From: Leon Romanovsky <leon@kernel.org>
To: Doug Ledford <dledford@redhat.com>, Jason Gunthorpe <jgg@mellanox.com>
Cc: Leon Romanovsky <leonro@mellanox.com>,
RDMA mailing list <linux-rdma@vger.kernel.org>,
Yishai Hadas <yishaih@mellanox.com>,
Saeed Mahameed <saeedm@mellanox.com>,
linux-netdev <netdev@vger.kernel.org>
Subject: [PATCH rdma-next 25/25] IB/mlx5: Enable DEVX on IB
Date: Mon, 17 Sep 2018 14:04:18 +0300 [thread overview]
Message-ID: <20180917110418.18937-26-leon@kernel.org> (raw)
In-Reply-To: <20180917110418.18937-1-leon@kernel.org>
From: Yishai Hadas <yishaih@mellanox.com>
IB has additional protections with SELinux that cannot be extended to
the DEVX domain. SELinux can restrict access to pkeys. The first version
of DEVX blocked IB entirely until this could be understood.
Since DEVX requires CAP_NET_RAW, it supersedes the SELinux restriction
and allows userspace to form arbitrary packets with arbitrary pkeys.
Thus we enable IB for DEVX when CAP_NET_RAW is given.
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
---
drivers/infiniband/hw/mlx5/main.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 8cc285c4da8e..c31e57bead8e 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -1759,12 +1759,6 @@ static struct ib_ucontext *mlx5_ib_alloc_ucontext(struct ib_device *ibdev,
#endif
if (req.flags & MLX5_IB_ALLOC_UCTX_DEVX) {
- /* Block DEVX on Infiniband as of SELinux */
- if (mlx5_ib_port_link_layer(ibdev, 1) != IB_LINK_LAYER_ETHERNET) {
- err = -EPERM;
- goto out_uars;
- }
-
err = mlx5_ib_devx_create(dev);
if (err < 0)
goto out_uars;
--
2.14.4
next prev parent reply other threads:[~2018-09-17 16:32 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-17 11:03 [PATCH rdma-next 00/24] Extend DEVX functionality Leon Romanovsky
2018-09-17 11:03 ` [PATCH mlx5-next 01/25] net/mlx5: Set uid as part of CQ commands Leon Romanovsky
2018-09-17 11:03 ` [PATCH mlx5-next 02/25] net/mlx5: Set uid as part of QP commands Leon Romanovsky
2018-09-19 17:27 ` Jason Gunthorpe
2018-09-20 4:51 ` Leon Romanovsky
2018-09-17 11:03 ` [PATCH mlx5-next 03/25] net/mlx5: Set uid as part of RQ commands Leon Romanovsky
2018-09-19 17:28 ` Jason Gunthorpe
2018-09-19 18:40 ` Saeed Mahameed
2018-09-19 21:10 ` Jason Gunthorpe
2018-09-17 11:03 ` [PATCH mlx5-next 04/25] net/mlx5: Set uid as part of SQ commands Leon Romanovsky
2018-09-17 11:03 ` [PATCH mlx5-next 05/25] net/mlx5: Set uid as part of SRQ commands Leon Romanovsky
2018-09-17 11:03 ` [PATCH mlx5-next 06/25] net/mlx5: Set uid as part of DCT commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH mlx5-next 07/25] net/mlx5: Update mlx5_ifc with DEVX UID bits Leon Romanovsky
2018-09-19 17:31 ` Jason Gunthorpe
2018-09-20 4:51 ` Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 08/25] IB/mlx5: Set uid as part of CQ creation Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 09/25] IB/mlx5: Set uid as part of QP creation Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 10/25] IB/mlx5: Set uid as part of RQ commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 11/25] IB/mlx5: Set uid as part of SQ commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 12/25] IB/mlx5: Set uid as part of TIR commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 13/25] IB/mlx5: Set uid as part of TIS commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 14/25] IB/mlx5: Set uid as part of RQT commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 15/25] IB/mlx5: Set uid as part of PD commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 16/25] IB/mlx5: Set uid as part of TD commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 17/25] IB/mlx5: Set uid as part of SRQ commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 18/25] IB/mlx5: Set uid as part of DCT commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 19/25] IB/mlx5: Set uid as part of XRCD commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 20/25] IB/mlx5: Set uid as part of MCG commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 21/25] IB/mlx5: Set valid umem bit on DEVX Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 22/25] IB/mlx5: Expose RAW QP device handles to user space Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 23/25] IB/mlx5: Manage device uid for DEVX white list commands Leon Romanovsky
2018-09-17 11:04 ` [PATCH rdma-next 24/25] IB/mlx5: Enable " Leon Romanovsky
2018-09-17 11:04 ` Leon Romanovsky [this message]
2018-09-17 19:34 ` [PATCH rdma-next 00/24] Extend DEVX functionality Leon Romanovsky
2018-09-17 19:51 ` Or Gerlitz
2018-09-17 20:07 ` Leon Romanovsky
2018-09-17 20:13 ` Or Gerlitz
2018-09-17 20:20 ` Leon Romanovsky
2018-09-19 18:17 ` Jason Gunthorpe
2018-09-20 5:01 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180917110418.18937-26-leon@kernel.org \
--to=leon@kernel.org \
--cc=dledford@redhat.com \
--cc=jgg@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=saeedm@mellanox.com \
--cc=yishaih@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).