2 * Copyright (c) 2016 Mellanox Technologies Ltd. All rights reserved.
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
33 #ifdef CONFIG_SECURITY_INFINIBAND
35 #include <linux/security.h>
36 #include <linux/completion.h>
37 #include <linux/list.h>
39 #include <rdma/ib_verbs.h>
40 #include <rdma/ib_cache.h>
41 #include "core_priv.h"
43 static struct pkey_index_qp_list *get_pkey_idx_qp_list(struct ib_port_pkey *pp)
45 struct pkey_index_qp_list *pkey = NULL;
46 struct pkey_index_qp_list *tmp_pkey;
47 struct ib_device *dev = pp->sec->dev;
49 spin_lock(&dev->port_pkey_list[pp->port_num].list_lock);
50 list_for_each_entry(tmp_pkey,
51 &dev->port_pkey_list[pp->port_num].pkey_list,
53 if (tmp_pkey->pkey_index == pp->pkey_index) {
58 spin_unlock(&dev->port_pkey_list[pp->port_num].list_lock);
62 static int get_pkey_and_subnet_prefix(struct ib_port_pkey *pp,
66 struct ib_device *dev = pp->sec->dev;
69 ret = ib_get_cached_pkey(dev, pp->port_num, pp->pkey_index, pkey);
73 ret = ib_get_cached_subnet_prefix(dev, pp->port_num, subnet_prefix);
78 static int enforce_qp_pkey_security(u16 pkey,
80 struct ib_qp_security *qp_sec)
82 struct ib_qp_security *shared_qp_sec;
85 ret = security_ib_pkey_access(qp_sec->security, subnet_prefix, pkey);
89 if (qp_sec->qp == qp_sec->qp->real_qp) {
90 list_for_each_entry(shared_qp_sec,
91 &qp_sec->shared_qp_list,
93 ret = security_ib_pkey_access(shared_qp_sec->security,
103 /* The caller of this function must hold the QP security
104 * mutex of the QP of the security structure in *pps.
106 * It takes separate ports_pkeys and security structure
107 * because in some cases the pps will be for a new settings
108 * or the pps will be for the real QP and security structure
109 * will be for a shared QP.
111 static int check_qp_port_pkey_settings(struct ib_ports_pkeys *pps,
112 struct ib_qp_security *sec)
121 if (pps->main.state != IB_PORT_PKEY_NOT_VALID) {
122 get_pkey_and_subnet_prefix(&pps->main,
126 ret = enforce_qp_pkey_security(pkey,
133 if (pps->alt.state != IB_PORT_PKEY_NOT_VALID) {
134 get_pkey_and_subnet_prefix(&pps->alt,
138 ret = enforce_qp_pkey_security(pkey,
146 /* The caller of this function must hold the QP security
149 static void qp_to_error(struct ib_qp_security *sec)
151 struct ib_qp_security *shared_qp_sec;
152 struct ib_qp_attr attr = {
153 .qp_state = IB_QPS_ERR
155 struct ib_event event = {
156 .event = IB_EVENT_QP_FATAL
159 /* If the QP is in the process of being destroyed
160 * the qp pointer in the security structure is
161 * undefined. It cannot be modified now.
166 ib_modify_qp(sec->qp,
170 if (sec->qp->event_handler && sec->qp->qp_context) {
171 event.element.qp = sec->qp;
172 sec->qp->event_handler(&event,
173 sec->qp->qp_context);
176 list_for_each_entry(shared_qp_sec,
177 &sec->shared_qp_list,
179 struct ib_qp *qp = shared_qp_sec->qp;
181 if (qp->event_handler && qp->qp_context) {
182 event.element.qp = qp;
183 event.device = qp->device;
184 qp->event_handler(&event,
190 static inline void check_pkey_qps(struct pkey_index_qp_list *pkey,
191 struct ib_device *device,
195 struct ib_port_pkey *pp, *tmp_pp;
197 LIST_HEAD(to_error_list);
200 if (!ib_get_cached_pkey(device,
204 spin_lock(&pkey->qp_list_lock);
205 list_for_each_entry(pp, &pkey->qp_list, qp_list) {
206 if (atomic_read(&pp->sec->error_list_count))
209 if (enforce_qp_pkey_security(pkey_val,
212 atomic_inc(&pp->sec->error_list_count);
213 list_add(&pp->to_error_list,
217 spin_unlock(&pkey->qp_list_lock);
220 list_for_each_entry_safe(pp,
224 mutex_lock(&pp->sec->mutex);
225 qp_to_error(pp->sec);
226 list_del(&pp->to_error_list);
227 atomic_dec(&pp->sec->error_list_count);
228 comp = pp->sec->destroying;
229 mutex_unlock(&pp->sec->mutex);
232 complete(&pp->sec->error_complete);
236 /* The caller of this function must hold the QP security
239 static int port_pkey_list_insert(struct ib_port_pkey *pp)
241 struct pkey_index_qp_list *tmp_pkey;
242 struct pkey_index_qp_list *pkey;
243 struct ib_device *dev;
244 u8 port_num = pp->port_num;
247 if (pp->state != IB_PORT_PKEY_VALID)
252 pkey = get_pkey_idx_qp_list(pp);
