On Tue, Nov 21, 2017 at 12:44:10PM +0200, Mark Bloch wrote: > Hi, > > On 21/11/2017 12:26, Leon Romanovsky wrote: > > From: Daniel Jurgens <danielj@xxxxxxxxxxxx> > > > > For now the only LSM security enforcement mechanism available is > > specific to InfiniBand. Bypass enforcement for non-IB link types. > > This fixes a regression where modify_qp fails for iWARP because > > querying the PKEY returns -EINVAL. > > > > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > > Cc: Don Dutile <ddutile@xxxxxxxxxx> > > Cc: stable@xxxxxxxxxxxxxxx > > Reported-by: Potnuri Bharat Teja <bharat@xxxxxxxxxxx> > > Fixes: d291f1a65232("IB/core: Enforce PKey security on QPs") > > Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams") > > Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx> > > Reviewed-by: Parav Pandit <parav@xxxxxxxxxxxx> > > Tested-by: Potnuri Bharat Teja <bharat@xxxxxxxxxxx> > > Signed-off-by: Leon Romanovsky <leon@xxxxxxxxxx> > > --- > > drivers/infiniband/core/security.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c > > index 23278ed5be45..314bf1137c7b 100644 > > --- a/drivers/infiniband/core/security.c > > +++ b/drivers/infiniband/core/security.c > > @@ -417,8 +417,17 @@ void ib_close_shared_qp_security(struct ib_qp_security *sec) > > > > int ib_create_qp_security(struct ib_qp *qp, struct ib_device *dev) > > { > > + u8 i = rdma_start_port(dev); > > + bool is_ib = false; > > int ret; > > > > + while (i <= rdma_end_port(dev) && !is_ib) > > + is_ib = rdma_protocol_ib(dev, i++); > > + > > What happens if we have mixed port types? We will have is_ib set and qp_sec will be allocated on device layer and not on port level, but because pkeys are IB specific term (at least, I didn't find any mentioning in RoCE spec), the modify_qp won't query for PKEYS. > I believe mlx4 can expose two ports where each port uses a different ll protocol. > Was that changed? It is still true. > > > + /* If this isn't an IB device don't create the security context */ > > + if (!is_ib) > > + return 0; > > + > > qp->qp_sec = kzalloc(sizeof(*qp->qp_sec), GFP_KERNEL); > > if (!qp->qp_sec) > > return -ENOMEM; > > > > Mark. > -- > To unsubscribe from this list: send the line "unsubscribe linux-rdma" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature