linux/drivers
Jason Gunthorpe e6bd18f57a IB/security: Restrict use of the write() interface
The drivers/infiniband stack uses write() as a replacement for
bi-directional ioctl().  This is not safe. There are ways to
trigger write calls that result in the return structure that
is normally written to user space being shunted off to user
specified kernel memory instead.

For the immediate repair, detect and deny suspicious accesses to
the write API.

For long term, update the user space libraries and the kernel API
to something that doesn't present the same security vulnerabilities
(likely a structured ioctl() interface).

The impacted uAPI interfaces are generally only available if
hardware from drivers/infiniband is installed in the system.

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[ Expanded check to all known write() entry points ]
Cc: stable@vger.kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-04-28 12:03:16 -04:00
..
accessibility
acpi Merge branch 'acpi-processor' 2016-04-02 01:17:36 +02:00
amba
android
ata Merge branch 'for-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2016-03-18 20:06:46 -07:00
atm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2016-03-17 21:38:27 -07:00
auxdisplay
base Power management and ACPI material for v4.6-rc1, part 2 2016-03-24 22:59:58 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2016-03-26 15:53:16 -07:00
bluetooth
bus arm[64] perf updates for 4.6: 2016-03-21 13:14:16 -07:00
cdrom
char Revert "ppdev: use new parport device model" 2016-03-25 09:02:13 -07:00
clk clk: qcom: ipq4019: add some fixed clocks for ddrppl and fepll 2016-03-29 16:31:16 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-03-24 10:32:42 -07:00
connector
cpufreq Power management and ACPI material for v4.6-rc1, part 2 2016-03-24 22:59:58 -07:00
cpuidle cpuidle: menu: Fall back to polling if next timer event is near 2016-03-21 15:50:28 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-03-23 06:12:39 -07:00
dca
devfreq PM / devfreq: Spelling s/frequnecy/frequency/ 2016-03-17 02:30:16 +01:00
dio
dma asm-generic changes for 4.6 2016-03-24 23:13:48 -07:00
dma-buf dma-buf: Update docs for SYNC ioctl 2016-03-21 09:26:45 +01:00
edac EDAC queue for 4.6 2016-03-16 08:36:55 -07:00
eisa
extcon
firewire IEEE 1394 subsystem patch: 2016-03-25 08:52:25 -07:00
firmware kernel: add kcov code coverage 2016-03-22 15:36:02 -07:00
fmc
fpga
gpio gpio: xgene: Prevent NULL pointer dereference 2016-03-30 10:39:39 +02:00
gpu drm/udl: Use unlocked gem unreferencing 2016-04-01 13:22:33 +10:00
hid drivers/hid/uhid.c: check write() bitness using in_compat_syscall 2016-03-22 15:36:02 -07:00
hsi
hv Char/Misc patches for 4.6-rc1 2016-03-17 13:47:50 -07:00
hwmon hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated 2016-03-27 10:37:48 -07:00
hwspinlock
hwtracing
i2c Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-03-22 12:47:40 -07:00
ide ide: palm_bk3710: test clock rate to avoid division by 0 2016-03-20 16:59:27 -04:00
idle intel_idle: Support for Intel Xeon Phi Processor x200 Product Family 2016-03-23 16:19:38 -04:00
iio - New Drivers 2016-03-18 10:15:11 -07:00
infiniband IB/security: Restrict use of the write() interface 2016-04-28 12:03:16 -04:00
input Merge branch 'akpm' (patches from Andrew) 2016-03-25 16:59:11 -07:00
iommu IOMMU Updates for Linux v4.6 2016-03-22 11:57:43 -07:00
ipack
irqchip irqchip/mbigen: Make CONFIG_HISILICON_IRQ_MBIGEN a hidden option 2016-03-23 12:02:29 +01:00
isdn Drivers: isdn: hisax: isac.c: Fix assignment and check into one expression. 2016-03-27 22:38:12 -04:00
