From: Leon Romanovsky <leon-2ukJVAZIZ/Y@public.gmane.org>
To: Dan Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org
Subject: Re: [RFC PATCH v2 11/13] ib/core: Enforce Infiniband device SMI security
Date: Thu, 7 Apr 2016 23:44:56 +0300 [thread overview]
Message-ID: <20160407204456.GB12844@leon.nu> (raw)
In-Reply-To: <1459985638-37233-12-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 4038 bytes --]
On Thu, Apr 07, 2016 at 02:33:56AM +0300, Dan Jurgens wrote:
> From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
>
> During MAD and snoop agent registration for SMI QPs check that the
> calling process has permission to access the SMI.
>
> When sending and receiving MADs check that the agent has access to the
> SMI if it's on an SMI QP. Because security policy can change it's
> possible permission was allowed when creating the agent, but no longer
> is.
>
> Signed-off-by: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> Reviewed-by: Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
> ---
> drivers/infiniband/core/mad.c | 52 ++++++++++++++++++++++++++++++++++++++++-
> 1 files changed, 51 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
> index 907f8ee..b5f42ad 100644
> --- a/drivers/infiniband/core/mad.c
> +++ b/drivers/infiniband/core/mad.c
> @@ -349,6 +349,21 @@ struct ib_mad_agent *ib_register_mad_agent(struct ib_device *device,
> goto error3;
> }
>
> + if (qp_type == IB_QPT_SMI) {
> + ret2 = security_ibdev_smi(device->name,
> + port_num,
> + &mad_agent_priv->agent);
> + if (ret2) {
> + dev_err(&device->dev,
> + "%s: Access Denied. Err: %d\n",
Please convert it to lower case.
Can malicious user flood the system with this print?
> + __func__,
> + ret2);
> +
> + ret = ERR_PTR(ret2);
> + goto error4;
> + }
> + }
> +
> if (mad_reg_req) {
> reg_req = kmemdup(mad_reg_req, sizeof *reg_req, GFP_KERNEL);
> if (!reg_req) {
> @@ -535,6 +550,22 @@ struct ib_mad_agent *ib_register_mad_snoop(struct ib_device *device,
> goto error2;
> }
>
> + if (qp_type == IB_QPT_SMI) {
> + err = security_ibdev_smi(device->name,
> + port_num,
> + &mad_snoop_priv->agent);
> +
> + if (err) {
> + dev_err(&device->dev,
> + "%s: Access Denied. Err: %d\n",
The same as above.
> + __func__,
> + err);
> +
> + ret = ERR_PTR(err);
> + goto error3;
> + }
> + }
> +
> /* Now, fill in the various structures */
> mad_snoop_priv->qp_info = &port_priv->qp_info[qpn];
> mad_snoop_priv->agent.device = device;
> @@ -1248,6 +1279,7 @@ int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
>
> /* Walk list of send WRs and post each on send list */
> for (; send_buf; send_buf = next_send_buf) {
> + int err = 0;
>
> mad_send_wr = container_of(send_buf,
> struct ib_mad_send_wr_private,
> @@ -1255,6 +1287,16 @@ int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
> mad_agent_priv = mad_send_wr->mad_agent_priv;
> pkey_index = mad_send_wr->send_wr.pkey_index;
>
> + if (mad_agent_priv->agent.qp->qp_type == IB_QPT_SMI)
> + err = security_ibdev_smi(mad_agent_priv->agent.device->name,
> + mad_agent_priv->agent.port_num,
