please notify the sender immediately by telephone or with a 'reply'
> message and delete the message and its attachment(s), if any, from
> your system(s). Thank you for your co-operation.
>
>

_______________________________________________
ofw mailing list
ofw at lists.openfabrics.org
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openfabrics.org%2Fmailman%2Flistinfo%2Fofw&data=02%7C01%7Ctziporet%40mellanox.com%7Cd3d9df97849742fb59d908d6128432d3%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636716756345475338&sdata=dzz%2FfF25tifvZ2Kl02lPDMxyQvYYkn5Sj0C8A%2FAxS10%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openfabrics.org/pipermail/ofw/attachments/20180904/2dc75066/attachment.html>


More information about the ofw mailing list