| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- From 72083c18eb8824dd1d0580c1382d23f4fbc4ed33 Mon Sep 17 00:00:00 2001
- From: Daniel Jurgens <[email protected]>
- Date: Mon, 20 Nov 2017 16:47:45 -0600
- Subject: [PATCH 012/242] IB/core: Don't enforce PKey security on SMI MADs
- MIME-Version: 1.0
- Content-Type: text/plain; charset=UTF-8
- Content-Transfer-Encoding: 8bit
- Per the infiniband spec an SMI MAD can have any PKey. Checking the pkey
- on SMI MADs is not necessary, and it seems that some older adapters
- using the mthca driver don't follow the convention of using the default
- PKey, resulting in false denials, or errors querying the PKey cache.
- SMI MAD security is still enforced, only agents allowed to manage the
- subnet are able to receive or send SMI MADs.
- Reported-by: Chris Blake <[email protected]>
- Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams")
- Signed-off-by: Daniel Jurgens <[email protected]>
- Reviewed-by: Parav Pandit <[email protected]>
- Signed-off-by: Leon Romanovsky <[email protected]>
- Signed-off-by: Fabian Grünbichler <[email protected]>
- ---
- drivers/infiniband/core/security.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
- diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c
- index 70ad19c4c73e..8f9fd3b757db 100644
- --- a/drivers/infiniband/core/security.c
- +++ b/drivers/infiniband/core/security.c
- @@ -692,8 +692,11 @@ int ib_mad_enforce_security(struct ib_mad_agent_private *map, u16 pkey_index)
- {
- int ret;
-
- - if (map->agent.qp->qp_type == IB_QPT_SMI && !map->agent.smp_allowed)
- - return -EACCES;
- + if (map->agent.qp->qp_type == IB_QPT_SMI) {
- + if (!map->agent.smp_allowed)
- + return -EACCES;
- + return 0;
- + }
-
- ret = ib_security_pkey_access(map->agent.device,
- map->agent.port_num,
- --
- 2.14.2
|