> + &mad_agent_priv->agent);
> +
> + if (err) {
> + ret = err;
> + goto error;
> + }
> +
> ret = ib_security_enforce_mad_agent_pkey_access(
> mad_agent_priv->agent.device,
> mad_agent_priv->agent.port_num,
> @@ -1997,7 +2039,15 @@ static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv,
> struct ib_mad_send_wr_private *mad_send_wr;
> struct ib_mad_send_wc mad_send_wc;
> unsigned long flags;
> - int ret;
> + int ret = 0;
> +
> + if (mad_agent_priv->agent.qp->qp_type == IB_QPT_SMI)
> + ret = security_ibdev_smi(mad_agent_priv->agent.device->name,
> + mad_agent_priv->agent.port_num,
> + &mad_agent_priv->agent);
> +
> + if (ret)
> + goto security_error;
>
> ret = ib_security_enforce_mad_agent_pkey_access(
> mad_agent_priv->agent.device,
> --
> 1.7.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Leon Romanovsky <leon@leon.nu>
To: Dan Jurgens <danielj@mellanox.com>
Cc: selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
linux-rdma@vger.kernel.org, yevgenyp@mellanox.com
Subject: Re: [RFC PATCH v2 11/13] ib/core: Enforce Infiniband device SMI security
Date: Thu, 7 Apr 2016 23:44:56 +0300 [thread overview]
Message-ID: <20160407204456.GB12844@leon.nu> (raw)
In-Reply-To: <1459985638-37233-12-git-send-email-danielj@mellanox.com>
[-- Attachment #1: Type: text/plain, Size: 3933 bytes --]
On Thu, Apr 07, 2016 at 02:33:56AM +0300, Dan Jurgens wrote:
> From: Daniel Jurgens <danielj@mellanox.com>
>
> During MAD and snoop agent registration for SMI QPs check that the
> calling process has permission to access the SMI.
>
> When sending and receiving MADs check that the agent has access to the
> SMI if it's on an SMI QP. Because security policy can change it's
> possible permission was allowed when creating the agent, but no longer
> is.
>
> Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
> Reviewed-by: Eli Cohen <eli@mellanox.com>
> ---
> drivers/infiniband/core/mad.c | 52 ++++++++++++++++++++++++++++++++++++++++-
> 1 files changed, 51 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
> index 907f8ee..b5f42ad 100644
> --- a/drivers/infiniband/core/mad.c
> +++ b/drivers/infiniband/core/mad.c
> @@ -349,6 +349,21 @@ struct ib_mad_agent *ib_register_mad_agent(struct ib_device *device,
> goto error3;
> }
>
> + if (qp_type == IB_QPT_SMI) {
> + ret2 = security_ibdev_smi(device->name,
> + port_num,
> + &mad_agent_priv->agent);
> + if (ret2) {
> + dev_err(&device->dev,
> + "%s: Access Denied. Err: %d\n",
Please convert it to lower case.
Can malicious user flood the system with this print?
> + __func__,
> + ret2);
> +
> + ret = ERR_PTR(ret2);
> + goto error4;
> + }
> + }
> +
> if (mad_reg_req) {
> reg_req = kmemdup(mad_reg_req, sizeof *reg_req, GFP_KERNEL);
> if (!reg_req) {
> @@ -535,6 +550,22 @@ struct ib_mad_agent *ib_register_mad_snoop(struct ib_device *device,
> goto error2;
> }
>
> + if (qp_type == IB_QPT_SMI) {
> + err = security_ibdev_smi(device->name,
> + port_num,
> + &mad_snoop_priv->agent);
> +
> + if (err) {
> + dev_err(&device->dev,
> + "%s: Access Denied. Err: %d\n",
The same as above.
