From: Dan Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
To: chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org,
paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org,
sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org,
dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Cc: selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org,
Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Subject: [PATCH v6 1/9] IB/core: IB cache enhancements to support Infiniband security
Date: Wed, 23 Nov 2016 16:17:23 +0200 [thread overview]
Message-ID: <1479910651-43246-2-git-send-email-danielj@mellanox.com> (raw)
In-Reply-To: <1479910651-43246-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
From: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
Signed-off-by: Daniel Jurgens <danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Reviewed-by: Eli Cohen <eli-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
Reviewed-by: Leon Romanovsky <leonro-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
---
v2:
- In ib_get_cached_subnet_prefix wait to initialize p until after
validation. Yuval Shaia
---
drivers/infiniband/core/cache.c | 36 ++++++++++++++++++++++++++++++++++--
drivers/infiniband/core/core_priv.h | 3 +++
include/rdma/ib_verbs.h | 1 +
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
index 1a2984c..affc8ef 100644
--- a/drivers/infiniband/core/cache.c
+++ b/drivers/infiniband/core/cache.c
@@ -934,6 +934,26 @@ int ib_get_cached_pkey(struct ib_device *device,
}
EXPORT_SYMBOL(ib_get_cached_pkey);
+int ib_get_cached_subnet_prefix(struct ib_device *device,
+ u8 port_num,
+ u64 *sn_pfx)
+{
+ unsigned long flags;
+ int p;
+
+ if (port_num < rdma_start_port(device) ||
+ port_num > rdma_end_port(device))
+ return -EINVAL;
+
+ p = port_num - rdma_start_port(device);
+ read_lock_irqsave(&device->cache.lock, flags);
+ *sn_pfx = device->cache.subnet_prefix_cache[p];
+ read_unlock_irqrestore(&device->cache.lock, flags);
+
+ return 0;
+}
+EXPORT_SYMBOL(ib_get_cached_subnet_prefix);
+
int ib_find_cached_pkey(struct ib_device *device,
u8 port_num,
u16 pkey,
@@ -1110,6 +1130,8 @@ static void ib_cache_update(struct ib_device *device,
device->cache.lmc_cache[port - rdma_start_port(device)] = tprops->lmc;
+ device->cache.subnet_prefix_cache[port - rdma_start_port(device)] =
+ tprops->subnet_prefix;
write_unlock_irq(&device->cache.lock);
kfree(gid_cache);
@@ -1168,9 +1190,18 @@ int ib_cache_setup_one(struct ib_device *device)
(rdma_end_port(device) -
rdma_start_port(device) + 1),
GFP_KERNEL);
+
+ device->cache.subnet_prefix_cache =
+ kcalloc((rdma_end_port(device) - rdma_start_port(device) + 1),
+ sizeof(*device->cache.subnet_prefix_cache),
+ GFP_KERNEL);
+
if (!device->cache.pkey_cache ||
- !device->cache.lmc_cache) {
- pr_warn("Couldn't allocate cache for %s\n", device->name);
+ !device->cache.lmc_cache ||
+ !device->cache.subnet_prefix_cache) {
+ kfree(device->cache.pkey_cache);
+ kfree(device->cache.lmc_cache);
+ kfree(device->cache.subnet_prefix_cache);
return -ENOMEM;
}
@@ -1213,6 +1244,7 @@ void ib_cache_release_one(struct ib_device *device)
gid_table_release_one(device);
kfree(device->cache.pkey_cache);
kfree(device->cache.lmc_cache);
+ kfree(device->cache.subnet_prefix_cache);
}
void ib_cache_cleanup_one(struct ib_device *device)
diff --git a/drivers/infiniband/core/core_priv.h b/drivers/infiniband/core/core_priv.h
index 19d499d..ce826e4 100644
--- a/drivers/infiniband/core/core_priv.h
+++ b/drivers/infiniband/core/core_priv.h
@@ -153,4 +153,7 @@ int ib_nl_handle_set_timeout(struct sk_buff *skb,
int ib_nl_handle_ip_res_resp(struct sk_buff *skb,
struct netlink_callback *cb);
+int ib_get_cached_subnet_prefix(struct ib_device *device,
+ u8 port_num,
+ u64 *sn_pfx);
#endif /* _CORE_PRIV_H */
diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 5ad43a4..db178fd 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -1761,6 +1761,7 @@ struct ib_cache {
