0 Replies Latest reply on Aug 31, 2018 6:10 AM by husch

    NetworkDirect API: Loading of "NDv2 Provider for Mellanox WinOF-2" requires admin privileges

    husch

      Hello everybody,

       

      I have an issue in my NetworkDirect RDMA application when loading the Mellanox NDv2 provider. It seems as the newer WinOF-2 driver for ConnectX-4 IB HCAs (mlx5nd.dll) requires that the connecting process has adminstrator privileges.

      Because when running my application with normal user privileges, I get an error 0x80070005 (Access denied), whereas this has never been an issue with the older WinOF driver for ConnectX-3 HCAs (mlx4nd.dll).

      Here the failing code sequence from my ndhelper.cpp:

       

      static HMODULE      g_hProvider  = NULL;

      static IND2Provider g_pIProvider = NULL;

       

      static HRESULT LoadProvider( __in WSAPROTOCOL_INFOW* pProtocol )

      {

          WCHAR* pPath = ::GetProviderPath( pProtocol ); // %SystemRoot%\System32\mlx5nd.dll

           g_hProvider = ::LoadLibraryW( pPath );

          ::HeapFree( ::GetProcessHeap(), 0, pPath );

         

          DLLGETCLASSOBJECT pfnDllGetClassObject = reinterpret_cast<DLLGETCLASSOBJECT>(

              ::GetProcAddress( g_hProvider, "DllGetClassObject" )

          );

       

          DLLGETCLASSOBJECT pfnDllCanUnloadNow = reinterpret_cast<DLLCANUNLOADNOW>(

              ::GetProcAddress(g_hProvider, "DllCanUnloadNow")

          );

       

          IClassFactory* pClassFactory;

       

          HRESULT hr = pfnDllGetClassObject(

              pProtocol->ProviderId,

              IID_IClassFactory,

              reinterpret_cast<void**>(&pClassFactory)

          );

       

          if (g_pIProvider == NULL) {

              hr = pClassFactory->CreateInstance(

                  NULL,

                  IID_IND2Provider,

                  reinterpret_cast<void**>(&g_pIProvider)

              );

              if (FAILED(hr)) {

                  TRACE("ClassFactory->CreateInstance(IID_IND2Provider) failed with error 0x%08X", hr); // Without having admin rights, always ending up here!

                  g_pIProvider = NULL;

              }

              pClassFactory->Release();

          }

      }

       

      Unfortunately, just giving my process admin privileges is not an option for me. So I would appreciate if someone has an idea how to overcome this issue.

      Perhaps some tuning of security configuration via dcomcnfg or the like(?)

       

      BTW: The Mellanox-provided tools nd_read_bw.exe and nd_write_bw.exe have the same behavior:

      • Those from WinOF driver 5.35 on ConnectX-3 FDR HCA can run WITH or WITHOUT admin privileges.
      • Those from WinOF-2 driver 1.80 on ConnectX-4 EDR HCA can run only WITH admin privileges.

       

       

      My system configuration:

      • HPE DL380Gen10
      • ConnectX-4 EDR Infiniband HCA (HPEIB EDR/EN 100Gb 2P 840QSFP28)
      • Windows Server 2012 R2
      • Mellanox WinOF-2 version 1.80

       

      Thanks and Regards