From: Dave Jiang <dave.jiang@intel.com>
To: Leon Romanovsky <leon@kernel.org>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
Saeed Mahameed <saeedm@nvidia.com>,
Itay Avraham <itayavr@nvidia.com>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org,
Chiara Meiohas <cmeiohas@nvidia.com>,
Maher Sanalla <msanalla@nvidia.com>,
Edward Srouji <edwards@nvidia.com>
Subject: Re: [PATCH 3/3] fwctl/mlx5: Invoke fw_validate_cmd LSM hook for fwctl commands
Date: Mon, 9 Mar 2026 09:57:47 -0700 [thread overview]
Message-ID: <48980e31-bbde-463e-a7d2-e2faa983b5a1@intel.com> (raw)
In-Reply-To: <20260309-fw-lsm-hook-v1-3-4a6422e63725@nvidia.com>
On 3/9/26 4:15 AM, Leon Romanovsky wrote:
> From: Chiara Meiohas <cmeiohas@nvidia.com>
>
> fwctl is subsystem which exposes a firmware interface directly to
> userspace: it allows userspace to send device specific command
> buffers to firmware.
>
> Call security_fw_validate_cmd() before dispatching the user-provided
> firmware command.
>
> This allows security modules to implement custom policies and
> enforce per-command security policy on user-triggered firmware
> commands. For example, a BPF LSM program could filter firmware
> commands based on their opcode.
>
> Signed-off-by: Chiara Meiohas <cmeiohas@nvidia.com>
> Reviewed-by: Maher Sanalla <msanalla@nvidia.com>
> Signed-off-by: Edward Srouji <edwards@nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> ---
> drivers/fwctl/mlx5/main.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
> index e86ab703c767a..8ed17aaf48f1f 100644
> --- a/drivers/fwctl/mlx5/main.c
> +++ b/drivers/fwctl/mlx5/main.c
> @@ -7,6 +7,7 @@
> #include <linux/mlx5/device.h>
> #include <linux/mlx5/driver.h>
> #include <uapi/fwctl/mlx5.h>
> +#include <linux/security.h>
>
> #define mlx5ctl_err(mcdev, format, ...) \
> dev_err(&mcdev->fwctl.dev, format, ##__VA_ARGS__)
> @@ -324,6 +325,15 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> if (!mlx5ctl_validate_rpc(rpc_in, scope))
> return ERR_PTR(-EBADMSG);
>
> + /* Enforce the user context for the command */
> + MLX5_SET(mbox_in_hdr, rpc_in, uid, mfd->uctx_uid);
> +
> + ret = security_fw_validate_cmd(rpc_in, in_len, &mcdev->fwctl.dev,
> + FW_CMD_CLASS_FWCTL,
> + FWCTL_DEVICE_TYPE_MLX5);
> + if (ret)
> + return ERR_PTR(ret);
> +
> /*
> * mlx5_cmd_do() copies the input message to its own buffer before
> * executing it, so we can reuse the allocation for the output.
> @@ -336,8 +346,6 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> return ERR_PTR(-ENOMEM);
> }
>
> - /* Enforce the user context for the command */
> - MLX5_SET(mbox_in_hdr, rpc_in, uid, mfd->uctx_uid);
> ret = mlx5_cmd_do(mcdev->mdev, rpc_in, in_len, rpc_out, *out_len);
>
> mlx5ctl_dbg(mcdev,
>
next prev parent reply other threads:[~2026-03-09 16:57 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 11:15 [PATCH 0/3] Firmware LSM hook Leon Romanovsky
2026-03-09 11:15 ` [PATCH 1/3] lsm: add hook for firmware command validation Leon Romanovsky
2026-03-09 15:02 ` Jonathan Cameron
2026-03-09 15:25 ` Leon Romanovsky
2026-03-09 17:00 ` Dave Jiang
2026-03-09 11:15 ` [PATCH 2/3] RDMA/mlx5: Invoke fw_validate_cmd LSM hook for DEVX commands Leon Romanovsky
2026-03-09 15:10 ` Jonathan Cameron
2026-03-09 16:59 ` Dave Jiang
2026-03-09 11:15 ` [PATCH 3/3] fwctl/mlx5: Invoke fw_validate_cmd LSM hook for fwctl commands Leon Romanovsky
2026-03-09 15:12 ` Jonathan Cameron
2026-03-09 16:57 ` Dave Jiang [this message]
2026-03-09 18:32 ` [PATCH 0/3] Firmware LSM hook Paul Moore
2026-03-09 19:37 ` Leon Romanovsky
2026-03-09 23:10 ` Paul Moore
2026-03-10 9:07 ` Leon Romanovsky
2026-03-10 16:29 ` Stephen Smalley
2026-03-10 17:57 ` Leon Romanovsky
2026-03-10 18:24 ` Paul Moore
2026-03-10 19:30 ` Leon Romanovsky
2026-03-10 21:40 ` Paul Moore
2026-03-11 8:19 ` Leon Romanovsky
2026-03-11 16:06 ` Paul Moore
2026-03-11 19:16 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48980e31-bbde-463e-a7d2-e2faa983b5a1@intel.com \
--to=dave.jiang@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=cmeiohas@nvidia.com \
--cc=edwards@nvidia.com \
--cc=itayavr@nvidia.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=msanalla@nvidia.com \
--cc=paul@paul-moore.com \
--cc=saeedm@nvidia.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.