[PATCH v7 4/9] IB/core: Enforce security on management datagrams
Daniel Jurgens
danielj at mellanox.com
Fri May 19 23:57:05 UTC 2017
On 5/19/2017 2:21 PM, Paul Moore wrote:
> On Fri, May 19, 2017 at 8:48 AM, Dan Jurgens <danielj at mellanox.com> wrote:
>> From: Daniel Jurgens <danielj at mellanox.com>
>>
>> Allocate and free a security context when creating and destroying a MAD
>> agent. This context is used for controlling access to PKeys and sending
>> and receiving SMPs.
>>
>> When sending or receiving a MAD check that the agent has permission to
>> access the PKey for the Subnet Prefix of the port.
>>
>> During MAD and snoop agent registration for SMI QPs check that the
>> calling process has permission to access the manage the subnet and
>> register a callback with the LSM to be notified of policy changes. When
>> notificaiton of a policy change occurs recheck permission and set a flag
>> indicating sending and receiving SMPs is allowed.
>>
>> When sending and receiving MADs check that the agent has access to the
>> SMI if it's on an SMI QP. Because security policy can change it's
>> possible permission was allowed when creating the agent, but no longer
>> is.
>>
>> Signed-off-by: Daniel Jurgens <danielj at mellanox.com>
>>
>> ---
>> v2:
>> - Squashed LSM hook additions. Paul Moore
>> - Changed security blobs to void*. Paul Moore
>> - Shorten end_port to port. Paul Moore
>> - Change "smp" to "manage_subnet". Paul Moore
>> - Use the LSM policy change notification and a flag to track permission
>> instead of calling the LSM hook for every SMP. Dan Jurgens
>> - Squashed PKey and SMP enforcement into the same patch and moved the
>> logic into security.c. Dan Jurgens
>>
>> v3:
>> - ib_port -> ib_endport. Paul Moore
>> - Use notifier chains for LSM notification. Paul Moore
>> - Reorder LSM hook parameters to put sec first. Paul Moore
>>
>> drivers/infiniband/core/core_priv.h | 35 ++++++++++++++
>> drivers/infiniband/core/mad.c | 52 +++++++++++++++++----
>> drivers/infiniband/core/security.c | 92 +++++++++++++++++++++++++++++++++++++
>> include/linux/lsm_hooks.h | 8 ++++
>> include/linux/security.h | 6 +++
>> include/rdma/ib_mad.h | 4 ++
>> security/security.c | 8 ++++
>> 7 files changed, 197 insertions(+), 8 deletions(-)
> ...
>
>> diff --git a/security/security.c b/security/security.c
>> index 6eef315..b69fe6f 100644
>> --- a/security/security.c
>> +++ b/security/security.c
>> @@ -1540,6 +1540,12 @@ int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
>> }
>> EXPORT_SYMBOL(security_ib_pkey_access);
>>
>> +int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
>> +{
>> + return call_int_hook(ib_endport_manage_subnet, 0, sec, dev_name, port_num);
>> +}
>> +EXPORT_SYMBOL(security_ib_endport_manage_subnet);
>> +
>> int security_ib_alloc_security(void **sec)
>> {
>> return call_int_hook(ib_alloc_security, 0, sec);
>> @@ -2014,6 +2020,8 @@ struct security_hook_heads security_hook_heads __lsm_ro_after_init = {
>>
>> #ifdef CONFIG_SECURITY_INFINIBAND
>> .ib_pkey_access = LIST_HEAD_INIT(security_hook_heads.ib_pkey_access),
>> + .ib_endport_manage_subnet =
>> + LIST_HEAD_INIT(security_hook_heads.ib_endport_manage_subnet),
>> .ib_alloc_security =
>> LIST_HEAD_INIT(security_hook_heads.ib_alloc_security),
>> .ib_free_security =
> The same problem as 2/9 regarding the LSM hook code. I'll also drop
> this block, but update your patch in case you need to respin.
>
Thanks, updated locally as well in both cases.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list