From: Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: [rdma-next 07/33] RDMA/netlink: Add flag to consolidate common handing
Date: Tue, 1 Aug 2017 15:05:10 +0300 [thread overview]
Message-ID: <20170801120536.540-8-leon@kernel.org> (raw)
In-Reply-To: <20170801120536.540-1-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
From: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Add ability to provide flags to control RDMA netlink callbacks
and convert addr.c and sa_query.c to be first users of such
infrastructure. It allows to move their CAP_NET_ADMIN checks
into netlink core.
Signed-off-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Reviewed-by: Steve Wise <swise-7bPotxP6k4+P2YhJcF5u+vpXobYPEAuW@public.gmane.org>
---
drivers/infiniband/core/addr.c | 3 +--
drivers/infiniband/core/device.c | 12 +++++++++---
drivers/infiniband/core/netlink.c | 4 ++++
drivers/infiniband/core/sa_query.c | 6 ++----
include/rdma/rdma_netlink.h | 6 ++++++
5 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
index 01236cef7bfb..9f3339861ec5 100644
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -134,8 +134,7 @@ int ib_nl_handle_ip_res_resp(struct sk_buff *skb,
const struct nlmsghdr *nlh = (struct nlmsghdr *)cb->nlh;
if ((nlh->nlmsg_flags & NLM_F_REQUEST) ||
- !(NETLINK_CB(skb).sk) ||
- !netlink_capable(skb, CAP_NET_ADMIN))
+ !(NETLINK_CB(skb).sk))
return -EPERM;
if (ib_nl_is_good_ip_resp(nlh))
diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c
index 298258c40d30..1c5276e6e7f6 100644
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -1088,11 +1088,17 @@ EXPORT_SYMBOL(ib_get_net_dev_by_params);
static const struct ibnl_client_cbs ibnl_ls_cb_table[] = {
[RDMA_NL_LS_OP_RESOLVE] = {
- .dump = ib_nl_handle_resolve_resp},
+ .dump = ib_nl_handle_resolve_resp,
+ .flags = RDMA_NL_ADMIN_PERM,
+ },
[RDMA_NL_LS_OP_SET_TIMEOUT] = {
- .dump = ib_nl_handle_set_timeout},
+ .dump = ib_nl_handle_set_timeout,
+ .flags = RDMA_NL_ADMIN_PERM,
+ },
[RDMA_NL_LS_OP_IP_RESOLVE] = {
- .dump = ib_nl_handle_ip_res_resp},
+ .dump = ib_nl_handle_ip_res_resp,
+ .flags = RDMA_NL_ADMIN_PERM,
+ },
};
static int __init ib_core_init(void)
diff --git a/drivers/infiniband/core/netlink.c b/drivers/infiniband/core/netlink.c
index 86337d5e7551..a0e25689d3e7 100644
--- a/drivers/infiniband/core/netlink.c
+++ b/drivers/infiniband/core/netlink.c
@@ -171,6 +171,10 @@ static int rdma_nl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!is_nl_valid(index, op))
return -EINVAL;
+ if ((rdma_nl_types[index].cb_table[op].flags & RDMA_NL_ADMIN_PERM) &&
+ !netlink_capable(skb, CAP_NET_ADMIN))
+ return -EPERM;
+
/*
* For response or local service set_timeout request,
* there is no need to use netlink_dump_start.
diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c
index 70fa4cabe48e..b499f4422f41 100644
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1033,8 +1033,7 @@ int ib_nl_handle_set_timeout(struct sk_buff *skb,
int ret;
if (!(nlh->nlmsg_flags & NLM_F_REQUEST) ||
- !(NETLINK_CB(skb).sk) ||
- !netlink_capable(skb, CAP_NET_ADMIN))
+ !(NETLINK_CB(skb).sk))
return -EPERM;
ret = nla_parse(tb, LS_NLA_TYPE_MAX - 1, nlmsg_data(nlh),
@@ -1109,8 +1108,7 @@ int ib_nl_handle_resolve_resp(struct sk_buff *skb,
int ret;
if ((nlh->nlmsg_flags & NLM_F_REQUEST) ||
- !(NETLINK_CB(skb).sk) ||
- !netlink_capable(skb, CAP_NET_ADMIN))
+ !(NETLINK_CB(skb).sk))
return -EPERM;
spin_lock_irqsave(&ib_nl_request_lock, flags);
diff --git a/include/rdma/rdma_netlink.h b/include/rdma/rdma_netlink.h
index 7690aaabb958..79d8802f3ef7 100644
--- a/include/rdma/rdma_netlink.h
+++ b/include/rdma/rdma_netlink.h
@@ -7,6 +7,12 @@
struct ibnl_client_cbs {
int (*dump)(struct sk_buff *skb, struct netlink_callback *nlcb);
+ u8 flags;
+};
+
+enum rdma_nl_flags {
+ /* Require CAP_NET_ADMIN */
+ RDMA_NL_ADMIN_PERM = 1 << 0,
};
/**
--
2.13.3
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-08-01 12:05 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-01 12:05 [pull request][rdma-next 00/33] RDMA netlink refactoring and RDMAtool code Leon Romanovsky
[not found] ` <20170801120536.540-1-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2017-08-01 12:05 ` [rdma-next 01/33] Revert "IB/core: Add flow control to the portmapper netlink calls" Leon Romanovsky
[not found] ` <20170801120536.540-2-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2017-08-01 13:38 ` Chien Tin Tung
[not found] ` <20170801133832.GA11812-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 14:10 ` Leon Romanovsky
[not found] ` <20170801141023.GM13672-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-08-01 14:18 ` Chien Tin Tung
[not found] ` <20170801141842.GA1808-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 14:22 ` Christopher Lameter
2017-08-01 15:13 ` Leon Romanovsky
2017-08-01 15:15 ` Chien Tin Tung
[not found] ` <20170801151511.GA13376-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 15:20 ` Bart Van Assche
[not found] ` <1501600807.2475.4.camel-Sjgp3cTcYWE@public.gmane.org>
2017-08-01 16:21 ` Chien Tin Tung
[not found] ` <20170801162135.GA240-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 16:55 ` Bart Van Assche
[not found] ` <1501606508.2475.12.camel-Sjgp3cTcYWE@public.gmane.org>
2017-08-01 17:14 ` Chien Tin Tung
[not found] ` <20170801171454.GA8484-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 17:28 ` Bart Van Assche
[not found] ` <1501608534.2475.14.camel-Sjgp3cTcYWE@public.gmane.org>
2017-08-01 17:52 ` Chien Tin Tung
[not found] ` <20170801175236.GA14048-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 17:58 ` Bart Van Assche