> + __func__,
> + err);
> +
> + ret = ERR_PTR(err);
> + goto error3;
> + }
> + }
> +
> /* Now, fill in the various structures */
> mad_snoop_priv->qp_info = &port_priv->qp_info[qpn];
> mad_snoop_priv->agent.device = device;
> @@ -1248,6 +1279,7 @@ int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
>
> /* Walk list of send WRs and post each on send list */
> for (; send_buf; send_buf = next_send_buf) {
> + int err = 0;
>
> mad_send_wr = container_of(send_buf,
> struct ib_mad_send_wr_private,
> @@ -1255,6 +1287,16 @@ int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
> mad_agent_priv = mad_send_wr->mad_agent_priv;
> pkey_index = mad_send_wr->send_wr.pkey_index;
>
> + if (mad_agent_priv->agent.qp->qp_type == IB_QPT_SMI)
> + err = security_ibdev_smi(mad_agent_priv->agent.device->name,
> + mad_agent_priv->agent.port_num,
> + &mad_agent_priv->agent);
> +
> + if (err) {
> + ret = err;
> + goto error;
> + }
> +
> ret = ib_security_enforce_mad_agent_pkey_access(
> mad_agent_priv->agent.device,
> mad_agent_priv->agent.port_num,
> @@ -1997,7 +2039,15 @@ static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv,
> struct ib_mad_send_wr_private *mad_send_wr;
> struct ib_mad_send_wc mad_send_wc;
> unsigned long flags;
> - int ret;
> + int ret = 0;
> +
> + if (mad_agent_priv->agent.qp->qp_type == IB_QPT_SMI)
> + ret = security_ibdev_smi(mad_agent_priv->agent.device->name,
> + mad_agent_priv->agent.port_num,
> + &mad_agent_priv->agent);
> +
> + if (ret)
> + goto security_error;
>
> ret = ib_security_enforce_mad_agent_pkey_access(
> mad_agent_priv->agent.device,
> --
> 1.7.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-04-07 20:44 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 23:33 [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 07/13] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security Dan Jurgens
[not found] ` <1459985638-37233-9-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 2:53 ` Leon Romanovsky
2016-04-07 2:53 ` Leon Romanovsky
2016-04-07 15:43 ` Daniel Jurgens
2016-04-07 15:43 ` Daniel Jurgens
2016-04-07 15:09 ` Leon Romanovsky
2016-04-07 15:09 ` Leon Romanovsky
2016-04-06 23:33 ` [RFC PATCH v2 11/13] ib/core: Enforce Infiniband device SMI security Dan Jurgens
[not found] ` <1459985638-37233-12-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 20:44 ` Leon Romanovsky [this message]
2016-04-07 20:44 ` Leon Romanovsky
2016-04-07 21:55 ` Daniel Jurgens
2016-04-07 21:55 ` Daniel Jurgens
[not found] ` <1459985638-37233-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-06 23:33 ` [RFC PATCH v2 01/13] security: Add LSM hooks for Infiniband security Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 02/13] selinux: Create policydb version for Infiniband support Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 03/13] selinux: Implement Infiniband flush callback Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 04/13] selinux: Allocate and free infiniband security hooks Dan Jurgens
[not found] ` <1459985638-37233-5-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-11 15:24 ` Casey Schaufler
2016-04-11 15:24 ` Casey Schaufler
2016-04-11 20:41 ` Daniel Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 05/13] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 06/13] selinux: Add IB Device SMI " Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs Dan Jurgens
[not found] ` <1459985638-37233-10-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 16:31 ` Leon Romanovsky
2016-04-07 16:31 ` Leon Romanovsky
2016-04-07 17:03 ` Daniel Jurgens
2016-04-07 17:03 ` Daniel Jurgens
