tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

RDMA/core: Configure selinux QP during creation

All QP creation flows called ib_create_qp_security(), but differently.
This caused to the need to provide exclusion conditions for the XRC_TGT,
because such QP already had selinux configuration call.

In order to fix it, move ib_create_qp_security() to the general QP
creation routine.

Link: https://lore.kernel.org/r/4d7cd6f5828aca37fb62283e6b126b73ab86b18c.1628014762.git.leonro@nvidia.com
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

authored by

Leon Romanovsky and committed by
Jason Gunthorpe 00a79d6b 8da9fe4e

+7 -17
-7
drivers/infiniband/core/uverbs_cmd.c
··· 1447 1447 } 1448 1448 1449 1449 if (cmd->qp_type != IB_QPT_XRC_TGT) { 1450 - ret = ib_create_qp_security(qp, device); 1451 - if (ret) 1452 - goto err_cb; 1453 - 1454 1450 atomic_inc(&pd->usecnt); 1455 1451 if (attr.send_cq) 1456 1452 atomic_inc(&attr.send_cq->usecnt); ··· 1497 1501 resp.base.max_inline_data = attr.cap.max_inline_data; 1498 1502 resp.response_length = uverbs_response_length(attrs, sizeof(resp)); 1499 1503 return uverbs_response(attrs, &resp, sizeof(resp)); 1500 - 1501 - err_cb: 1502 - ib_destroy_qp_user(qp, uverbs_get_cleared_udata(attrs)); 1503 1504 1504 1505 err_put: 1505 1506 if (!IS_ERR(xrcd_uobj))
-6
drivers/infiniband/core/uverbs_std_types_qp.c
··· 280 280 obj->uevent.uobject.object = qp; 281 281 uverbs_finalize_uobj_create(attrs, UVERBS_ATTR_CREATE_QP_HANDLE); 282 282 283 - if (attr.qp_type != IB_QPT_XRC_TGT) { 284 - ret = ib_create_qp_security(qp, device); 285 - if (ret) 286 - return ret; 287 - } 288 - 289 283 set_caps(&attr, &cap, false); 290 284 ret = uverbs_copy_to_struct_or_zero(attrs, 291 285 UVERBS_ATTR_CREATE_QP_RESP_CAP, &cap,
+7 -4
drivers/infiniband/core/verbs.c
··· 1216 1216 struct ib_udata *udata, struct ib_uqp_object *uobj, 1217 1217 const char *caller) 1218 1218 { 1219 + struct ib_udata dummy = {}; 1219 1220 struct ib_qp *qp; 1220 1221 int ret; 1221 1222 ··· 1257 1256 qp->send_cq = attr->send_cq; 1258 1257 qp->recv_cq = attr->recv_cq; 1259 1258 1259 + ret = ib_create_qp_security(qp, dev); 1260 + if (ret) 1261 + goto err_security; 1262 + 1260 1263 rdma_restrack_add(&qp->res); 1261 1264 return qp; 1262 1265 1266 + err_security: 1267 + qp->device->ops.destroy_qp(qp, udata ? &dummy : NULL); 1263 1268 err_create: 1264 1269 rdma_restrack_put(&qp->res); 1265 1270 kfree(qp); ··· 1294 1287 qp = _ib_create_qp(device, pd, qp_init_attr, NULL, NULL, caller); 1295 1288 if (IS_ERR(qp)) 1296 1289 return qp; 1297 - 1298 - ret = ib_create_qp_security(qp, device); 1299 - if (ret) 1300 - goto err; 1301 1290 1302 1291 if (qp_init_attr->qp_type == IB_QPT_XRC_TGT) { 1303 1292 struct ib_qp *xrc_qp =