From: Daniel Jurgens
ib_get_cached_subnet_prefix can technically fail, but the only way it
could is not possible based on the loop conditions. Check the return
value before using the variable sp to resolve a static analysis warning.
Fixes: 8f408ab64be6 ("selinux lsm
From: Daniel Jurgens
ib_get_cached_subnet_prefix can technically fail, but the only way it
could is not possible based on the loop conditions. Check the return
value before using the variable sp to resolve a static analysis warning.
Fixes: 8f408ab64be6 ("selinux lsm
From: Daniel Jurgens
Check the return value from get_pkey_and_subnet_prefix to prevent using
uninitialized variables.
Fixes: d291f1a65232 ("IB/core: Enforce PKey security on QPs")
Signed-off-by: Daniel Jurgens
Reported-by: Dan Carpenter
From: Daniel Jurgens
New tests for infiniband pkeys. Most users don't have Infiniband
hardware, and if they do the pkey configuration is not standardized.
There is a configuration file for enabling the test and setting
environment specific test configurations. If the tests
From: Daniel Jurgens
New tests for Infiniband endports. Most users do not have infiniband
hardware, and if they do the device names can vary. There is a
configuration file for enabling the tests and setting environment
specific configurations. If the tests are disabled
From: Daniel Jurgens
Implements new tests for Infiniband pkeys and endports. Because infiniband
isn't widely used, and when it is the configuration is site specific,
configuration files are used to enable the tests and set environment
specific settings. When the tests are
From: Daniel Jurgens
Signed-off-by: Daniel Jurgens
---
python/semanage/semanage-ibendport.8 | 2 +-
python/semanage/semanage-ibpkey.8| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/semanage/semanage-ibendport.8
From: Daniel Jurgens
New tests for Infiniband endports. Most users do not have infiniband
hardware, and if they do the device names can vary. There is a
configuration file for enabling the tests and setting environment
specific configurations. If the tests are disabled
From: Daniel Jurgens
New tests for infiniband pkeys. Most users don't have Infiniband
hardware, and if they do the pkey configuration is not standardized.
There is a configuration file for enabling the test and setting
environment specific test configurations. If the tests
From: Daniel Jurgens
Implements new tests for Infiniband pkeys and endports. Because infiniband
isn't widely used, and when it is the configuration is site specific,
configuration files are used to enable the tests and set environment
specific settings. When the tests are
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
From: Daniel Jurgens
Add IB end port parsing, symbol table management, and policy generation
to CIL.
Signed-off-by: Daniel Jurgens
---
v1:
James Carter:
- Add cil_resolve_ibendportcon prototype in cil_resolve_ast.h
---
libsepol/cil/src/cil.c
From: Daniel Jurgens
Add support for reading, writing, and copying Infiniband Pkey ocontext
data. Also add support for querying a Pkey sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed domain and type params from
From: Daniel Jurgens
Add support for reading, writing, and copying IB end port ocontext data.
Also add support for querying a IB end port sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed unused domain and type
From: Daniel Jurgens
Update libsepol and libsemanage to work with pkey records. Add local
storage for new and modified pkey records in pkeys.local. Update semanage
to parse the pkey command options to add, modify, and delete pkeys.
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibendportcon labels.
Also create a new ocontext for IB end ports.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Check IB device name length when parsing policy.
- Use
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibpkeycon labels. Also
create a new ocontext for Infiniband Pkeys and define a new policydb
version for infiniband support.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
From: Daniel Jurgens
Infiniband applications access HW from user-space -- traffic is generated
directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
which are associated directly with HW transport endpoints, are a natural
choice for enforcing granular
ag to track permission
instead of calling the LSM hook for every SMP. Dan Jurgens
- Squashed PKey and SMP enforcement into the same patch and moved the
logic into security.c. Dan Jurgens
v3:
- ib_port -> ib_endport. Paul Moore
- Use notifier chains for LSM notification. Paul Moore
- Reorder L
From: Daniel Jurgens
Support for Infiniband requires the addition of two new object contexts,
one for infiniband PKeys and another IB Ports. Added handlers to read
and write the new ocontext types when reading or writing a binary policy
representation.