257 pkey = kzalloc(sizeof(*pkey), GFP_KERNEL);
261 spin_lock(&dev->port_pkey_list[port_num].list_lock);
262 /* Check for the PKey again. A racing process may
265 list_for_each_entry(tmp_pkey,
266 &dev->port_pkey_list[port_num].pkey_list,
268 if (tmp_pkey->pkey_index == pp->pkey_index) {
277 pkey->pkey_index = pp->pkey_index;
278 spin_lock_init(&pkey->qp_list_lock);
279 INIT_LIST_HEAD(&pkey->qp_list);
280 list_add(&pkey->pkey_index_list,
281 &dev->port_pkey_list[port_num].pkey_list);
283 spin_unlock(&dev->port_pkey_list[port_num].list_lock);
286 spin_lock(&pkey->qp_list_lock);
287 list_add(&pp->qp_list, &pkey->qp_list);
288 spin_unlock(&pkey->qp_list_lock);
290 pp->state = IB_PORT_PKEY_LISTED;
295 /* The caller of this function must hold the QP security
298 static void port_pkey_list_remove(struct ib_port_pkey *pp)
300 struct pkey_index_qp_list *pkey;
302 if (pp->state != IB_PORT_PKEY_LISTED)
305 pkey = get_pkey_idx_qp_list(pp);
307 spin_lock(&pkey->qp_list_lock);
308 list_del(&pp->qp_list);
309 spin_unlock(&pkey->qp_list_lock);
311 /* The setting may still be valid, i.e. after
312 * a destroy has failed for example.
314 pp->state = IB_PORT_PKEY_VALID;
317 static void destroy_qp_security(struct ib_qp_security *sec)
319 security_ib_free_security(sec->security);
320 kfree(sec->ports_pkeys);
324 /* The caller of this function must hold the QP security
327 static struct ib_ports_pkeys *get_new_pps(const struct ib_qp *qp,
328 const struct ib_qp_attr *qp_attr,
331 struct ib_ports_pkeys *new_pps;
332 struct ib_ports_pkeys *qp_pps = qp->qp_sec->ports_pkeys;
334 new_pps = kzalloc(sizeof(*new_pps), GFP_KERNEL);
338 if (qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) {
340 new_pps->main.port_num = qp_attr->port_num;
341 new_pps->main.pkey_index = qp_attr->pkey_index;
343 new_pps->main.port_num = (qp_attr_mask & IB_QP_PORT) ?
345 qp_pps->main.port_num;
347 new_pps->main.pkey_index =
348 (qp_attr_mask & IB_QP_PKEY_INDEX) ?
349 qp_attr->pkey_index :
350 qp_pps->main.pkey_index;
352 new_pps->main.state = IB_PORT_PKEY_VALID;
354 new_pps->main.port_num = qp_pps->main.port_num;
355 new_pps->main.pkey_index = qp_pps->main.pkey_index;
356 if (qp_pps->main.state != IB_PORT_PKEY_NOT_VALID)
357 new_pps->main.state = IB_PORT_PKEY_VALID;
360 if (qp_attr_mask & IB_QP_ALT_PATH) {
361 new_pps->alt.port_num = qp_attr->alt_port_num;
362 new_pps->alt.pkey_index = qp_attr->alt_pkey_index;
363 new_pps->alt.state = IB_PORT_PKEY_VALID;
365 new_pps->alt.port_num = qp_pps->alt.port_num;
366 new_pps->alt.pkey_index = qp_pps->alt.pkey_index;
367 if (qp_pps->alt.state != IB_PORT_PKEY_NOT_VALID)
368 new_pps->alt.state = IB_PORT_PKEY_VALID;
371 new_pps->main.sec = qp->qp_sec;
372 new_pps->alt.sec = qp->qp_sec;
376 int ib_open_shared_qp_security(struct ib_qp *qp, struct ib_device *dev)
378 struct ib_qp *real_qp = qp->real_qp;
381 ret = ib_create_qp_security(qp, dev);
386 mutex_lock(&real_qp->qp_sec->mutex);
387 ret = check_qp_port_pkey_settings(real_qp->qp_sec->ports_pkeys,
394 list_add(&qp->qp_sec->shared_qp_list,
395 &real_qp->qp_sec->shared_qp_list);
397 mutex_unlock(&real_qp->qp_sec->mutex);
399 destroy_qp_security(qp->qp_sec);
404 void ib_close_shared_qp_security(struct ib_qp_security *sec)
406 struct ib_qp *real_qp = sec->qp->real_qp;
408 mutex_lock(&real_qp->qp_sec->mutex);
409 list_del(&sec->shared_qp_list);
410 mutex_unlock(&real_qp->qp_sec->mutex);
412 destroy_qp_security(sec);
415 int ib_create_qp_security(struct ib_qp *qp, struct ib_device *dev)
419 qp->qp_sec = kzalloc(sizeof(*qp->qp_sec), GFP_KERNEL);
424 qp->qp_sec->dev = dev;
425 mutex_init(&qp->qp_sec->mutex);
426 INIT_LIST_HEAD(&qp->qp_sec->shared_qp_list);
427 atomic_set(&qp->qp_sec->error_list_count, 0);
428 init_completion(&qp->qp_sec->error_complete);
429 ret = security_ib_alloc_security(&qp->qp_sec->security);
435 EXPORT_SYMBOL(ib_create_qp_security);
437 void ib_destroy_qp_security_begin(struct ib_qp_security *sec)
439 mutex_lock(&sec->mutex);
441 /* Remove the QP from the lists so it won't get added to
442 * a to_error_list during the destroy process.
