From: "leon-2ukJVAZIZ/Y@public.gmane.org" <leon-2ukJVAZIZ/Y@public.gmane.org>
To: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cc: "selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org"
<selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
"linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Yevgeny Petrilin
<yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
Date: Fri, 8 Apr 2016 00:10:56 +0300 [thread overview]
Message-ID: <20160407211056.GD12844@leon.nu> (raw)
In-Reply-To: <DB5PR05MB11113874870EBBE896E0D601C4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1492 bytes --]
On Thu, Apr 07, 2016 at 09:02:43PM +0000, Daniel Jurgens wrote:
> On 4/7/2016 11:31 AM, Leon Romanovsky wrote:
> > On Thu, Apr 07, 2016 at 02:33:54AM +0300, Dan Jurgens wrote:
> >
> >> + if (sec->qp == sec->qp->real_qp) {
> >> + /* The caller of this function holds the QP security
> >> + * mutex so this list traversal is safe
> >> + */
> >
> > Did the comment below pass checkpatch.pl?
>
> It did.
>
> >> + list_for_each_entry(shared_qp_sec,
> >> + &sec->shared_qp_list,
> >> + shared_qp_list) {
> >
> > Is this list always needed to be protected by lock?
> > In general, I prefer to see lock/unlock operations near protected code.
> > Otherwise, it is hard to follow all lock/unlock paths.
>
> The mutex is required, and I'm not sure how to push it lower safely.
> Consider the situation where a QP is being modified concurrently with an
> open_shared_qp. Unless the lock is held the entire time for each
> operation open_shared_qp could check permission using a ib_qp_security
> struct in a partially modified state, i.e. there could be a mix of new
> and old settings for the port/pkey index/alternate path. Shared QPs use
> the port and pkey setting for the underlying real QP with the shared qp
> q_security.
Common flow is to do everything in one place:
1. lock
2. check permissions
3. change
4. release lock
Your flow is much broader.
1. lock
2. check permission
3. do work
4. change
5. do work
6. release lock.
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: "leon@leon.nu" <leon@leon.nu>
To: Daniel Jurgens <danielj@mellanox.com>
Cc: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
Yevgeny Petrilin <yevgenyp@mellanox.com>
Subject: Re: [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs
Date: Fri, 8 Apr 2016 00:10:56 +0300 [thread overview]
Message-ID: <20160407211056.GD12844@leon.nu> (raw)
In-Reply-To: <DB5PR05MB11113874870EBBE896E0D601C4900@DB5PR05MB1111.eurprd05.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 1492 bytes --]
On Thu, Apr 07, 2016 at 09:02:43PM +0000, Daniel Jurgens wrote:
> On 4/7/2016 11:31 AM, Leon Romanovsky wrote:
> > On Thu, Apr 07, 2016 at 02:33:54AM +0300, Dan Jurgens wrote:
> >
> >> + if (sec->qp == sec->qp->real_qp) {
> >> + /* The caller of this function holds the QP security
> >> + * mutex so this list traversal is safe
> >> + */
> >
> > Did the comment below pass checkpatch.pl?
>
> It did.
>
> >> + list_for_each_entry(shared_qp_sec,
> >> + &sec->shared_qp_list,
> >> + shared_qp_list) {
> >
> > Is this list always needed to be protected by lock?
> > In general, I prefer to see lock/unlock operations near protected code.
> > Otherwise, it is hard to follow all lock/unlock paths.
>
> The mutex is required, and I'm not sure how to push it lower safely.
> Consider the situation where a QP is being modified concurrently with an
> open_shared_qp. Unless the lock is held the entire time for each
> operation open_shared_qp could check permission using a ib_qp_security
> struct in a partially modified state, i.e. there could be a mix of new
> and old settings for the port/pkey index/alternate path. Shared QPs use
> the port and pkey setting for the underlying real QP with the shared qp
> q_security.
Common flow is to do everything in one place:
1. lock
2. check permissions
3. change
4. release lock
Your flow is much broader.
1. lock
2. check permission
3. do work
4. change
5. do work
6. release lock.
