drivers/infiniband/core/security.c
Source file repositories/reference/linux-study-clean/drivers/infiniband/core/security.c
File Facts
- System
- Linux kernel
- Corpus path
drivers/infiniband/core/security.c- Extension
.c- Size
- 18424 bytes
- Lines
- 751
- Domain
- Driver Families
- Bucket
- drivers/infiniband
- Inferred role
- Driver Families: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/security.hlinux/completion.hlinux/list.hrdma/ib_verbs.hrdma/ib_cache.hcore_priv.hmad_priv.h
Detected Declarations
function get_pkey_and_subnet_prefixfunction enforce_qp_pkey_securityfunction list_for_each_entryfunction check_qp_port_pkey_settingsfunction qp_to_errorfunction list_for_each_entryfunction check_pkey_qpsfunction list_for_each_entryfunction list_for_each_entry_safefunction port_pkey_list_insertfunction list_for_each_entryfunction port_pkey_list_removefunction destroy_qp_securityfunction ib_open_shared_qp_securityfunction ib_close_shared_qp_securityfunction ib_create_qp_securityfunction rdma_for_each_portfunction ib_destroy_qp_security_beginfunction ib_destroy_qp_security_abortfunction ib_destroy_qp_security_endfunction ib_security_cache_changefunction list_for_each_entryfunction ib_security_release_port_pkey_listfunction rdma_for_each_portfunction ib_security_modify_qpfunction ib_security_pkey_accessfunction ib_mad_agent_security_changefunction ib_mad_agent_security_setupfunction ib_mad_agent_security_cleanupfunction ib_mad_enforce_securityexport ib_create_qp_security
Annotated Snippet
if (tmp_pkey->pkey_index == pp->pkey_index) {
pkey = tmp_pkey;
break;
}
}
spin_unlock(&dev->port_data[pp->port_num].pkey_list_lock);
return pkey;
}
static int get_pkey_and_subnet_prefix(struct ib_port_pkey *pp,
u16 *pkey,
u64 *subnet_prefix)
{
struct ib_device *dev = pp->sec->dev;
int ret;
ret = ib_get_cached_pkey(dev, pp->port_num, pp->pkey_index, pkey);
if (ret)
return ret;
ib_get_cached_subnet_prefix(dev, pp->port_num, subnet_prefix);
return ret;
}
static int enforce_qp_pkey_security(u16 pkey,
u64 subnet_prefix,
struct ib_qp_security *qp_sec)
{
struct ib_qp_security *shared_qp_sec;
int ret;
ret = security_ib_pkey_access(qp_sec->security, subnet_prefix, pkey);
if (ret)
return ret;
list_for_each_entry(shared_qp_sec,
&qp_sec->shared_qp_list,
shared_qp_list) {
ret = security_ib_pkey_access(shared_qp_sec->security,
subnet_prefix,
pkey);
if (ret)
return ret;
}
return 0;
}
/* The caller of this function must hold the QP security
* mutex of the QP of the security structure in *pps.
*
* It takes separate ports_pkeys and security structure
* because in some cases the pps will be for a new settings
* or the pps will be for the real QP and security structure
* will be for a shared QP.
*/
static int check_qp_port_pkey_settings(struct ib_ports_pkeys *pps,
struct ib_qp_security *sec)
{
u64 subnet_prefix;
u16 pkey;
int ret = 0;
if (!pps)
return 0;
if (pps->main.state != IB_PORT_PKEY_NOT_VALID) {
ret = get_pkey_and_subnet_prefix(&pps->main,
&pkey,
&subnet_prefix);
if (ret)
return ret;
ret = enforce_qp_pkey_security(pkey,
subnet_prefix,
sec);
if (ret)
return ret;
}
if (pps->alt.state != IB_PORT_PKEY_NOT_VALID) {
ret = get_pkey_and_subnet_prefix(&pps->alt,
&pkey,
&subnet_prefix);
if (ret)
return ret;
ret = enforce_qp_pkey_security(pkey,
subnet_prefix,
sec);
Annotation
- Immediate include surface: `linux/security.h`, `linux/completion.h`, `linux/list.h`, `rdma/ib_verbs.h`, `rdma/ib_cache.h`, `core_priv.h`, `mad_priv.h`.
- Detected declarations: `function get_pkey_and_subnet_prefix`, `function enforce_qp_pkey_security`, `function list_for_each_entry`, `function check_qp_port_pkey_settings`, `function qp_to_error`, `function list_for_each_entry`, `function check_pkey_qps`, `function list_for_each_entry`, `function list_for_each_entry_safe`, `function port_pkey_list_insert`.
- Atlas domain: Driver Families / drivers/infiniband.
- Implementation status: integration implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.