[PATCH v7 4/9] IB/core: Enforce security on management datagrams
Paul Moore
paul at paul-moore.com
Fri May 19 19:21:40 UTC 2017
On Fri, May 19, 2017 at 8:48 AM, Dan Jurgens <danielj at mellanox.com> wrote:
> From: Daniel Jurgens <danielj at mellanox.com>
>
> Allocate and free a security context when creating and destroying a MAD
> agent. This context is used for controlling access to PKeys and sending
> and receiving SMPs.
>
> When sending or receiving a MAD check that the agent has permission to
> access the PKey for the Subnet Prefix of the port.
>
> During MAD and snoop agent registration for SMI QPs check that the
> calling process has permission to access the manage the subnet and
> register a callback with the LSM to be notified of policy changes. When
> notificaiton of a policy change occurs recheck permission and set a flag
> indicating sending and receiving SMPs is allowed.
>
> When sending and receiving MADs check that the agent has access to the
> SMI if it's on an SMI QP. Because security policy can change it's
> possible permission was allowed when creating the agent, but no longer
> is.
>
> Signed-off-by: Daniel Jurgens <danielj at mellanox.com>
>
> ---
> v2:
> - Squashed LSM hook additions. Paul Moore
> - Changed security blobs to void*. Paul Moore
> - Shorten end_port to port. Paul Moore
> - Change "smp" to "manage_subnet". Paul Moore
> - Use the LSM policy change notification and a flag to track permission
> instead of calling the LSM hook for every SMP. Dan Jurgens
> - Squashed PKey and SMP enforcement into the same patch and moved the
> logic into security.c. Dan Jurgens
>
> v3:
> - ib_port -> ib_endport. Paul Moore
> - Use notifier chains for LSM notification. Paul Moore
> - Reorder LSM hook parameters to put sec first. Paul Moore
>
> drivers/infiniband/core/core_priv.h | 35 ++++++++++++++
> drivers/infiniband/core/mad.c | 52 +++++++++++++++++----
> drivers/infiniband/core/security.c | 92 +++++++++++++++++++++++++++++++++++++
> include/linux/lsm_hooks.h | 8 ++++
> include/linux/security.h | 6 +++
> include/rdma/ib_mad.h | 4 ++
> security/security.c | 8 ++++
> 7 files changed, 197 insertions(+), 8 deletions(-)
...
> diff --git a/security/security.c b/security/security.c
> index 6eef315..b69fe6f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1540,6 +1540,12 @@ int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
> }
> EXPORT_SYMBOL(security_ib_pkey_access);
>
> +int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
> +{
> + return call_int_hook(ib_endport_manage_subnet, 0, sec, dev_name, port_num);
> +}
> +EXPORT_SYMBOL(security_ib_endport_manage_subnet);
> +
> int security_ib_alloc_security(void **sec)
> {
> return call_int_hook(ib_alloc_security, 0, sec);
> @@ -2014,6 +2020,8 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init = {
>
> #ifdef CONFIG_SECURITY_INFINIBAND
> .ib_pkey_access = LIST_HEAD_INIT(security_hook_heads.ib_pkey_access),
> + .ib_endport_manage_subnet =
> + LIST_HEAD_INIT(security_hook_heads.ib_endport_manage_subnet),
> .ib_alloc_security =
> LIST_HEAD_INIT(security_hook_heads.ib_alloc_security),
> .ib_free_security =
The same problem as 2/9 regarding the LSM hook code. I'll also drop
this block, but update your patch in case you need to respin.
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list