linux-stable/drivers/infiniband/hw
Jason Gunthorpe e6bd18f57a IB/security: Restrict use of the write() interface
The drivers/infiniband stack uses write() as a replacement for
bi-directional ioctl().  This is not safe. There are ways to
trigger write calls that result in the return structure that
is normally written to user space being shunted off to user
specified kernel memory instead.

For the immediate repair, detect and deny suspicious accesses to
the write API.

For long term, update the user space libraries and the kernel API
to something that doesn't present the same security vulnerabilities
(likely a structured ioctl() interface).

The impacted uAPI interfaces are generally only available if
hardware from drivers/infiniband is installed in the system.

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[ Expanded check to all known write() entry points ]
Cc: stable@vger.kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-04-28 12:03:16 -04:00
..
cxgb3 iw_cxgb3: initialize ibdev.iwcm->ifname for port mapping 2016-04-26 12:46:54 -04:00
cxgb4 RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips 2016-04-26 12:47:09 -04:00
i40iw i40iw: avoid potential uninitialized variable use 2016-04-06 10:37:16 -04:00
mlx4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mlx5 IB/mlx5: Expose correct max_sge_rd limit 2016-04-28 10:49:17 -04:00
mthca mm/gup: Switch all callers of get_user_pages() to not pass tsk/mm 2016-02-16 10:11:12 +01:00
nes Merge branches 'nes', 'cxgb4' and 'iwpm' into k.o/for-4.6 2016-03-16 13:57:43 -04:00
ocrdma IB/ocrdma: Skip using unneeded intermediate variable 2016-03-03 13:33:22 -05:00
qib IB/security: Restrict use of the write() interface 2016-04-28 12:03:16 -04:00
usnic Merge branch 'mm-pkeys-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-03-20 19:08:56 -07:00
Makefile i40iw: changes for build of i40iw module 2016-03-16 13:50:54 -04:00