Signed-off-by:
From: Daniel Jurgens
Add a type for Infiniband ports and an access vector for subnet
management packets. Implement the ib_port_smp hook to check that the
caller has permission to send and receive SMPs on the end port specified
by the device name and port. Add interface to
From: Daniel Jurgens
Add a generic notificaiton mechanism in the LSM. Interested consumers
can register a callback with the LSM and security modules can produce
events.
Because access to Infiniband QPs are enforced in the setup phase of a
connection security should be
Moore
- Fixed a bracket indentation mismatch in sel_pkey_find. Yuval Shaia
- Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep
warning. Dan Jurgens
v6:
- Fixed sel_pkey_sid_slow error handling. James Morris
v7:
- Renamed sel_pkey* to sel_ib_pkey* in the pkey cache.
security/selinux
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
From: Daniel Jurgens
Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given
From: Daniel Jurgens
Implement and attach hooks to allocate and free Infiniband object
security structures.
Signed-off-by: Daniel Jurgens
---
v2:
- Use void * blobs for security structs. Paul Moore
- Shorten ib_end_port to ib_port. Paul Moore
-
From: Daniel Jurgens
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Signed-off-by: Daniel Jurgens
Reviewed-by: Eli Cohen
From: Daniel Jurgens
Add IB end port parsing, symbol table management, and policy generation
to CIL.
Signed-off-by: Daniel Jurgens
---
v1:
James Carter:
- Add cil_resolve_ibendportcon prototype in cil_resolve_ast.h
---
libsepol/cil/src/cil.c
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibendportcon labels.
Also create a new ocontext for IB end ports.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Check IB device name length when parsing policy.
- Use
From: Daniel Jurgens
Update the main man page and add specific pages for ibpkeys and
ibendports.
Signed-off-by: Daniel Jurgens
---
python/semanage/semanage-ibendport.8 | 66
python/semanage/semanage-ibpkey.8|
From: Daniel Jurgens
Update libsepol and libsemanage to work with ibendport records. Add local
storage for new and modified ibendport records in ibendports.local.
Update semanage to parse the ibendport command options to add, modify,
and delete them.
Signed-off-by: Daniel
From: Daniel Jurgens
Update libsepol and libsemanage to work with pkey records. Add local
storage for new and modified pkey records in pkeys.local. Update semanage
to parse the pkey command options to add, modify, and delete pkeys.
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Add Infiniband pkey parsing, symbol table management, and policy
generation to CIL.
Signed-off-by: Daniel Jurgens
---
libsepol/cil/src/cil.c | 19 +
libsepol/cil/src/cil_binary.c | 39 +
From: Daniel Jurgens
Add support for reading, writing, and copying Infiniband Pkey ocontext
data. Also add support for querying a Pkey sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed domain and type params from
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibpkeycon labels. Also
create a new ocontext for Infiniband Pkeys and define a new policydb
version for infiniband support.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
From: Daniel Jurgens
Add support for reading, writing, and copying IB end port ocontext data.
Also add support for querying a IB end port sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed unused domain and type
From: Daniel Jurgens
Infiniband applications access HW from user-space -- traffic is generated
directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
which are associated directly with HW transport endpoints, are a natural
choice for enforcing granular
From: Daniel Jurgens
New tests for Infiniband endports. Most users do not have infiniband
hardware, and if they do the device names can vary. There is a
configuration file for enabling the tests and setting environment
specific configurations. If the tests are disabled
From: Daniel Jurgens
New tests for infiniband pkeys. Most users don't have Infiniband
hardware, and if they do the pkey configuration is not standardized.
There is a configuration file for enabling the test and setting
environment specific test configurations. If the tests
From: Daniel Jurgens
Update the main man page and add specific pages for ibpkeys and
ibendports.
Signed-off-by: Daniel Jurgens
---
python/semanage/semanage-ibendport.8 | 66
python/semanage/semanage-ibpkey.8|
From: Daniel Jurgens
Add IB end port parsing, symbol table management, and policy generation
to CIL.
Signed-off-by: Daniel Jurgens
---
v1:
James Carter:
- Add cil_resolve_ibendportcon prototype in cil_resolve_ast.h
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibendportcon labels.
Also create a new ocontext for IB end ports.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Check IB device name length when parsing policy.
