1. 18 7月, 2017 2 次提交
  2. 06 7月, 2017 1 次提交
  3. 24 5月, 2017 1 次提交
    • D
      IB/core: Enforce PKey security on QPs · d291f1a6
      Daniel Jurgens 提交于
      Add new LSM hooks to allocate and free security contexts and check for
      permission to access a PKey.
      
      Allocate and free a security context when creating and destroying a QP.
      This context is used for controlling access to PKeys.
      
      When a request is made to modify a QP that changes the port, PKey index,
      or alternate path, check that the QP has permission for the PKey in the
      PKey table index on the subnet prefix of the port. If the QP is shared
      make sure all handles to the QP also have access.
      
      Store which port and PKey index a QP is using. After the reset to init
      transition the user can modify the port, PKey index and alternate path
      independently. So port and PKey settings changes can be a merge of the
      previous settings and the new ones.
      
      In order to maintain access control if there are PKey table or subnet
      prefix change keep a list of all QPs are using each PKey index on
      each port. If a change occurs all QPs using that device and port must
      have access enforced for the new cache settings.
      
      These changes add a transaction to the QP modify process. Association
      with the old port and PKey index must be maintained if the modify fails,
      and must be removed if it succeeds. Association with the new port and
      PKey index must be established prior to the modify and removed if the
      modify fails.
      
      1. When a QP is modified to a particular Port, PKey index or alternate
         path insert that QP into the appropriate lists.
      
      2. Check permission to access the new settings.
      
      3. If step 2 grants access attempt to modify the QP.
      
      4a. If steps 2 and 3 succeed remove any prior associations.
      
      4b. If ether fails remove the new setting associations.
      
      If a PKey table or subnet prefix changes walk the list of QPs and
      check that they have permission. If not send the QP to the error state
      and raise a fatal error event. If it's a shared QP make sure all the
      QPs that share the real_qp have permission as well. If the QP that
      owns a security structure is denied access the security structure is
      marked as such and the QP is added to an error_list. Once the moving
      the QP to error is complete the security structure mark is cleared.
      
      Maintaining the lists correctly turns QP destroy into a transaction.
      The hardware driver for the device frees the ib_qp structure, so while
      the destroy is in progress the ib_qp pointer in the ib_qp_security
      struct is undefined. When the destroy process begins the ib_qp_security
      structure is marked as destroying. This prevents any action from being
      taken on the QP pointer. After the QP is destroyed successfully it
      could still listed on an error_list wait for it to be processed by that
      flow before cleaning up the structure.
      
      If the destroy fails the QPs port and PKey settings are reinserted into
      the appropriate lists, the destroying flag is cleared, and access control
      is enforced, in case there were any cache changes during the destroy
      flow.
      
      To keep the security changes isolated a new file is used to hold security
      related functionality.
      Signed-off-by: NDaniel Jurgens <danielj@mellanox.com>
      Acked-by: NDoug Ledford <dledford@redhat.com>
      [PM: merge fixup in ib_verbs.h and uverbs_cmd.c]
      Signed-off-by: NPaul Moore <paul@paul-moore.com>
      d291f1a6
  4. 23 5月, 2017 1 次提交
  5. 10 5月, 2017 1 次提交
  6. 02 5月, 2017 8 次提交
  7. 29 4月, 2017 1 次提交
  8. 26 4月, 2017 1 次提交
  9. 22 4月, 2017 2 次提交
  10. 21 4月, 2017 3 次提交
  11. 06 4月, 2017 4 次提交
    • M
      IB/core: Add support for fd objects · cf8966b3
      Matan Barak 提交于
      The completion channel we use in verbs infrastructure is FD based.
      Previously, we had a separate way to manage this object. Since we
      strive for a single way to manage any kind of object in this
      infrastructure, we conceptually treat all objects as subclasses
      of ib_uobject.
      
      This commit adds the necessary mechanism to support FD based objects
      like their IDR counterparts. FD objects release need to be synchronized
      with context release. We use the cleanup_mutex on the uverbs_file for
      that.
      Signed-off-by: NMatan Barak <matanb@mellanox.com>
      Reviewed-by: NYishai Hadas <yishaih@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      cf8966b3
    • M
      IB/core: Change idr objects to use the new schema · fd3c7904
      Matan Barak 提交于
      This changes only the handlers which deals with idr based objects to
      use the new idr allocation, fetching and destruction schema.
      This patch consists of the following changes:
      (1) Allocation, fetching and destruction is done via idr ops.
      (2) Context initializing and release is done through
          uverbs_initialize_ucontext and uverbs_cleanup_ucontext.
      (3) Ditching the live flag. Mostly, this is pretty straight
          forward. The only place that is a bit trickier is in
          ib_uverbs_open_qp. Commit [1] added code to check whether
          the uobject is already live and initialized. This mostly
          happens because of a race between open_qp and events.
          We delayed assigning the uobject's pointer in order to
          eliminate this race without using the live variable.
      
      [1] commit a040f95d
      	("IB/core: Fix XRC race condition in ib_uverbs_open_qp")
      Signed-off-by: NMatan Barak <matanb@mellanox.com>
      Reviewed-by: NYishai Hadas <yishaih@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      fd3c7904
    • M
      IB/core: Add support for idr types · 38321256
      Matan Barak 提交于
      The new ioctl infrastructure supports driver specific objects.
      Each such object type has a hot unplug function, allocation size and
      an order of destruction.
      
      When a ucontext is created, a new list is created in this ib_ucontext.
      This list contains all objects created under this ib_ucontext.
      When a ib_ucontext is destroyed, we traverse this list several time
      destroying the various objects by the order mentioned in the object
      type description. If few object types have the same destruction order,
      they are destroyed in an order opposite to their creation.
      
      Adding an object is done in two parts.
      First, an object is allocated and added to idr tree. Then, the
      command's handlers (in downstream patches) could work on this object
      and fill in its required details.
      After a successful command, the commit part is called and the user
      objects become ucontext visible. If the handler failed, alloc_abort
      should be called.
      
      Removing an uboject is done by calling lookup_get with the write flag
      and finalizing it with destroy_commit. A major change from the previous
      code is that we actually destroy the kernel object itself in
      destroy_commit (rather than just the uobject).
      
      We should make sure idr (per-uverbs-file) and list (per-ucontext) could
      be accessed concurrently without corrupting them.
      Signed-off-by: NMatan Barak <matanb@mellanox.com>
      Reviewed-by: NYishai Hadas <yishaih@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      38321256
    • M
      IB/core: Refactor idr to be per uverbs_file · 771addf6
      Matan Barak 提交于
      The current code creates an idr per type. Since types are currently
      common for all drivers and known in advance, this was good enough.
      However, the proposed ioctl based infrastructure allows each driver
      to declare only some of the common types and declare its own specific
      types.
      
      Thus, we decided to implement idr to be per uverbs_file.
      Signed-off-by: NMatan Barak <matanb@mellanox.com>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NHaggai Eran <haggaie@mellanox.com>
      Reviewed-by: NSean Hefty <sean.hefty@intel.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      771addf6
  12. 25 3月, 2017 1 次提交
  13. 15 2月, 2017 7 次提交
  14. 14 2月, 2017 1 次提交
  15. 28 1月, 2017 1 次提交
  16. 25 1月, 2017 5 次提交