struct ib_pkey_cache **pkey_cache;
struct ib_gid_table **gid_cache;
u8 *lmc_cache;
+ u64 *subnet_prefix_cache;
};
struct ib_dma_mapping_ops {
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Dan Jurgens <danielj@mellanox.com>
To: chrisw@sous-sol.org, paul@paul-moore.com, sds@tycho.nsa.gov,
eparis@parisplace.org, dledford@redhat.com, sean.hefty@intel.com,
hal.rosenstock@gmail.com
Cc: selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
linux-rdma@vger.kernel.org, yevgenyp@mellanox.com,
Daniel Jurgens <danielj@mellanox.com>
Subject: [PATCH v6 1/9] IB/core: IB cache enhancements to support Infiniband security
Date: Wed, 23 Nov 2016 16:17:23 +0200 [thread overview]
Message-ID: <1479910651-43246-2-git-send-email-danielj@mellanox.com> (raw)
In-Reply-To: <1479910651-43246-1-git-send-email-danielj@mellanox.com>
From: Daniel Jurgens <danielj@mellanox.com>
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Reviewed-by: Eli Cohen <eli@mellanox.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
---
v2:
- In ib_get_cached_subnet_prefix wait to initialize p until after
validation. Yuval Shaia
---
drivers/infiniband/core/cache.c | 36 ++++++++++++++++++++++++++++++++++--
drivers/infiniband/core/core_priv.h | 3 +++
include/rdma/ib_verbs.h | 1 +
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/core/cache.c b/drivers/infiniband/core/cache.c
index 1a2984c..affc8ef 100644
--- a/drivers/infiniband/core/cache.c
+++ b/drivers/infiniband/core/cache.c
@@ -934,6 +934,26 @@ int ib_get_cached_pkey(struct ib_device *device,
}
EXPORT_SYMBOL(ib_get_cached_pkey);
+int ib_get_cached_subnet_prefix(struct ib_device *device,
+ u8 port_num,
+ u64 *sn_pfx)
+{
+ unsigned long flags;
+ int p;
+
+ if (port_num < rdma_start_port(device) ||
+ port_num > rdma_end_port(device))
+ return -EINVAL;
+
+ p = port_num - rdma_start_port(device);
+ read_lock_irqsave(&device->cache.lock, flags);
+ *sn_pfx = device->cache.subnet_prefix_cache[p];
+ read_unlock_irqrestore(&device->cache.lock, flags);
+
+ return 0;
+}
+EXPORT_SYMBOL(ib_get_cached_subnet_prefix);
+
int ib_find_cached_pkey(struct ib_device *device,
u8 port_num,
u16 pkey,
@@ -1110,6 +1130,8 @@ static void ib_cache_update(struct ib_device *device,
device->cache.lmc_cache[port - rdma_start_port(device)] = tprops->lmc;
+ device->cache.subnet_prefix_cache[port - rdma_start_port(device)] =
+ tprops->subnet_prefix;
write_unlock_irq(&device->cache.lock);
kfree(gid_cache);
@@ -1168,9 +1190,18 @@ int ib_cache_setup_one(struct ib_device *device)
(rdma_end_port(device) -
rdma_start_port(device) + 1),
GFP_KERNEL);
+
+ device->cache.subnet_prefix_cache =
+ kcalloc((rdma_end_port(device) - rdma_start_port(device) + 1),
+ sizeof(*device->cache.subnet_prefix_cache),
+ GFP_KERNEL);
+
if (!device->cache.pkey_cache ||
- !device->cache.lmc_cache) {
- pr_warn("Couldn't allocate cache for %s\n", device->name);
+ !device->cache.lmc_cache ||
+ !device->cache.subnet_prefix_cache) {
+ kfree(device->cache.pkey_cache);
+ kfree(device->cache.lmc_cache);
+ kfree(device->cache.subnet_prefix_cache);
return -ENOMEM;
}
@@ -1213,6 +1244,7 @@ void ib_cache_release_one(struct ib_device *device)
gid_table_release_one(device);
kfree(device->cache.pkey_cache);
kfree(device->cache.lmc_cache);
+ kfree(device->cache.subnet_prefix_cache);
}
void ib_cache_cleanup_one(struct ib_device *device)
diff --git a/drivers/infiniband/core/core_priv.h b/drivers/infiniband/core/core_priv.h
index 19d499d..ce826e4 100644
--- a/drivers/infiniband/core/core_priv.h
+++ b/drivers/infiniband/core/core_priv.h
@@ -153,4 +153,7 @@ int ib_nl_handle_set_timeout(struct sk_buff *skb,
int ib_nl_handle_ip_res_resp(struct sk_buff *skb,
struct netlink_callback *cb);
+int ib_get_cached_subnet_prefix(struct ib_device *device,
+ u8 port_num,
+ u64 *sn_pfx);
#endif /* _CORE_PRIV_H */
diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 5ad43a4..db178fd 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -1761,6 +1761,7 @@ struct ib_cache {