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-04-07 21:10 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 23:33 [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 07/13] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 08/13] ib/core: IB cache enhancements to support Infiniband security Dan Jurgens
[not found] ` <1459985638-37233-9-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 2:53 ` Leon Romanovsky
2016-04-07 2:53 ` Leon Romanovsky
2016-04-07 15:43 ` Daniel Jurgens
2016-04-07 15:43 ` Daniel Jurgens
2016-04-07 15:09 ` Leon Romanovsky
2016-04-07 15:09 ` Leon Romanovsky
2016-04-06 23:33 ` [RFC PATCH v2 11/13] ib/core: Enforce Infiniband device SMI security Dan Jurgens
[not found] ` <1459985638-37233-12-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 20:44 ` Leon Romanovsky
2016-04-07 20:44 ` Leon Romanovsky
2016-04-07 21:55 ` Daniel Jurgens
2016-04-07 21:55 ` Daniel Jurgens
[not found] ` <1459985638-37233-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-06 23:33 ` [RFC PATCH v2 01/13] security: Add LSM hooks for Infiniband security Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 02/13] selinux: Create policydb version for Infiniband support Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 03/13] selinux: Implement Infiniband flush callback Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 04/13] selinux: Allocate and free infiniband security hooks Dan Jurgens
[not found] ` <1459985638-37233-5-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-11 15:24 ` Casey Schaufler
2016-04-11 15:24 ` Casey Schaufler
2016-04-11 20:41 ` Daniel Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 05/13] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 06/13] selinux: Add IB Device SMI " Dan Jurgens
2016-04-06 23:33 ` [RFC PATCH v2 09/13] ib/core: Enforce PKey security when modifying QPs Dan Jurgens
[not found] ` <1459985638-37233-10-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 16:31 ` Leon Romanovsky
2016-04-07 16:31 ` Leon Romanovsky
2016-04-07 17:03 ` Daniel Jurgens
2016-04-07 17:03 ` Daniel Jurgens
[not found] ` <DB5PR05MB111169883324ADC42E52C4D6C4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-07 17:39 ` leon-2ukJVAZIZ/Y
2016-04-07 17:39 ` leon
2016-04-07 17:44 ` Daniel Jurgens
2016-04-07 17:44 ` Daniel Jurgens
2016-04-07 21:02 ` Daniel Jurgens
2016-04-07 21:02 ` Daniel Jurgens
[not found] ` <DB5PR05MB11113874870EBBE896E0D601C4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-07 21:10 ` leon-2ukJVAZIZ/Y [this message]
2016-04-07 21:10 ` leon
2016-04-07 21:23 ` Daniel Jurgens
2016-04-07 21:23 ` Daniel Jurgens
[not found] ` <DB5PR05MB11115DF816F6CEAD7738201EC4900-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-07 23:24 ` leon-2ukJVAZIZ/Y
2016-04-07 23:24 ` leon
2016-04-06 23:33 ` [RFC PATCH v2 10/13] ib/core: Enforce PKey security on management datagrams Dan Jurgens
[not found] ` <1459985638-37233-11-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 20:39 ` Leon Romanovsky
2016-04-07 20:39 ` Leon Romanovsky
2016-04-06 23:33 ` [RFC PATCH v2 12/13] ib/core: Track which QPs are using which port and PKey index Dan Jurgens
[not found] ` <1459985638-37233-13-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-04-07 20:53 ` Leon Romanovsky
2016-04-07 20:53 ` Leon Romanovsky
2016-04-06 23:33 ` [RFC PATCH v2 13/13] ib/core: Implement the Infiniband flush callback Dan Jurgens
2016-04-11 20:11 ` [RFC PATCH v2 00/13] SELinux support for Infiniband RDMA Jason Gunthorpe
2016-04-11 20:11 ` Jason Gunthorpe
2016-04-11 20:38 ` Daniel Jurgens
2016-04-11 20:38 ` Daniel Jurgens
[not found] ` <DB5PR05MB111168B6670B36F12979705BC4940-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-11 22:12 ` Jason Gunthorpe
2016-04-11 22:12 ` Jason Gunthorpe
2016-04-11 22:30 ` Daniel Jurgens
2016-04-11 22:30 ` Daniel Jurgens
[not found] ` <DB5PR05MB1111E6A72480FF78AAB12747C4940-8IvNv+8VlcBJTpKhoUy7I9qRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-11 23:12 ` Jason Gunthorpe
2016-04-11 23:12 ` Jason Gunthorpe
2016-04-11 23:35 ` Daniel Jurgens
2016-04-11 23:35 ` Daniel Jurgens
2016-04-12 0:06 ` Jason Gunthorpe
[not found] ` <20160412000621.GD5861-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-04-12 5:21 ` Hal Rosenstock
2016-04-12 5:21 ` Hal Rosenstock
2016-04-12 17:06 ` Hefty, Sean
2016-04-12 17:58 ` Jason Gunthorpe
[not found] ` <20160412175837.GA15027-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-04-13 12:09 ` Hal Rosenstock
2016-04-13 12:09 ` Hal Rosenstock
2016-04-13 13:17 ` Daniel Jurgens
2016-04-13 13:17 ` Daniel Jurgens
2016-04-13 5:07 ` Hal Rosenstock
2016-04-13 16:47 ` Hefty, Sean
[not found] ` <1828884A29C6694DAF28B7E6B8A82373AB041285-P5GAC/sN6hkd3b2yrw5b5LfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2016-04-14 0:27 ` Ira Weiny
2016-04-14 0:27 ` Ira Weiny
2016-04-14 0:31 ` Ira Weiny
2016-04-14 4:22 ` Hefty, Sean
2016-04-14 4:22 ` Hefty, Sean
2016-04-14 13:11 ` Daniel Jurgens
2016-04-14 13:11 ` Daniel Jurgens
[not found] ` <AM2PR05MB1105E03BDEE8ED9552C8EDE7C4970-Wc3DjHnhGidZ7IXwgIC3xtqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-14 16:26 ` Ira Weiny
2016-04-14 16:26 ` Ira Weiny
2016-04-14 16:49 ` Daniel Jurgens
2016-04-14 16:49 ` Daniel Jurgens
[not found] ` <AM2PR05MB11059E1985CE6544FAE4BA00C4970-Wc3DjHnhGidZ7IXwgIC3xtqRiQSDpxhJvxpqHgZTriW3zl9H0oFU5g@public.gmane.org>
2016-04-14 21:58 ` Ira Weiny
2016-04-14 21:58 ` Ira Weiny
2016-04-14 13:06 ` Daniel Jurgens
2016-04-14 13:06 ` Daniel Jurgens
2016-04-12 16:45 ` Daniel Jurgens
2016-04-12 16:45 ` Daniel Jurgens
2016-04-12 5:12 ` Hal Rosenstock
2016-04-12 16:43 ` Daniel Jurgens
2016-04-12 16:43 ` Daniel Jurgens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160407211056.GD12844@leon.nu \
--to=leon-2ukjvaziz/y@public.gmane.org \
--cc=danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.