]>
Commit | Line | Data |
---|---|---|
59d5af67 | 1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
905722fb FG |
2 | From: Daniel Jurgens <danielj@mellanox.com> |
3 | Date: Mon, 20 Nov 2017 16:47:45 -0600 | |
59d5af67 | 4 | Subject: [PATCH] IB/core: Don't enforce PKey security on SMI MADs |
905722fb FG |
5 | MIME-Version: 1.0 |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | Per the infiniband spec an SMI MAD can have any PKey. Checking the pkey | |
10 | on SMI MADs is not necessary, and it seems that some older adapters | |
11 | using the mthca driver don't follow the convention of using the default | |
12 | PKey, resulting in false denials, or errors querying the PKey cache. | |
13 | ||
14 | SMI MAD security is still enforced, only agents allowed to manage the | |
15 | subnet are able to receive or send SMI MADs. | |
16 | ||
17 | Reported-by: Chris Blake <chrisrblake93@gmail.com> | |
18 | Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams") | |
19 | Signed-off-by: Daniel Jurgens <danielj@mellanox.com> | |
20 | Reviewed-by: Parav Pandit <parav@mellanox.com> | |
21 | Signed-off-by: Leon Romanovsky <leon@kernel.org> | |
22 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
23 | --- | |
24 | drivers/infiniband/core/security.c | 7 +++++-- | |
25 | 1 file changed, 5 insertions(+), 2 deletions(-) | |
26 | ||
27 | diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c | |
28 | index 70ad19c4c73e..8f9fd3b757db 100644 | |
29 | --- a/drivers/infiniband/core/security.c | |
30 | +++ b/drivers/infiniband/core/security.c | |
31 | @@ -692,8 +692,11 @@ int ib_mad_enforce_security(struct ib_mad_agent_private *map, u16 pkey_index) | |
32 | { | |
33 | int ret; | |
34 | ||
35 | - if (map->agent.qp->qp_type == IB_QPT_SMI && !map->agent.smp_allowed) | |
36 | - return -EACCES; | |
37 | + if (map->agent.qp->qp_type == IB_QPT_SMI) { | |
38 | + if (!map->agent.smp_allowed) | |
39 | + return -EACCES; | |
40 | + return 0; | |
41 | + } | |
42 | ||
43 | ret = ib_security_pkey_access(map->agent.device, | |
44 | map->agent.port_num, | |
45 | -- | |
46 | 2.14.2 | |
47 |