On Thu, Apr 07, 2016 at 02:33:53AM +0300, Dan Jurgens wrote:
> From: Daniel Jurgens <danielj@xxxxxxxxxxxx>
>
> Cache the subnet prefix and add a function to access it. Enforcing
> security requires frequent queries of the subnet prefix and the pkeys in
> the pkey table.
>
> Signed-off-by: Daniel Jurgens <danielj@xxxxxxxxxxxx>
> Reviewed-by: Eli Cohen <eli@xxxxxxxxxxxx>
> ---
> drivers/infiniband/core/cache.c | 36 ++++++++++++++++++++++++++++++++++-
> drivers/infiniband/core/core_priv.h | 3 ++
> include/rdma/ib_verbs.h | 1 +
> 3 files changed, 39 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
> index cb00d59..83cf528 100644
> --- a/drivers/infiniband/core/cache.c
> +++ b/drivers/infiniband/core/cache.c
> @@ -925,6 +925,26 @@ int ib_get_cached_pkey(struct ib_device *device,
> }
> EXPORT_SYMBOL(ib_get_cached_pkey);
>
> +int ib_get_cached_subnet_prefix(struct ib_device *device,
> + u8 port_num,
> + u64 *sn_pfx)
> +{
> + unsigned long flags;
> + int ret = 0;
> + int p = port_num - rdma_start_port(device);
> +
> + if (port_num < rdma_start_port(device) ||
> + port_num > rdma_end_port(device))
> + return -EINVAL;
> +
> + read_lock_irqsave(&device->cache.lock, flags);
> + *sn_pfx = device->cache.subnet_prefix_cache[p];
> + read_unlock_irqrestore(&device->cache.lock, flags);
> +
> + return ret;
> +}
> +EXPORT_SYMBOL(ib_get_cached_subnet_prefix);
> +
> int ib_find_cached_pkey(struct ib_device *device,
> u8 port_num,
> u16 pkey,
> @@ -1101,6 +1121,8 @@ static void ib_cache_update(struct ib_device *device,
>
> device->cache.lmc_cache[port - rdma_start_port(device)] = tprops->lmc;
>
> + device->cache.subnet_prefix_cache[port - rdma_start_port(device)] =
> + tprops->subnet_prefix;
> write_unlock_irq(&device->cache.lock);
>
> kfree(gid_cache);
> @@ -1159,8 +1181,19 @@ int ib_cache_setup_one(struct ib_device *device)
> (rdma_end_port(device) -
> rdma_start_port(device) + 1),
> GFP_KERNEL);
> +
> + device->cache.subnet_prefix_cache = kcalloc((rdma_end_port(device) -
> + rdma_start_port(device) + 1),
> + sizeof(*device->cache.subnet_prefix_cache),
> + GFP_KERNEL);
> +
> if (!device->cache.pkey_cache ||
> - !device->cache.lmc_cache) {
> + !device->cache.lmc_cache ||
> + !device->cache.subnet_prefix_cache) {
> + kfree(device->cache.pkey_cache);
> + kfree(device->cache.lmc_cache);
> + kfree(device->cache.subnet_prefix_cache);
> +
> pr_warn("Couldn't allocate cache for %s\n", device->name);
Please remove this print. You won't miss failure in memory allocation.
> return -ENOMEM;
> }
> @@ -1204,6 +1237,7 @@ void ib_cache_release_one(struct ib_device *device)
> gid_table_release_one(device);
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