- Use
From: Daniel Jurgens
Update libsepol and libsemanage to work with ibendport records. Add local
storage for new and modified ibendport records in ibendports.local.
Update semanage to parse the ibendport command options to add, modify,
and delete them.
Signed-off-by: Daniel
From: Daniel Jurgens
Update libsepol and libsemanage to work with pkey records. Add local
storage for new and modified pkey records in pkeys.local. Update semanage
to parse the pkey command options to add, modify, and delete pkeys.
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Add Infiniband pkey parsing, symbol table management, and policy
generation to CIL.
Signed-off-by: Daniel Jurgens
---
libsepol/cil/src/cil.c | 19 +
libsepol/cil/src/cil_binary.c | 39 +
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibpkeycon labels. Also
create a new ocontext for Infiniband Pkeys and define a new policydb
version for infiniband support.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
From: Daniel Jurgens
Add support for reading, writing, and copying IB end port ocontext data.
Also add support for querying a IB end port sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed unused domain and type
From: Daniel Jurgens
Add support for reading, writing, and copying Infinabinda Pkey ocontext
data. Also add support for querying a Pkey sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
v1:
Stephen Smalley:
- Removed domain and type params from
From: Daniel Jurgens
Update libsepol and libsemanage to work with pkey records. Add local
storage for new and modified pkey records in pkeys.local. Update semanage
to parse the pkey command options to add, modify, and delete pkeys.
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Add Infiniband pkey parsing, symbol table management, and policy
generation to CIL.
Signed-off-by: Daniel Jurgens
---
libsepol/cil/src/cil.c | 19
libsepol/cil/src/cil_binary.c | 39
From: Daniel Jurgens
Add IB end port parsing, symbol table management, and policy generation
to CIL.
Signed-off-by: Daniel Jurgens
---
libsepol/cil/src/cil.c | 18 ++
libsepol/cil/src/cil_binary.c | 29
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibendportcon labels.
Also create a new ocontext for IB end ports.
Signed-off-by: Daniel Jurgens
---
checkpolicy/policy_define.c| 70
From: Daniel Jurgens
Update the main man page and add specific pages for ibpkeys and
ibendports.
Signed-off-by: Daniel Jurgens
---
python/semanage/semanage-ibendport.8 | 66 ++
python/semanage/semanage-ibpkey.8|
From: Daniel Jurgens
Add support for reading, writing, and copying IB end port ocontext data.
Also add support for querying a IB end port sid to checkpolicy.
Signed-off-by: Daniel Jurgens
---
checkpolicy/checkpolicy.c | 20
From: Daniel Jurgens
Add checkpolicy support for scanning and parsing ibpkeycon labels. Also
create a new ocontext for Infiniband Pkeys and define a new policydb
version for infiniband support.
Signed-off-by: Daniel Jurgens
---
From: Daniel Jurgens
Update libsepol and libsemanage to work with ibendport records. Add local
storage for new and modified ibendport records in ibendports.local.
Update semanage to parse the ibendport command options to add, modify,
and delete them.
Signed-off-by: Daniel
From: Daniel Jurgens
Infiniband applications access HW from user-space -- traffic is generated
directly by HW, bypassing the kernel. Consequently, Infiniband Partitions,
which are associated directly with HW transport endpoints, are a natural
choice for enforcing granular
From: Daniel Jurgens
Support for Infiniband requires the addition of two new object contexts,
one for infiniband PKeys and another IB Ports. Added handlers to read
and write the new ocontext types when reading or writing a binary policy
representation.
Signed-off-by:
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
Moore
- Fixed a bracket indentation mismatch in sel_pkey_find. Yuval Shaia
- Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep
warning. Dan Jurgens
v6:
- Fixed sel_pkey_sid_slow error handling. James Morris
---
security/selinux/Makefile | 2 +-
security/selinux/hooks.c
From: Daniel Jurgens
Add a type for Infiniband ports and an access vector for subnet
management packets. Implement the ib_port_smp hook to check that the
caller has permission to send and receive SMPs on the end port specified
by the device name and port. Add interface to
new initial SIDs. Stephen Smalley
- Squash MAD agent PKey and SMI patches and move logic to IB security. Dan
Jurgens
- Changed ib_end_port to ib_port. Paul Moore
- Changed ib_port access vector from smp to manage_subnet. Paul Moore
- Added pkey and ib_port details to the audit log. Paul Moor
From: Daniel Jurgens
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Support for Infiniband requires the addition of two new object contexts,
one for infiniband PKeys and another IB Ports. Added handlers to read
and write the new ocontext types when reading or writing a binary policy
representation.
