From patchwork Fri May 13 15:52:26 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Christoph Lameter (Ampere)" <cl@linux.com>
X-Patchwork-Id: 9092281
Return-Path: <linux-rdma-owner@kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 6A3EDBF29F
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Fri, 13 May 2016 15:52:32 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 9238D20219
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Fri, 13 May 2016 15:52:31 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 84B6F2020F
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Fri, 13 May 2016 15:52:30 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752387AbcEMPw3 (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Fri, 13 May 2016 11:52:29 -0400
Received: from resqmta-po-04v.sys.comcast.net ([96.114.154.163]:59615 "EHLO
	resqmta-po-04v.sys.comcast.net" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1752088AbcEMPw3 (ORCPT
	<rfc822;linux-rdma@vger.kernel.org>);
	Fri, 13 May 2016 11:52:29 -0400
Received: from resomta-po-08v.sys.comcast.net ([96.114.154.232])
	by comcast with SMTP
	id 1FO7bWfd3IY3M1FO7bvWqE; Fri, 13 May 2016 15:52:27 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
	s=q20140121; t=1463154747;
	bh=VWNSbrN3pbWVsNM1ifLFs1jyIrzt+4CXJ0JWSmYMpAA=;
	h=Received:Received:Received:Received:Date:From:To:Subject:
	Message-ID:Content-Type;
	b=jvQhaSp4QcYPTVZvNbXajigTfXebttRKCCTB4Kv1iDmSTk/hPdEGXKT8nHUzxoDmP
	s4dXVyTVCWIQ40pibap4WjS5JleVDFhYrldX5Z5EWhtWzE/W5obweb/oKFaboiSh1j
	iMO83Wv72wI9kNqYUjk+nZlJP1k1htSAi4Fc4jfE2EtCljc7PoXgW85cFGn4mQbTpL
	D2pJDFpKwBVW7IxX6MfJL3Qi9sSBl1LT3OcKY90DA3Ib8hHYP023ok14NFyaJbPpMT
	Pho7sEcxtS5y0LVm2mRhsogYMw9iV6UNWEV/hehwfSVGom/ttlkY+ORPzClMms9sBy
	NkGLA2CDGu5Ag==
Received: from gentwo.org ([98.222.162.64])
	by resomta-po-08v.sys.comcast.net with comcast
	id trsS1s00F1PgSZ601rsSkF; Fri, 13 May 2016 15:52:27 +0000
Received: by gentwo.org (Postfix, from userid 1001)
	id 53A6F23B85; Fri, 13 May 2016 10:52:26 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
	by gentwo.org (Postfix) with ESMTP id 517A315081;
	Fri, 13 May 2016 10:52:26 -0500 (CDT)
Date: Fri, 13 May 2016 10:52:26 -0500 (CDT)
From: Christoph Lameter <cl@linux.com>
X-X-Sender: cl@east.gentwo.org
To: Doug Ledford <dledford@redhat.com>
cc: linux-rdma@vger.kernel.org, matanb@mellanox.com,
	marinav@mellanox.com, hadarh@mellanox.com, leonro@mellanox.com
Subject: Re: [PATCH] IB/core: Do not require CAP_NET_ADMIN for flow steering
In-Reply-To: <alpine.DEB.2.20.1605131020320.13832@east.gentwo.org>
Message-ID: <alpine.DEB.2.20.1605131051170.27372@east.gentwo.org>
References: <alpine.DEB.2.20.1605131020320.13832@east.gentwo.org>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Spam-Status: No, score=-8.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Sorry slight mistake in the original patch. V2 follows



Subject: [PATCH] IB/core: Do not require CAP_NET_ADMIN for sniffing V2

Having to enable CAP_NET_ADMIN for every app that uses sniffer mode is kind
of risky. We do not want people to have the ability to mess around with the
network configuration and routing. We just want the app to direct streams and
deal with inbound data streams in various ways.

So lets drop the requirement for CAP_NET_ADMIN and keep just CAP_NET_RAW.

V1->V2
- Check for CAP_NET_ADMIN was conditional on IB_FLOW_ATTR_SNIFFER. We need
	to remove this in the correct way.
- Update description


Signed-off-by: Christoph Lameter <cl@linux.com>
---
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Index: linux/drivers/infiniband/core/uverbs_cmd.c
===================================================================
--- linux.orig/drivers/infiniband/core/uverbs_cmd.c	2016-03-24 09:16:27.782778586 -0500
+++ linux/drivers/infiniband/core/uverbs_cmd.c	2016-05-13 10:49:28.953000945 -0500
@@ -3088,8 +3088,7 @@ int ib_uverbs_ex_create_flow(struct ib_u
 	if (cmd.comp_mask)
 		return -EINVAL;

-	if ((cmd.flow_attr.type == IB_FLOW_ATTR_SNIFFER &&
-	     !capable(CAP_NET_ADMIN)) || !capable(CAP_NET_RAW))
+	if (!capable(CAP_NET_RAW))
 		return -EPERM;

 	if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED)