From: Chiara Meiohas fwctl is subsystem which exposes a firmware interface directly to userspace: it allows userspace to send device specific command buffers to firmware. fwctl is focused on debugging, configuration and provisioning of the device. Call bpf_lsm_fw_validate_cmd() before dispatching the user-provided firmware command. This allows BPF programs to implement custom policies and enforce per-command security policy on user-triggered firmware commands. For example, a BPF program could filter firmware commands based on their opcode. Signed-off-by: Chiara Meiohas Reviewed-by: Maher Sanalla Reviewed-by: Jonathan Cameron Reviewed-by: Dave Jiang Signed-off-by: Leon Romanovsky --- drivers/fwctl/mlx5/main.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/fwctl/mlx5/main.c b/drivers/fwctl/mlx5/main.c index e86ab703c767a..c49dfa1d172d9 100644 --- a/drivers/fwctl/mlx5/main.c +++ b/drivers/fwctl/mlx5/main.c @@ -7,6 +7,7 @@ #include #include #include +#include #define mlx5ctl_err(mcdev, format, ...) \ dev_err(&mcdev->fwctl.dev, format, ##__VA_ARGS__) @@ -324,6 +325,15 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope, if (!mlx5ctl_validate_rpc(rpc_in, scope)) return ERR_PTR(-EBADMSG); + /* Enforce the user context for the command */ + MLX5_SET(mbox_in_hdr, rpc_in, uid, mfd->uctx_uid); + + ret = bpf_lsm_fw_validate_cmd(rpc_in, in_len, &mcdev->fwctl.dev, + FW_CMD_CLASS_FWCTL, + FWCTL_DEVICE_TYPE_MLX5); + if (ret) + return ERR_PTR(ret); + /* * mlx5_cmd_do() copies the input message to its own buffer before * executing it, so we can reuse the allocation for the output. @@ -336,8 +346,6 @@ static void *mlx5ctl_fw_rpc(struct fwctl_uctx *uctx, enum fwctl_rpc_scope scope, return ERR_PTR(-ENOMEM); } - /* Enforce the user context for the command */ - MLX5_SET(mbox_in_hdr, rpc_in, uid, mfd->uctx_uid); ret = mlx5_cmd_do(mcdev->mdev, rpc_in, in_len, rpc_out, *out_len); mlx5ctl_dbg(mcdev, -- 2.53.0