From: Leon Romanovsky <leonro@xxxxxxxxxxxx>
The .doit callbacks don't have netlink_callback to check
capabilities and in order to use the same fill_res_func for
both .dump and .doit, we need to do capability check outside
of those functions.
For .doit callbacks, it is possible to check CAP_NET_ADMIN
directly on received sk_buff.
Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxxxx>
---
drivers/infiniband/core/nldev.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c
index 1e455bdfcaa6..cb5ca2fba60e 100644
--- a/drivers/infiniband/core/nldev.c
+++ b/drivers/infiniband/core/nldev.c
@@ -362,7 +362,7 @@ static int fill_res_name_pid(struct sk_buff *msg,
return 0;
}
-static int fill_res_qp_entry(struct sk_buff *msg, struct netlink_callback *cb,
+static int fill_res_qp_entry(struct sk_buff *msg, bool has_cap_net_admin,
struct rdma_restrack_entry *res, uint32_t port)
{
struct ib_qp *qp = container_of(res, struct ib_qp, res);
@@ -428,8 +428,7 @@ static int fill_res_qp_entry(struct sk_buff *msg, struct netlink_callback *cb,
return -EMSGSIZE;
}
-static int fill_res_cm_id_entry(struct sk_buff *msg,
- struct netlink_callback *cb,
+static int fill_res_cm_id_entry(struct sk_buff *msg, bool has_cap_net_admin,
struct rdma_restrack_entry *res, uint32_t port)
{
struct rdma_id_private *id_priv =
@@ -488,7 +487,7 @@ static int fill_res_cm_id_entry(struct sk_buff *msg,
return -EMSGSIZE;
}
-static int fill_res_cq_entry(struct sk_buff *msg, struct netlink_callback *cb,
+static int fill_res_cq_entry(struct sk_buff *msg, bool has_cap_net_admin,
struct rdma_restrack_entry *res, uint32_t port)
{
struct ib_cq *cq = container_of(res, struct ib_cq, res);
@@ -525,7 +524,7 @@ static int fill_res_cq_entry(struct sk_buff *msg, struct netlink_callback *cb,
return -EMSGSIZE;
}
-static int fill_res_mr_entry(struct sk_buff *msg, struct netlink_callback *cb,
+static int fill_res_mr_entry(struct sk_buff *msg, bool has_cap_net_admin,
struct rdma_restrack_entry *res, uint32_t port)
{
struct ib_mr *mr = container_of(res, struct ib_mr, res);
@@ -536,7 +535,7 @@ static int fill_res_mr_entry(struct sk_buff *msg, struct netlink_callback *cb,
if (!entry_attr)
goto out;
- if (netlink_capable(cb->skb, CAP_NET_ADMIN)) {
+ if (has_cap_net_admin) {
if (nla_put_u32(msg, RDMA_NLDEV_ATTR_RES_RKEY, mr->rkey))
goto err;
if (nla_put_u32(msg, RDMA_NLDEV_ATTR_RES_LKEY, mr->lkey))
@@ -562,7 +561,7 @@ static int fill_res_mr_entry(struct sk_buff *msg, struct netlink_callback *cb,
return -EMSGSIZE;
}
-static int fill_res_pd_entry(struct sk_buff *msg, struct netlink_callback *cb,
+static int fill_res_pd_entry(struct sk_buff *msg, bool has_cap_net_admin,
struct rdma_restrack_entry *res, uint32_t port)
{
struct ib_pd *pd = container_of(res, struct ib_pd, res);
@@ -573,7 +572,7 @@ static int fill_res_pd_entry(struct sk_buff *msg, struct netlink_callback *cb,
if (!entry_attr)
goto out;
- if (netlink_capable(cb->skb, CAP_NET_ADMIN)) {
+ if (has_cap_net_admin) {
if (nla_put_u32(msg, RDMA_NLDEV_ATTR_RES_LOCAL_DMA_LKEY,
pd->local_dma_lkey))
goto err;
@@ -913,7 +912,7 @@ static int nldev_res_get_dumpit(struct sk_buff *skb,
}
struct nldev_fill_res_entry {
- int (*fill_res_func)(struct sk_buff *msg, struct netlink_callback *cb,
+ int (*fill_res_func)(struct sk_buff *msg, bool has_cap_net_admin,
struct rdma_restrack_entry *res, u32 port);
enum rdma_nldev_attr nldev_attr;
enum rdma_nldev_command nldev_cmd;
@@ -971,6 +970,7 @@ static int res_get_common_dumpit(struct sk_buff *skb,
struct nlattr *table_attr;
struct ib_device *device;
int start = cb->args[0];
+ bool has_cap_net_admin;
struct nlmsghdr *nlh;
u32 index, port = 0;
bool filled = false;
@@ -1019,6 +1019,8 @@ static int res_get_common_dumpit(struct sk_buff *skb,
goto err;
}
+ has_cap_net_admin = netlink_capable(cb->skb, CAP_NET_ADMIN);
+
down_read(&device->res.rwsem);
hash_for_each_possible(device->res.hash, res, node, res_type) {
if (idx < start)
@@ -1038,7 +1040,7 @@ static int res_get_common_dumpit(struct sk_buff *skb,
filled = true;
up_read(&device->res.rwsem);
- ret = fe->fill_res_func(skb, cb, res, port);
+ ret = fe->fill_res_func(skb, has_cap_net_admin, res, port);
down_read(&device->res.rwsem);
/*
* Return resource back, but it won't be released till
--
2.19.1
