From: Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Doug Ledford <dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Leon Romanovsky <leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: [rdma-next v2 07/33] RDMA/netlink: Add flag to consolidate common handling
Date: Thu, 10 Aug 2017 14:08:01 +0300 [thread overview]
Message-ID: <20170810110827.9952-8-leon@kernel.org> (raw)
In-Reply-To: <20170810110827.9952-1-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
From: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Add ability to provide flags to control RDMA netlink callbacks
and convert addr.c and sa_query.c to be first users of such
infrastructure. It allows to move their CAP_NET_ADMIN checks
into netlink core.
Signed-off-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Reviewed-by: Steve Wise <swise-7bPotxP6k4+P2YhJcF5u+vpXobYPEAuW@public.gmane.org>
---
drivers/infiniband/core/addr.c | 3 +--
drivers/infiniband/core/device.c | 12 +++++++++---
drivers/infiniband/core/netlink.c | 4 ++++
drivers/infiniband/core/sa_query.c | 6 ++----
include/rdma/rdma_netlink.h | 6 ++++++
5 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
index 01236cef7bfb..9f3339861ec5 100644
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -134,8 +134,7 @@ int ib_nl_handle_ip_res_resp(struct sk_buff *skb,
const struct nlmsghdr *nlh = (struct nlmsghdr *)cb->nlh;
if ((nlh->nlmsg_flags & NLM_F_REQUEST) ||
- !(NETLINK_CB(skb).sk) ||
- !netlink_capable(skb, CAP_NET_ADMIN))
+ !(NETLINK_CB(skb).sk))
return -EPERM;
if (ib_nl_is_good_ip_resp(nlh))
diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c
index d0994cd30eae..7ae29cc49a5e 100644
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -1088,11 +1088,17 @@ EXPORT_SYMBOL(ib_get_net_dev_by_params);
static const struct ibnl_client_cbs ibnl_ls_cb_table[] = {
[RDMA_NL_LS_OP_RESOLVE] = {
- .dump = ib_nl_handle_resolve_resp},
+ .dump = ib_nl_handle_resolve_resp,
+ .flags = RDMA_NL_ADMIN_PERM,
+ },
[RDMA_NL_LS_OP_SET_TIMEOUT] = {
- .dump = ib_nl_handle_set_timeout},
+ .dump = ib_nl_handle_set_timeout,
+ .flags = RDMA_NL_ADMIN_PERM,
+ },
[RDMA_NL_LS_OP_IP_RESOLVE] = {
- .dump = ib_nl_handle_ip_res_resp},
+ .dump = ib_nl_handle_ip_res_resp,
+ .flags = RDMA_NL_ADMIN_PERM,
+ },
};
static int __init ib_core_init(void)
diff --git a/drivers/infiniband/core/netlink.c b/drivers/infiniband/core/netlink.c
index 826fbd612c7d..c5ee62a24960 100644
--- a/drivers/infiniband/core/netlink.c
+++ b/drivers/infiniband/core/netlink.c
@@ -171,6 +171,10 @@ static int rdma_nl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!is_nl_valid(index, op))
return -EINVAL;
+ if ((rdma_nl_types[index].cb_table[op].flags & RDMA_NL_ADMIN_PERM) &&
+ !netlink_capable(skb, CAP_NET_ADMIN))
+ return -EPERM;
+
/*
* For response or local service set_timeout request,
* there is no need to use netlink_dump_start.
diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c
index 70fa4cabe48e..b499f4422f41 100644
--- a/drivers/infiniband/core/sa_query.c
+++ b/drivers/infiniband/core/sa_query.c
@@ -1033,8 +1033,7 @@ int ib_nl_handle_set_timeout(struct sk_buff *skb,
int ret;
if (!(nlh->nlmsg_flags & NLM_F_REQUEST) ||
- !(NETLINK_CB(skb).sk) ||
- !netlink_capable(skb, CAP_NET_ADMIN))
+ !(NETLINK_CB(skb).sk))
return -EPERM;
ret = nla_parse(tb, LS_NLA_TYPE_MAX - 1, nlmsg_data(nlh),
@@ -1109,8 +1108,7 @@ int ib_nl_handle_resolve_resp(struct sk_buff *skb,
int ret;
if ((nlh->nlmsg_flags & NLM_F_REQUEST) ||
- !(NETLINK_CB(skb).sk) ||
- !netlink_capable(skb, CAP_NET_ADMIN))
+ !(NETLINK_CB(skb).sk))
return -EPERM;
spin_lock_irqsave(&ib_nl_request_lock, flags);
diff --git a/include/rdma/rdma_netlink.h b/include/rdma/rdma_netlink.h
index c124d8e43fc8..6ea36ec45401 100644
--- a/include/rdma/rdma_netlink.h
+++ b/include/rdma/rdma_netlink.h
@@ -7,6 +7,12 @@
struct ibnl_client_cbs {
int (*dump)(struct sk_buff *skb, struct netlink_callback *nlcb);
+ u8 flags;
+};
+
+enum rdma_nl_flags {
+ /* Require CAP_NET_ADMIN */
+ RDMA_NL_ADMIN_PERM = 1 << 0,
};
/**
--
2.14.0
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-08-10 11:08 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-10 11:07 [pull request][rdma-next v2 00/33] RDMA netlink refactoring and RDMAtool code Leon Romanovsky
[not found] ` <20170810110827.9952-1-leon-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2017-08-10 11:07 ` [rdma-next v2 01/33] RDMA/core: Add wait/retry version of ibnl_unicast Leon Romanovsky
2017-08-10 11:07 ` [rdma-next v2 02/33] RDMA/netlink: Remove netlink clients infrastructure Leon Romanovsky
2017-08-10 11:07 ` [rdma-next v2 03/33] RDMA/netlink: Remove redundant owner option for netlink callbacks Leon Romanovsky
2017-08-10 11:07 ` [rdma-next v2 04/33] RDMA/netlink: Avoid double pass for RDMA netlink messages Leon Romanovsky
2017-08-10 11:07 ` [rdma-next v2 05/33] RDMA/iwcm: Remove useless check of netlink client validity Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 06/33] RDMA/iwcm: Remove extra EXPORT_SYMBOLS Leon Romanovsky
2017-08-10 11:08 ` Leon Romanovsky [this message]
2017-08-10 11:08 ` [rdma-next v2 08/33] RDMA/netlink: Simplify the put_msg and put_attr Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 09/33] RDMA/netlink: Rename and remove redundant parameter from ibnl_unicast* Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 10/33] RDMA/netlink: Rename and remove redundant parameter from ibnl_multicast Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 11/33] RDMA/netlink: Simplify and rename ibnl_chk_listeners Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 12/33] RDMA/netlink: Rename netlink callback struct Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 13/33] RDMA/core: Add iterator over ib_devices Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 14/33] RDMA/core: Add and expose static device index Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 15/33] RDMA/netlink: Add and implement doit netlink callback Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 16/33] RDMA/netlink: Reduce indirection access to cb_table Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 17/33] RDMA/netlink: Convert LS to doit callback Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 18/33] RDMA/netlink: Update copyright Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 19/33] RDMA/netlink: Add netlink device definitions to UAPI Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 20/33] RDMA/netlink: Add nldev initialization flows Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 21/33] RDMA/netlink: Implement nldev device dumpit calback Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 22/33] RDMA/netlink: Add nldev device doit implementation Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 23/33] RDMA/netlink: Add nldev port dumpit implementation Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 24/33] RDMA/netlink: Implement nldev port doit callback Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 25/33] RDMA/netlink: Expose device and port capability masks Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 26/33] RDMA: Simplify get firmware interface Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 27/33] RDMA/netlink: Export FW version Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 28/33] RDMA/netlink: Export node_guid and sys_image_guid Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 29/33] RDMA/netlink: Advertise IB subnet prefix Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 30/33] RDMA/netink: Export lids and sm_lids Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 31/33] RDMA/netlink: Export LID mask control (LMC) Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 32/33] RDMA/netlink: Provide port state and physical link state Leon Romanovsky
2017-08-10 11:08 ` [rdma-next v2 33/33] RDMA/netlink: Export node_type Leon Romanovsky
2017-08-11 15:37 ` [pull request][rdma-next v2 00/33] RDMA netlink refactoring and RDMAtool code Doug Ledford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170810110827.9952-8-leon@kernel.org \
--to=leon-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.