444 if (sec->ports_pkeys) {
445 port_pkey_list_remove(&sec->ports_pkeys->main);
446 port_pkey_list_remove(&sec->ports_pkeys->alt);
449 /* If the QP is already in one or more of those lists
450 * the destroying flag will ensure the to error flow
451 * doesn't operate on an undefined QP.
453 sec->destroying = true;
455 /* Record the error list count to know how many completions
458 sec->error_comps_pending = atomic_read(&sec->error_list_count);
460 mutex_unlock(&sec->mutex);
463 void ib_destroy_qp_security_abort(struct ib_qp_security *sec)
468 /* If a concurrent cache update is in progress this
469 * QP security could be marked for an error state
470 * transition. Wait for this to complete.
472 for (i = 0; i < sec->error_comps_pending; i++)
473 wait_for_completion(&sec->error_complete);
475 mutex_lock(&sec->mutex);
476 sec->destroying = false;
478 /* Restore the position in the lists and verify
479 * access is still allowed in case a cache update
480 * occurred while attempting to destroy.
482 * Because these setting were listed already
483 * and removed during ib_destroy_qp_security_begin
484 * we know the pkey_index_qp_list for the PKey
485 * already exists so port_pkey_list_insert won't fail.
487 if (sec->ports_pkeys) {
488 port_pkey_list_insert(&sec->ports_pkeys->main);
489 port_pkey_list_insert(&sec->ports_pkeys->alt);
492 ret = check_qp_port_pkey_settings(sec->ports_pkeys, sec);
496 mutex_unlock(&sec->mutex);
499 void ib_destroy_qp_security_end(struct ib_qp_security *sec)
503 /* If a concurrent cache update is occurring we must
504 * wait until this QP security structure is processed
505 * in the QP to error flow before destroying it because
506 * the to_error_list is in use.
508 for (i = 0; i < sec->error_comps_pending; i++)
509 wait_for_completion(&sec->error_complete);
511 destroy_qp_security(sec);
514 void ib_security_cache_change(struct ib_device *device,
518 struct pkey_index_qp_list *pkey;
520 list_for_each_entry(pkey,
521 &device->port_pkey_list[port_num].pkey_list,
530 void ib_security_destroy_port_pkey_list(struct ib_device *device)
532 struct pkey_index_qp_list *pkey, *tmp_pkey;
535 for (i = rdma_start_port(device); i <= rdma_end_port(device); i++) {
536 spin_lock(&device->port_pkey_list[i].list_lock);
537 list_for_each_entry_safe(pkey,
539 &device->port_pkey_list[i].pkey_list,
541 list_del(&pkey->pkey_index_list);
544 spin_unlock(&device->port_pkey_list[i].list_lock);
548 int ib_security_modify_qp(struct ib_qp *qp,
549 struct ib_qp_attr *qp_attr,
551 struct ib_udata *udata)
554 struct ib_ports_pkeys *tmp_pps;
555 struct ib_ports_pkeys *new_pps;
556 bool special_qp = (qp->qp_type == IB_QPT_SMI ||
557 qp->qp_type == IB_QPT_GSI ||
558 qp->qp_type >= IB_QPT_RESERVED1);
559 bool pps_change = ((qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) ||
560 (qp_attr_mask & IB_QP_ALT_PATH));
562 if (pps_change && !special_qp) {
563 mutex_lock(&qp->qp_sec->mutex);
564 new_pps = get_new_pps(qp,
568 /* Add this QP to the lists for the new port
569 * and pkey settings before checking for permission
570 * in case there is a concurrent cache update
571 * occurring. Walking the list for a cache change
572 * doesn't acquire the security mutex unless it's
573 * sending the QP to error.
575 ret = port_pkey_list_insert(&new_pps->main);
578 ret = port_pkey_list_insert(&new_pps->alt);
581 ret = check_qp_port_pkey_settings(new_pps,
586 ret = qp->device->modify_qp(qp->real_qp,
591 if (pps_change && !special_qp) {
592 /* Clean up the lists and free the appropriate
593 * ports_pkeys structure.
598 tmp_pps = qp->qp_sec->ports_pkeys;
599 qp->qp_sec->ports_pkeys = new_pps;
603 port_pkey_list_remove(&tmp_pps->main);
604 port_pkey_list_remove(&tmp_pps->alt);
607 mutex_unlock(&qp->qp_sec->mutex);
611 EXPORT_SYMBOL(ib_security_modify_qp);
613 #endif /* CONFIG_SECURITY_INFINIBAND */