From patchwork Thu Jun 23 19:52:57 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Jurgens <danielj@mellanox.com>
X-Patchwork-Id: 9195995
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	517FC6077D for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 23 Jun 2016 20:35:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3DE3B2846E
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 23 Jun 2016 20:35:05 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 30B2C28473; Thu, 23 Jun 2016 20:35:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5766D2846E
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 23 Jun 2016 20:35:04 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.26,518,1459814400"; d="scan'208";a="17161451"
IronPort-PHdr: =?us-ascii?q?9a23=3AJ5/MSBwGC5npyhXXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0O0eIJqq85mqBkHD//Il1AaPBtSDraobwLKL+4nbGkU4qa6bt34DdJEeHzQksu?=
	=?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2WVTerzWI4CIIHV2nbEwu?=
	=?us-ascii?q?d7yzQtGZ15n//tvx0qWbWx9Piju5bOE6BzSNhiKViPMrh5B/IL060BrDrygAUe?=
	=?us-ascii?q?1XwWR1OQDbxE6ktY+N5porzwB887JkrpYBAu3GePEzTaZZFysOKGco/4jwsh2F?=
	=?us-ascii?q?ShGAojMEW3gSugJBHgyA6Rb9RJq3uSz/8qJm1DKyIdz9TbdyXy+rqahsVlughT?=
	=?us-ascii?q?8OLT8i2HnekM1rlKZSqx/noAZwh8bYZIyZOv1kcovHcN8aTHYHVcFUE2RaD4q6?=
	=?us-ascii?q?KYsCAfYQFedes4T54VAJqF/2BQCoQvno0TJOnWPx1q4S3OEoEAWA1wslTPwUt3?=
	=?us-ascii?q?GBgNzzfIUPS++4yrKAmTnKafJb3TXV7YXMdhknpuHKVrV1J5mCgXIzHh/I2w3D?=
	=?us-ascii?q?4bfuOCmYg6FU62U=3D?=
X-IPAS-Result: =?us-ascii?q?A2HcBACo7GpX/wHyM5BeHAEBgyCBU7wnH4cyTAEBAQEBAQI?=
	=?us-ascii?q?CYieCMoIbAgQBAiQTFCALAwMJAQEXCCEICAMBLRURBwcLBRgEiA8ExREBCwEkj?=
	=?us-ascii?q?wQCEQGFdwWNeHCKFY4viVuFRo98VIIIHIFPa4ktDxeBHgEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 23 Jun 2016 20:35:01 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5NKYxTw008492;
	Thu, 23 Jun 2016 16:35:00 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u5NKDbK6212837 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Thu, 23 Jun 2016 16:13:37 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5NKDa70006283
	for <selinux@tycho.nsa.gov>; Thu, 23 Jun 2016 16:13:37 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1AnBQB7QmxX/4GlL8FdHQGDIIFTuCuECYYYAoEwTAEBAQEBAWYnhE0CBCdSEBgIMVcHEog0xzYBAQgnjwSGCwWNeXCKFo4ziVyFRo9+VIIIHIFPOTKIPIFEAQEB
X-IPAS-Result: 
 A1AnBQB7QmxX/4GlL8FdHQGDIIFTuCuECYYYAoEwTAEBAQEBAWYnhE0CBCdSEBgIMVcHEog0xzYBAQgnjwSGCwWNeXCKFo4ziVyFRo9+VIIIHIFPOTKIPIFEAQEB
X-IronPort-AV: E=Sophos;i="5.26,518,1459828800"; d="scan'208";a="5538233"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 23 Jun 2016 16:13:00 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3Adfwc9hKQYgZfOduJg9mcpTZWNBhigK39O0sv0rFi?=
	=?us-ascii?q?tYgVIvnxwZ3uMQTl6Ol3ixeRBMOAuqoC07Wd6/2ocFdDyK7JiGoFfp1IWk1Nou?=
	=?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXsq3G/pQQfBg/4fVIs?=
	=?us-ascii?q?YL+kQsiK0I/viqibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKK?=
	=?us-ascii?q?x8zGJsIk+PzV6nvp/jtLYqySlbuuog+shcSu26Ov1gFf0LRAghZms1/szwqjHY?=
	=?us-ascii?q?ShaUo2AbViMRiBUMSxDM8RXSRp7stm7/se1n1W+ROsiyBas4Qhy+/qxrT1nuky?=
	=?us-ascii?q?5BODkntCnaksVqjblzuBu7pgdnx4ffbceSLvU6Nq/ZcN8UQnBNdtxcWyxIHsW3?=
	=?us-ascii?q?aI5LR/EMNOAer4Tzu0omrB2iCA3qD+TqjndIj3uwx6oh3uI6DQbN3yQvGtsPtD?=
	=?us-ascii?q?Lfq9CmGr0VVLWZxa+A7yjZYP5Qwn+p5IHOcx0lo9mJULZ0eMzW2Q8kEAaT3QbY?=
	=?us-ascii?q?kpDsIz7AjrdFiGOc9ec1ELv302M=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0H/BAApQmxX/4GlL8FdHQGDIIFTuCuEC?=
	=?us-ascii?q?YYYAoEwTAEBAQEBAQICYieCMoIbAgQnUhAYCDFXBxKINMc1AQEIJ48EhgsFjXl?=
	=?us-ascii?q?wihaOM4lchUaPflSCCByBTzkyiDyBRAEBAQ?=
X-IPAS-Result: =?us-ascii?q?A0H/BAApQmxX/4GlL8FdHQGDIIFTuCuECYYYAoEwTAEBAQE?=
	=?us-ascii?q?BAQICYieCMoIbAgQnUhAYCDFXBxKINMc1AQEIJ48EhgsFjXlwihaOM4lchUaPf?=
	=?us-ascii?q?lSCCByBTzkyiDyBRAEBAQ?=
X-IronPort-AV: E=Sophos;i="5.26,518,1459814400"; d="scan'208";a="14966879"
Received: from unknown (HELO mellanox.co.il) ([193.47.165.129])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Jun 2016 20:12:59 +0000
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
	danielj@mellanox.com)
	with ESMTPS (AES256-SHA encrypted); 23 Jun 2016 22:53:53 +0300
Received: from x-vnc01.mtx.labs.mlnx (x-vnc01.mtx.labs.mlnx [10.12.150.16])
	by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id u5NJr2DK029223;
	Thu, 23 Jun 2016 22:53:50 +0300
From: Dan Jurgens <danielj@mellanox.com>
To: chrisw@sous-sol.org, paul@paul-moore.com, sds@tycho.nsa.gov,
	eparis@parisplace.org, dledford@redhat.com, sean.hefty@intel.com,
	hal.rosenstock@gmail.com
Subject: [PATCH 11/12] IB/core: Enforce Infiniband device SMI security
Date: Thu, 23 Jun 2016 22:52:57 +0300
Message-Id: <1466711578-64398-12-git-send-email-danielj@mellanox.com>
X-Mailer: git-send-email 1.7.1
In-Reply-To: <1466711578-64398-1-git-send-email-danielj@mellanox.com>
References: <1466711578-64398-1-git-send-email-danielj@mellanox.com>
X-Mailman-Approved-At: Thu, 23 Jun 2016 16:32:42 -0400
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: linux-rdma@vger.kernel.org, linux-security-module@vger.kernel.org,
	selinux@tycho.nsa.gov
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Daniel Jurgens <danielj@mellanox.com>