struct ib_pkey_cache **pkey_cache;
struct ib_gid_table **gid_cache;
u8 *lmc_cache;
+ u64 *subnet_prefix_cache;
};
struct ib_dma_mapping_ops {
--
2.7.4
next prev parent reply other threads:[~2016-11-23 14:17 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-23 14:17 [PATCH v6 0/9] SELinux support for Infiniband RDMA Dan Jurgens
2016-11-23 14:17 ` Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 2/9] IB/core: Enforce PKey security on QPs Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 4/9] IB/core: Enforce security on management datagrams Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 5/9] selinux: Create policydb version for Infiniband support Dan Jurgens
[not found] ` <1479910651-43246-6-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-12-13 14:38 ` Stephen Smalley
2016-12-13 14:38 ` Stephen Smalley
2016-12-13 14:40 ` Daniel Jurgens
2016-12-13 14:40 ` Daniel Jurgens
2016-11-23 14:17 ` [PATCH v6 6/9] selinux: Allocate and free infiniband security hooks Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 8/9] selinux: Add IB Port SMP access vector Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 9/9] selinux: Add a cache for quicker retreival of PKey SIDs Dan Jurgens
[not found] ` <1479910651-43246-1-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-11-23 14:17 ` Dan Jurgens [this message]
2016-11-23 14:17 ` [PATCH v6 1/9] IB/core: IB cache enhancements to support Infiniband security Dan Jurgens
2016-11-23 14:17 ` [PATCH v6 3/9] selinux lsm IB/core: Implement LSM notification system Dan Jurgens
2016-11-23 14:17 ` Dan Jurgens
[not found] ` <1479910651-43246-4-git-send-email-danielj-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2016-12-13 14:29 ` Stephen Smalley
2016-12-13 14:29 ` Stephen Smalley
2016-12-13 14:38 ` Daniel Jurgens
2016-12-13 14:38 ` Daniel Jurgens
2016-11-23 14:17 ` [PATCH v6 7/9] selinux: Implement Infiniband PKey "Access" access vector Dan Jurgens
2016-11-23 14:17 ` Dan Jurgens
2016-12-12 21:38 ` [PATCH v6 0/9] SELinux support for Infiniband RDMA Doug Ledford
2016-12-12 21:38 ` Doug Ledford
2016-12-13 15:04 ` Stephen Smalley
2016-12-13 15:04 ` Stephen Smalley
2016-12-13 16:25 ` Daniel Jurgens
2016-12-13 16:25 ` Daniel Jurgens
2016-12-13 22:17 ` Paul Moore
2017-01-24 21:40 ` Doug Ledford
[not found] ` <1485294015.43764.91.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-24 21:45 ` Doug Ledford
2017-01-24 21:45 ` Doug Ledford
2017-01-24 22:40 ` Daniel Jurgens
[not found] ` <VI1PR0501MB242933AC0EC458EAD2792560C4750-o1MPJYiShEyB6Z+oivrBG8DSnupUy6xnnBOFsp37pqbUKgpGm//BTAC/G2K4zDHf@public.gmane.org>
2017-01-25 3:08 ` Doug Ledford
2017-01-25 3:08 ` Doug Ledford
2017-01-25 7:58 ` Paul Moore
2017-01-25 7:58 ` Paul Moore
[not found] ` <CAHC9VhTfuftm1oyiBOa4Fx4L-12eX8MCySiS1H98yroCuuoieA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-01-25 17:25 ` Doug Ledford
2017-01-25 17:25 ` Doug Ledford
[not found] ` <1485365121.2432.6.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-01-25 22:14 ` Paul Moore
2017-01-25 22:14 ` Paul Moore
2017-05-03 14:41 ` Paul Moore
2017-05-03 14:41 ` Paul Moore
2017-05-03 14:41 ` Paul Moore
2017-05-03 19:45 ` Daniel Jurgens
2017-05-03 19:45 ` Daniel Jurgens
2017-05-04 15:51 ` Paul Moore
2017-05-04 15:51 ` Paul Moore
2017-05-17 21:23 ` Paul Moore
2017-05-17 21:23 ` Paul Moore
2017-05-17 21:23 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479910651-43246-2-git-send-email-danielj@mellanox.com \
--to=danielj-vpraknaxozvwk0htik3j/w@public.gmane.org \
--cc=chrisw-69jw2NvuJkxg9hUCZPvPmw@public.gmane.org \
--cc=dledford-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \
--cc=hal.rosenstock-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org \
--cc=sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=sean.hefty-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
--cc=yevgenyp-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.