Signed-off-by:
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
Moore
- Fixed a braket indentation mismatch in sel_pkey_find. Yuval Shaia
- Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep
warning. Dan Jurgens
---
security/selinux/Makefile | 2 +-
security/selinux/hooks.c | 7 +-
security/selinux/ibpkey.c | 245
From: Daniel Jurgens
Implement and attach hooks to allocate and free Infiniband object
security structures.
Signed-off-by: Daniel Jurgens
---
v2:
- Use void * blobs for security structs. Paul Moore
- Shorten ib_end_port to ib_port. Paul Moore
-
ag to track permission
instead of calling the LSM hook for every SMP. Dan Jurgens
- Squashed PKey and SMP enforcement into the same patch and moved the
logic into security.c. Dan Jurgens
v3:
- ib_port -> ib_endport. Paul Moore
- Use notifier chains for LSM notification. Paul Moore
- Reorder L
From: Daniel Jurgens
Add a generic notificaiton mechanism in the LSM. Interested consumers
can register a callback with the LSM and security modules can produce
events.
Because access to Infiniband QPs are enforced in the setup phase of a
connection security should be
new initial SIDs. Stephen Smalley
- Squash MAD agent PKey and SMI patches and move logic to IB security. Dan
Jurgens
- Changed ib_end_port to ib_port. Paul Moore
- Changed ib_port access vector from smp to manage_subnet. Paul Moore
- Added pkey and ib_port details to the audit log. Paul Moor
From: Daniel Jurgens
Implement and attach hooks to allocate and free Infiniband object
security structures.
issue: 736423
Change-Id: I3bdbecee7aab6d7615a02967c39a5a8792a14d44
Signed-off-by: Daniel Jurgens
---
v2:
- Use void * blobs for security
From: Daniel Jurgens
Add a generic notificaiton mechanism in the LSM. Interested consumers
can register a callback with the LSM and security modules can produce
events.
Because access to Infiniband QPs are enforced in the setup phase of a
connection security should be
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
From: Daniel Jurgens
Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given
". Paul Moore
- Use the LSM policy change notification and a flag to track permission
instead of calling the LSM hook for every SMP. Dan Jurgens
- Squashed PKey and SMP enforcement into the same patch and moved the
logic into security.c. Dan Jurgens
v3:
- ib_port -> ib_endport. Paul
From: Daniel Jurgens
Support for Infiniband requires the addition of two new object contexts,
one for infiniband PKeys and another IB Ports. Added handlers to read
and write the new ocontext types when reading or writing a binary policy
representation.
issue: 736423
ellanox.com>
---
v2:
- Renamed the files to ibpkey. Paul Moore
- Fixed a braket indentation mismatch in sel_pkey_find. Yuval Shaia
- Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep
warning. Dan Jurgens
Signed-off-by: Daniel Jurgens <dani...@mellanox.com>
---
security/s
From: Daniel Jurgens
Add a type for Infiniband ports and an access vector for subnet
management packets. Implement the ib_port_smp hook to check that the
caller has permission to send and receive SMPs on the end port specified
by the device name and port. Add interface to
From: Daniel Jurgens
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
issue: 736423
Change-Id:
new initial SIDs. Stephen Smalley
- Squash MAD agent PKey and SMI patches and move logic to IB security. Dan
Jurgens
- Changed ib_end_port to ib_port. Paul Moore
- Changed ib_port access vector from smp to manage_subnet. Paul Moore
- Added pkey and ib_port details to the audit log. Paul Moor
From: Daniel Jurgens
Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given
From: Daniel Jurgens
Implement and attach hooks to allocate and free Infiniband object
security structures.