During MAD and snoop agent registration for SMI QPs check that the
calling process has permission to access the SMI.

When sending and receiving MADs check that the agent has access to the
SMI if it's on an SMI QP.  Because security policy can change it's
possible permission was allowed when creating the agent, but no longer
is.

Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Reviewed-by: Eli Cohen <eli@mellanox.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
---
 drivers/infiniband/core/mad.c | 44 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c
index 975b472..684dcac 100644
--- a/drivers/infiniband/core/mad.c
+++ b/drivers/infiniband/core/mad.c
@@ -345,6 +345,16 @@ struct ib_mad_agent *ib_register_mad_agent(struct ib_device *device,
 		goto error3;
 	}
 
+	if (qp_type == IB_QPT_SMI) {
+		ret2 = security_ib_end_port_smp(device->name,
+						port_num,
+						&mad_agent_priv->agent);
+		if (ret2) {
+			ret = ERR_PTR(ret2);
+			goto error4;
+		}
+	}
+
 	if (mad_reg_req) {
 		reg_req = kmemdup(mad_reg_req, sizeof *reg_req, GFP_KERNEL);
 		if (!reg_req) {
@@ -531,6 +541,17 @@ struct ib_mad_agent *ib_register_mad_snoop(struct ib_device *device,
 		goto error2;
 	}
 
+	if (qp_type == IB_QPT_SMI) {
+		err = security_ib_end_port_smp(device->name,
+					       port_num,
+					       &mad_snoop_priv->agent);
+
+		if (err) {
+			ret = ERR_PTR(err);
+			goto error3;
+		}
+	}
+
 	/* Now, fill in the various structures */
 	mad_snoop_priv->qp_info = &port_priv->qp_info[qpn];
 	mad_snoop_priv->agent.device = device;
@@ -1244,6 +1265,7 @@ int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
 
 	/* Walk list of send WRs and post each on send list */
 	for (; send_buf; send_buf = next_send_buf) {
+		int err = 0;
 
 		mad_send_wr = container_of(send_buf,
 					   struct ib_mad_send_wr_private,
@@ -1251,6 +1273,17 @@ int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
 		mad_agent_priv = mad_send_wr->mad_agent_priv;
 		pkey_index = mad_send_wr->send_wr.pkey_index;
 
+		if (mad_agent_priv->agent.qp->qp_type == IB_QPT_SMI)
+			err = security_ib_end_port_smp(
+					mad_agent_priv->agent.device->name,
+					mad_agent_priv->agent.port_num,
+					&mad_agent_priv->agent);
+
+		if (err) {
+			ret = err;
+			goto error;
+		}
+
 		ret = ib_security_ma_pkey_access(mad_agent_priv->agent.device,
 						 mad_agent_priv->agent.port_num,
 						 pkey_index,
@@ -1992,7 +2025,16 @@ static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv,
 	struct ib_mad_send_wr_private *mad_send_wr;
 	struct ib_mad_send_wc mad_send_wc;
 	unsigned long flags;
-	int ret;
+	int ret = 0;
+
+	if (mad_agent_priv->agent.qp->qp_type == IB_QPT_SMI)
+		ret = security_ib_end_port_smp(
+					mad_agent_priv->agent.device->name,
+					mad_agent_priv->agent.port_num,
+					&mad_agent_priv->agent);
+
+	if (ret)
+		goto security_error;
 
 	ret = ib_security_ma_pkey_access(mad_agent_priv->agent.device,
 					 mad_agent_priv->agent.port_num,