// SPDX-License-Identifier: GPL-2.0-only /* * Pkey table * * SELinux must keep a mapping of Infinband PKEYs to labels/SIDs. This * mapping is maintained as part of the normal policy but a fast cache is * needed to reduce the lookup overhead. * * This code is heavily based on the "netif" and "netport" concept originally * developed by * James Morris <[email protected]> and * Paul Moore <[email protected]> * (see security/selinux/netif.c and security/selinux/netport.c for more * information) */ /* * (c) Mellanox Technologies, 2016 */ #include <linux/types.h> #include <linux/rcupdate.h> #include <linux/list.h> #include <linux/spinlock.h> #include "ibpkey.h" #include "objsec.h" #define SEL_PKEY_HASH_SIZE … #define SEL_PKEY_HASH_BKT_LIMIT … struct sel_ib_pkey_bkt { … }; struct sel_ib_pkey { … }; static DEFINE_SPINLOCK(sel_ib_pkey_lock); static struct sel_ib_pkey_bkt sel_ib_pkey_hash[SEL_PKEY_HASH_SIZE]; /** * sel_ib_pkey_hashfn - Hashing function for the pkey table * @pkey: pkey number * * Description: * This is the hashing function for the pkey table, it returns the bucket * number for the given pkey. * */ static unsigned int sel_ib_pkey_hashfn(u16 pkey) { … } /** * sel_ib_pkey_find - Search for a pkey record * @subnet_prefix: subnet_prefix * @pkey_num: pkey_num * * Description: * Search the pkey table and return the matching record. If an entry * can not be found in the table return NULL. * */ static struct sel_ib_pkey *sel_ib_pkey_find(u64 subnet_prefix, u16 pkey_num) { … } /** * sel_ib_pkey_insert - Insert a new pkey into the table * @pkey: the new pkey record * * Description: * Add a new pkey record to the hash table. * */ static void sel_ib_pkey_insert(struct sel_ib_pkey *pkey) { … } /** * sel_ib_pkey_sid_slow - Lookup the SID of a pkey using the policy * @subnet_prefix: subnet prefix * @pkey_num: pkey number * @sid: pkey SID * * Description: * This function determines the SID of a pkey by querying the security * policy. The result is added to the pkey table to speedup future * queries. Returns zero on success, negative values on failure. * */ static int sel_ib_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid) { … } /** * sel_ib_pkey_sid - Lookup the SID of a PKEY * @subnet_prefix: subnet_prefix * @pkey_num: pkey number * @sid: pkey SID * * Description: * This function determines the SID of a PKEY using the fastest method * possible. First the pkey table is queried, but if an entry can't be found * then the policy is queried and the result is added to the table to speedup * future queries. Returns zero on success, negative values on failure. * */ int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *sid) { … } /** * sel_ib_pkey_flush - Flush the entire pkey table * * Description: * Remove all entries from the pkey table * */ void sel_ib_pkey_flush(void) { … } static __init int sel_ib_pkey_init(void) { … } subsys_initcall(sel_ib_pkey_init);
Codebase Browser
linux