From: "ira.weiny" <ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
To: Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Cc: kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
John Fleck <john.fleck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH v8 2/4] IB/core: Add rdma netlink helper functions
Date: Tue, 4 Aug 2015 20:48:31 -0400 [thread overview]
Message-ID: <20150805004830.GA23589@phlsvsds.ph.intel.com> (raw)
In-Reply-To: <20150804031534.GA28707-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
On Mon, Aug 03, 2015 at 09:15:34PM -0600, Jason Gunthorpe wrote:
> On Thu, Jul 09, 2015 at 01:34:26PM -0400, kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org wrote:
> > From: Kaike Wan <kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> >
> > This patch adds a function to check if listeners for a netlink multicast
> > group are present. It also adds a function to receive netlink response
> > messages.
> >
> > Signed-off-by: Kaike Wan <kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> > Signed-off-by: John Fleck <john.fleck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> > Signed-off-by: Ira Weiny <ira.weiny-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
> > drivers/infiniband/core/netlink.c | 55 +++++++++++++++++++++++++++++++++++++
> > include/rdma/rdma_netlink.h | 7 +++++
> > 2 files changed, 62 insertions(+), 0 deletions(-)
> >
> > diff --git a/drivers/infiniband/core/netlink.c b/drivers/infiniband/core/netlink.c
> > index 23dd5a5..d47df93 100644
> > +++ b/drivers/infiniband/core/netlink.c
> > @@ -49,6 +49,14 @@ static DEFINE_MUTEX(ibnl_mutex);
> > static struct sock *nls;
> > static LIST_HEAD(client_list);
> >
> > +int ibnl_chk_listeners(unsigned int group)
> > +{
> > + if (netlink_has_listeners(nls, group) == 0)
> > + return -1;
> > + return 0;
> > +}
> > +EXPORT_SYMBOL(ibnl_chk_listeners);
>
> I was thinking about this today, and, where is the security?
>
> What prevents a non-root user from making the above true and/or worse?
We are using Netlink multicast. I believe that netlink_bind only allows root
to bind to multicast.
static int netlink_bind(struct socket *sock, struct sockaddr *addr,
int addr_len)
{
...
/* Only superuser is allowed to listen multicasts */
if (groups) {
if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
return -EPERM;
err = netlink_realloc_groups(sk);
if (err)
return err;
}
...
That said I have not tested the ability to change the timeout settings if one
were to bind without multicast and send a message.
I'll see if I can get some time to test this as Kaike is out on vacation.
Ira
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-08-05 0:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-09 17:34 [PATCH v8 0/4] Sending kernel pathrecord query to user cache server kaike.wan-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1436463268-32365-1-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-09 17:34 ` [PATCH v8 1/4] IB/netlink: Add defines for local service requests through netlink kaike.wan-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1436463268-32365-2-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-22 20:55 ` Jason Gunthorpe
[not found] ` <20150722205557.GA20815-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-23 12:41 ` Wan, Kaike
2015-07-09 17:34 ` [PATCH v8 2/4] IB/core: Add rdma netlink helper functions kaike.wan-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1436463268-32365-3-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-08-04 3:15 ` Jason Gunthorpe
[not found] ` <20150804031534.GA28707-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-08-05 0:48 ` ira.weiny [this message]
[not found] ` <20150805004830.GA23589-W4f6Xiosr+yv7QzWx2u06xL4W9x8LtSr@public.gmane.org>
2015-08-05 0:52 ` Jason Gunthorpe
2015-07-09 17:34 ` [PATCH v3 3/4] IB/sa: Allocate SA query with kzalloc kaike.wan-ral2JQCrhuEAvxtiuMwx3w
2015-07-09 17:34 ` [PATCH v8 4/4] IB/sa: Route SA pathrecord query through netlink kaike.wan-ral2JQCrhuEAvxtiuMwx3w
[not found] ` <1436463268-32365-5-git-send-email-kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-22 21:09 ` Jason Gunthorpe
[not found] ` <20150722210918.GB20815-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-07-23 19:26 ` Wan, Kaike
[not found] ` <3F128C9216C9B84BB6ED23EF16290AFB0CB55290-8k97q/ur5Z2krb+BlOpmy7fspsVTdybXVpNB7YpNyf8@public.gmane.org>
2015-07-23 20:14 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150805004830.GA23589@phlsvsds.ph.intel.com \
--to=ira.weiny-ral2jqcrhueavxtiumwx3w@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=john.fleck-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=kaike.wan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.