[not found] ` <DB5PR05MB111169883324ADC42E52C4D6C4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-07 17:39 ` leon-2ukJVAZIZ/Y
2016-04-07 17:39 ` leon
2016-04-07 17:44 ` Daniel Jurgens
2016-04-07 17:44 ` Daniel Jurgens
2016-04-07 21:02 ` Daniel Jurgens
2016-04-07 21:02 ` Daniel Jurgens
[not found] ` <DB5PR05MB11113874870EBBE896E0D601C4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-07 21:10 ` leon-2ukJVAZIZ/Y
2016-04-07 21:10 ` leon
2016-04-07 21:23 ` Daniel Jurgens
2016-04-07 21:23 ` Daniel Jurgens
[not found] ` <DB5PR05MB11115DF816F6CEAD7738201EC4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-07 23:24 ` leon-2ukJVAZIZ/Y
2016-04-07 23:24 ` leon
2016-04-06 23:33 ` [RFC PATCH v2 10/13] ib/core: Enforce PKey security on management datagrams Dan Jurgens
[not found] ` <1459985638-37233-11-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 20:39 ` Leon Romanovsky
2016-04-07 20:39 ` Leon Romanovsky
2016-04-06 23:33 ` [RFC PATCH v2 12/13] ib/core: Track which QPs are using which port and PKey index Dan Jurgens
[not found] ` <1459985638-37233-13-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 20:53 ` Leon Romanovsky
2016-04-07 20:53 ` Leon Romanovsky
2016-04-06 23:33 ` [RFC PATCH v2 13/13] ib/core: Implement the Infiniband flush callback Dan Jurgens
2016-04-11 20:11 ` [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA Jason Gunthorpe
2016-04-11 20:11 ` Jason Gunthorpe
2016-04-11 20:38 ` Daniel Jurgens
2016-04-11 20:38 ` Daniel Jurgens
[not found] ` <DB5PR05MB111168B6670B36F12979705BC4940-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-11 22:12 ` Jason Gunthorpe
2016-04-11 22:12 ` Jason Gunthorpe
2016-04-11 22:30 ` Daniel Jurgens
2016-04-11 22:30 ` Daniel Jurgens
[not found] ` <DB5PR05MB1111E6A72480FF78AAB12747C4940-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-11 23:12 ` Jason Gunthorpe
2016-04-11 23:12 ` Jason Gunthorpe
2016-04-11 23:35 ` Daniel Jurgens
2016-04-11 23:35 ` Daniel Jurgens
2016-04-12 0:06 ` Jason Gunthorpe
[not found] ` <20160412000621.GD5861-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-04-12 5:21 ` Hal Rosenstock
2016-04-12 5:21 ` Hal Rosenstock
2016-04-12 17:06 ` Hefty, Sean
2016-04-12 17:58 ` Jason Gunthorpe
[not found] ` <20160412175837.GA15027-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-04-13 12:09 ` Hal Rosenstock
2016-04-13 12:09 ` Hal Rosenstock
2016-04-13 13:17 ` Daniel Jurgens
2016-04-13 13:17 ` Daniel Jurgens
2016-04-13 5:07 ` Hal Rosenstock
2016-04-13 16:47 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB041285-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-04-14 0:27 ` Ira Weiny
2016-04-14 0:27 ` Ira Weiny
2016-04-14 0:31 ` Ira Weiny
2016-04-14 4:22 ` Hefty, Sean
2016-04-14 4:22 ` Hefty, Sean
2016-04-14 13:11 ` Daniel Jurgens
2016-04-14 13:11 ` Daniel Jurgens
[not found] ` <AM2PR05MB1105E03BDEE8ED9552C8EDE7C4970-Wc3DjHnhGidZ7IXwgIC3xtqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-14 16:26 ` Ira Weiny
2016-04-14 16:26 ` Ira Weiny
2016-04-14 16:49 ` Daniel Jurgens
2016-04-14 16:49 ` Daniel Jurgens
[not found] ` <AM2PR05MB11059E1985CE6544FAE4BA00C4970-Wc3DjHnhGidZ7IXwgIC3xtqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-14 21:58 ` Ira Weiny
2016-04-14 21:58 ` Ira Weiny
2016-04-14 13:06 ` Daniel Jurgens
2016-04-14 13:06 ` Daniel Jurgens
2016-04-12 16:45 ` Daniel Jurgens
2016-04-12 16:45 ` Daniel Jurgens
2016-04-12 5:12 ` Hal Rosenstock
2016-04-12 16:43 ` Daniel Jurgens
2016-04-12 16:43 ` Daniel Jurgens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160407204456.GB12844@leon.nu \
--to=leon-2ukjvaziz/y@public.gmane.org \
--cc=danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.