Signed-off-by: Daniel Jurgens
---
v2:
- Use void * blobs for security structs. Paul Moore
- Shorten ib_end_port to ib_port. Paul Moore
-
Moore
- Fixed a braket indentation mismatch in sel_pkey_find. Yuval Shaia
- Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep
warning. Dan Jurgens
security/selinux/Makefile | 2 +-
security/selinux/hooks.c | 4 +-
security/selinux/ibpkey.c | 245
ag to track permission
instead of calling the LSM hook for every SMP. Dan Jurgens
- Squashed PKey and SMP enforcement into the same patch and moved the
logic into security.c. Dan Jurgens
v3:
- ib_port -> ib_endport. Paul Moore
- Use notifier chains for LSM notification. Paul Moore
- Reorder L
From: Daniel Jurgens
Support for Infiniband requires the addition of two new object contexts,
one for infiniband PKeys and another IB Ports. Added handlers to read
and write the new ocontext types when reading or writing a binary policy
representation.
Signed-off-by:
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
From: Daniel Jurgens
Add a generic notificaiton mechanism in the LSM. Interested consumers
can register a callback with the LSM and security modules can produce
events.
Because access to Infiniband QPs are enforced in the setup phase of a
connection security should be
From: Daniel Jurgens
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
Signed-off-by: Daniel Jurgens
Shaia, Paul Moore
- Squash LSM changes into the patches where the calls are added. Paul Moore
- Don't add new initial SIDs. Stephen Smalley
- Squash MAD agent PKey and SMI patches. Dan Jurgens
- Changed ib_end_port to ib_port. Paul Moore
- Changed ib_port access vector from smp to manage_subne
Moore
- Fixed a braket indentation mismatch in sel_pkey_find. Yuval Shaia
- Change spin_lock_bh to spin_lock_irqsave to resolve HARDIRQ lockdep
warning. Dan Jurgens
---
security/selinux/Makefile |2 +-
security/selinux/hooks.c |5 +-
security/selinux/ibpkey.c | 245 +++
From: Daniel Jurgens
Add a type and access vector for PKeys. Implement the ib_pkey_access
hook to check that the caller has permission to access the PKey on the
given subnet prefix. Add an interface to get the PKey SID. Walk the PKey
ocontexts to find an entry for the given
From: Daniel Jurgens
Implement and attach hooks to allocate and free Infiniband object
security structures.
Signed-off-by: Daniel Jurgens
---
v2:
- Use void * blobs for security structs. Paul Moore
- Shorten ib_end_port to ib_port. Paul Moore
-
ag to track permission
instead of calling the LSM hook for every SMP. Dan Jurgens
- Squashed PKey and SMP enforcement into the same patch and moved the
logic into security.c. Dan Jurgens
---
drivers/infiniband/core/core_priv.h | 35 +
drivers/infiniband/core/mad.c |
From: Daniel Jurgens
Add new LSM hooks to allocate and free security contexts and check for
permission to access a PKey.
Allocate and free a security context when creating and destroying a QP.
This context is used for controlling access to PKeys.
When a request is made to
From: Daniel Jurgens
Add a generic notificaiton mechanism in the LSM. Interested consumers
can register a callback with the LSM and security modules can produce
events.
Because access to Infiniband QPs are enforced in the setup phase of a
connection security should be
From: Daniel Jurgens
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
Signed-off-by: Daniel Jurgens
From: Daniel Jurgens
Add a type for Infiniband end ports and an access vector for subnet
management packets. Implement the ib_end_port_smp hook to check that the
caller has permission to send and receive SMPs on the end port specified
by the device name and port. Add
From: Daniel Jurgens
Implement and attach hooks to allocate and free Infiniband QP and MAD
agent security structures.
Signed-off-by: Daniel Jurgens
Reviewed-by: Eli Cohen
---
include/rdma/ib_mad.h | 1 +
From: Daniel Jurgens
Allocate and free a security context when creating and destroying a MAD
agent. This context is used for controlling access to PKeys.
When sending or receiving a MAD check that the agent has permission to
access the PKey for the Subnet Prefix of the
From: Daniel Jurgens
Cache the subnet prefix and add a function to access it. Enforcing
security requires frequent queries of the subnet prefix and the pkeys in
the pkey table.
Also removed an unneded pr_warn about memory allocation failure.
Signed-off-by: Daniel Jurgens
1 - 100 of 101 matches
Mail list logo