[PATCH 3/3] fwctl/mlx5: Invoke fw_validate_cmd LSM hook for fwctl commands
Dave Jiang
dave.jiang at intel.com
Mon Mar 9 16:57:47 UTC 2026
On 3/9/26 4:15 AM, Leon Romanovsky wrote:
> From: Chiara Meiohas <cmeiohas at nvidia.com>
>
> fwctl is subsystem which exposes a firmware interface directly to
> userspace: it allows userspace to send device specific command
> buffers to firmware.
>
> Call security_fw_validate_cmd() before dispatching the user-provided
> firmware command.
>
> This allows security modules to implement custom policies and
> enforce per-command security policy on user-triggered firmware
> commands. For example, a BPF LSM program could filter firmware
> commands based on their opcode.
>
> Signed-off-by: Chiara Meiohas <cmeiohas at nvidia.com>
> Reviewed-by: Maher Sanalla <msanalla at nvidia.com>
> Signed-off-by: Edward Srouji <edwards at nvidia.com>
> Signed-off-by: Leon Romanovsky <leonro at nvidia.com>
Reviewed-by: Dave Jiang <dave.jiang at intel.com>
> ---
> drivers/fwctl/mlx5/main.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c
> index e86ab703c767a..8ed17aaf48f1f 100644
> --- a/drivers/fwctl/mlx5/main.c
> +++ b/drivers/fwctl/mlx5/main.c
> @@ -7,6 +7,7 @@
> #include <linux/mlx5/device.h>
> #include <linux/mlx5/driver.h>
> #include <uapi/fwctl/mlx5.h>
> +#include <linux/security.h>
>
> #define mlx5ctl_err(mcdev, format, ...) \
> dev_err(&mcdev->fwctl.dev, format, ##__VA_ARGS__)
> @@ -324,6 +325,15 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> if (!mlx5ctl_validate_rpc(rpc_in, scope))
> return ERR_PTR(-EBADMSG);
>
> + /* Enforce the user context for the command */
> + MLX5_SET(mbox_in_hdr, rpc_in, uid, mfd->uctx_uid);
> +
> + ret = security_fw_validate_cmd(rpc_in, in_len, &mcdev->fwctl.dev,
> + FW_CMD_CLASS_FWCTL,
> + FWCTL_DEVICE_TYPE_MLX5);
> + if (ret)
> + return ERR_PTR(ret);
> +
> /*
> * mlx5_cmd_do() copies the input message to its own buffer before
> * executing it, so we can reuse the allocation for the output.
> @@ -336,8 +346,6 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope,
> return ERR_PTR(-ENOMEM);
> }
>
> - /* Enforce the user context for the command */
> - MLX5_SET(mbox_in_hdr, rpc_in, uid, mfd->uctx_uid);
> ret = mlx5_cmd_do(mcdev->mdev, rpc_in, in_len, rpc_out, *out_len);
>
> mlx5ctl_dbg(mcdev,
>
More information about the Linux-security-module-archive
mailing list