On Wed, Nov 29, 2017 at 08:10:39PM +0200, Dan Jurgens wrote:
From: Daniel Jurgens danielj@mellanox.com
For now the only LSM security enforcement mechanism available is specific to InfiniBand. Bypass enforcement for non-IB link types. This fixes a regression where modify_qp fails for iWARP because querying the PKEY returns -EINVAL.
Cc: Paul Moore paul@paul-moore.com Cc: Don Dutile ddutile@redhat.com Cc: stable@vger.kernel.org Reported-by: Potnuri Bharat Teja bharat@chelsio.com Fixes: d291f1a65232("IB/core: Enforce PKey security on QPs") Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams") Signed-off-by: Daniel Jurgens danielj@mellanox.com Reviewed-by: Parav Pandit parav@mellanox.com Tested-by: Potnuri Bharat Teja bharat@chelsio.com Signed-off-by: Leon Romanovsky leon@kernel.org Changelog: v3->v4: Unlock in error flow v2->v3: Fix build warning v1->v2: Fixed build errors v0->v1: Added proper SElinux patch drivers/infiniband/core/security.c | 50 +++++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 4 deletions(-)
Applied to for-rc, thanks