linux/drivers/infiniband
Jason Gunthorpe e6bd18f57a IB/security: Restrict use of the write() interface
The drivers/infiniband stack uses write() as a replacement for
bi-directional ioctl().  This is not safe. There are ways to
trigger write calls that result in the return structure that
is normally written to user space being shunted off to user
specified kernel memory instead.

For the immediate repair, detect and deny suspicious accesses to
the write API.

For long term, update the user space libraries and the kernel API
to something that doesn't present the same security vulnerabilities
(likely a structured ioctl() interface).

The impacted uAPI interfaces are generally only available if
hardware from drivers/infiniband is installed in the system.

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[ Expanded check to all known write() entry points ]
Cc: stable@vger.kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-04-28 12:03:16 -04:00
..
core IB/security: Restrict use of the write() interface 2016-04-28 12:03:16 -04:00
hw IB/security: Restrict use of the write() interface 2016-04-28 12:03:16 -04:00
sw IB/rdmavt: Fix send scheduling 2016-04-28 12:00:39 -04:00
ulp iser-target: Use ib_drain_qp 2016-03-30 20:05:15 -07:00
Kconfig Merge branches 'i40iw', 'sriov' and 'hfi1' into k.o/for-4.6 2016-03-21 17:32:23 -04:00
Makefile IB/rdmavt: Create module framework and handle driver registration 2016-03-10 20:37:04 -05:00