[not found] ` <1501610305.2475.16.camel-Sjgp3cTcYWE@public.gmane.org>
2017-08-01 18:20 ` Chien Tin Tung
2017-08-01 19:58 ` Jason Gunthorpe
[not found] ` <20170801195840.GC31205-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-08-01 20:38 ` Chien Tin Tung
[not found] ` <20170801203815.GA4620-TZeIlv3TuzOfrEmaQUPKxl95YUYmaKo1UNDiOz3kqAs@public.gmane.org>
2017-08-01 23:17 ` Jason Gunthorpe
2017-08-02 3:44 ` Leon Romanovsky
[not found] ` <20170802034438.GV13672-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-08-02 15:58 ` Jason Gunthorpe
[not found] ` <20170802155856.GA21208-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-08-02 16:29 ` Leon Romanovsky
[not found] ` <20170802162938.GC13672-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-08-02 16:45 ` Jason Gunthorpe
[not found] ` <20170802164553.GA31901-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-08-02 16:51 ` Bart Van Assche
[not found] ` <1501692660.2437.4.camel-Sjgp3cTcYWE@public.gmane.org>
2017-08-02 17:08 ` Jason Gunthorpe
[not found] ` <20170802170823.GA32513-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-08-02 17:11 ` Bart Van Assche
[not found] ` <1501693892.2437.6.camel-Sjgp3cTcYWE@public.gmane.org>
2017-08-02 17:20 ` Jason Gunthorpe
2017-08-02 17:57 ` Doug Ledford
[not found] ` <1501696661.109555.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-08-02 18:54 ` Leon Romanovsky
[not found] ` <20170802185405.GE13672-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-08-03 0:19 ` Doug Ledford
[not found] ` <1501719575.117042.4.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-08-03 5:10 ` Leon Romanovsky
[not found] ` <20170803051032.GF13672-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-08-03 12:22 ` Doug Ledford
[not found] ` <1501762973.117042.7.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-08-03 12:42 ` Doug Ledford
[not found] ` <1501764159.117042.9.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-08-06 7:47 ` Leon Romanovsky
[not found] ` <20170806074751.GA3636-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-08-06 19:00 ` Bart Van Assche
2017-08-01 12:05 ` [rdma-next 02/33] RDMA/netlink: Remove netlink clients infrastructure Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 03/33] RDMA/netlink: Remove redundant owner option for netlink callbacks Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 04/33] RDMA/netlink: Avoid double pass for RDMA netlink messages Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 05/33] RDMA/iwcm: Remove useless check of nelink client validity Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 06/33] RDMA/iwcm: Remove extra EXPORT_SYMBOLS Leon Romanovsky
2017-08-01 12:05 ` Leon Romanovsky [this message]
2017-08-01 12:05 ` [rdma-next 08/33] RDMA/netlink: Simplify the put_msg and put_attr Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 09/33] RDMA/netlink: Rename and remove redundant parameter from ibnl_unicast Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 10/33] RDMA/netlink: Rename and remove redundant parameter from ibnl_multicast Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 11/33] RDMA/netlink: Simplify and rename ibnl_chk_listeners Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 12/33] RDMA/netlink: Rename netlink callback struct Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 13/33] RDMA/core: Add iterator over ib_devices Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 14/33] RDMA/core: Add and expose static device index Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 15/33] RDMA/netlink: Add and implement doit netlink callback Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 16/33] RDMA/netlink: Reduce indirection access to cb_table Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 17/33] RDMA/netlink: Convert LS to doit callback Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 18/33] RDMA/netlink: Update copyright Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 19/33] RDMA/netlink: Add netlink device definitions to UAPI Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 20/33] RDMA/netlink: Add nldev initialization flows Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 21/33] RDMA/netlink: Implement nldev device dumpit calback Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 22/33] RDMA/netlink: Add nldev device doit implementation Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 23/33] RDMA/netlink: Add nldev port dumpit implementation Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 24/33] RDMA/netlink: Implement nldev port doit callback Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 25/33] RDMA/netlink: Expose device and port capability masks Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 26/33] RDMA: Simplify get firmware interface Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 27/33] RDMA/netlink: Export FW version Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 28/33] RDMA/netlink: Export node_guid and sys_image_guid Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 29/33] RDMA/netlink: Advertise IB subnet prefix Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 30/33] RDMA/netink: Export lids and sm_lids Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 31/33] RDMA/netlink: Export LID mask control (LMC) Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 32/33] RDMA/netlink: Provide port state and physical link state Leon Romanovsky
2017-08-01 12:05 ` [rdma-next 33/33] RDMA/netlink: Export node_type Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170801120536.540-8-leon@kernel.org \
--to=leon-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.