leds platform-drivers-x86 for 4.6-1 2016-03-23 17:20:59 -07:00
lguest
lightnvm lightnvm: do not load L2P table if not supported 2016-03-18 18:10:38 -07:00
macintosh
mailbox Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration 2016-03-23 06:09:15 -07:00
mcb
md Merge tag 'md/4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2016-03-21 14:18:10 -07:00
media v4l2-mc: avoid warning about unused variable 2016-04-03 07:03:49 -05:00
memory MTD updates for v4.6 2016-03-24 19:57:15 -07:00
memstick drivers/memstick/host/r592.c: avoid gcc-6 warning 2016-03-25 16:37:42 -07:00
message
mfd - New Drivers 2016-03-18 10:15:11 -07:00
misc Merge branch 'mm-pkeys-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-03-20 19:08:56 -07:00
mmc MMC core: 2016-03-21 14:35:52 -07:00
mtd MTD updates for v4.6 2016-03-24 19:57:15 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-01 20:03:33 -05:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
ntb NTB: Remove _addr functions from ntb_hw_amd 2016-03-26 11:44:33 -04:00
nubus
nvdimm x86, pmem: use memcpy_mcsafe() for memcpy_from_pmem() 2016-03-28 17:19:31 -07:00
nvme nvme: avoid cqe corruption when update at the same time as read 2016-03-22 10:27:29 -06:00
nvmem
of DeviceTree updates for 4.6: 2016-03-19 15:15:07 -07:00
oprofile
parisc PCI changes for the v4.6 merge window: 2016-03-16 14:45:55 -07:00
parport
pci Revert "PCI: dra7xx: Mark driver as broken" 2016-03-22 07:50:11 -05:00
pcmcia
perf drivers/perf: arm_pmu: avoid NULL dereference when not using devicetree 2016-03-21 11:36:17 +00:00
phy
pinctrl Merge branch 'akpm' (patches from Andrew) 2016-03-18 19:26:54 -07:00
platform Convert straggling drivers to new six-argument get_user_pages() 2016-04-02 18:35:05 -05:00
pnp
power Power management and ACPI material for v4.6-rc1, part 2 2016-03-25 16:55:37 -07:00
powercap
pps
ps3
ptp Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-03-15 12:13:56 -07:00
pwm pwm: omap-dmtimer: Add debug message for effective period and duty cycle 2016-03-23 17:11:48 +01:00
rapidio Convert straggling drivers to new six-argument get_user_pages() 2016-04-02 18:35:05 -05:00
ras
regulator - New Drivers 2016-03-18 10:15:11 -07:00
remoteproc remoteproc: st: fix check of syscon_regmap_lookup_by_phandle() return value 2016-03-28 16:19:00 -07:00
reset
rpmsg
rtc RTC for 4.6 #2 2016-03-24 22:49:08 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2016-04-01 07:15:54 -05:00
sbus
scsi SCSI misc on 20160326 2016-03-26 11:31:01 -07:00
sfi
sh
sn
soc ARM: SoC driver updates for v4.6 2016-03-20 15:40:32 -07:00
spi dmaengine updates for 4.6 2016-03-17 12:34:54 -07:00
spmi
ssb
staging IB/security: Restrict use of the write() interface 2016-04-28 12:03:16 -04:00
target target: add a new add_wwn_groups fabrics method 2016-03-30 20:06:44 -07:00
tc
thermal Thermal: Ignore invalid trip points 2016-03-18 14:10:57 +08:00
thunderbolt
tty xen: features and fixes for 4.6-rc0 2016-03-22 12:55:17 -07:00
uio
usb The clk changes for this release cycle are mostly dominated by 2016-03-23 06:06:45 -07:00
uwb
vfio VFIO updates for v4.6-rc1 2016-03-17 13:05:09 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2016-03-22 12:41:14 -07:00
video The clk changes for this release cycle are mostly dominated by 2016-03-23 06:06:45 -07:00
virt
virtio virtio/vhost: new features, performance improvements, cleanups 2016-03-20 13:28:18 -07:00
vlynq
vme
w1
watchdog hpwdt: use nmi_panic() when kernel panics in NMI handler 2016-03-22 15:36:02 -07:00
xen xen: features and fixes for 4.6-rc0 2016-03-22 12:55:17 -07:00
zorro
Kconfig
Makefile