git.openfabrics.org - ~aditr/compat-rdma.git/commit

author	Vladimir Sokolovsky <vlad@mellanox.com>
	Sun, 15 May 2016 06:15:09 +0000 (09:15 +0300)
committer	Vladimir Sokolovsky <vlad@mellanox.com>
	Sun, 15 May 2016 06:15:09 +0000 (09:15 +0300)
commit	0f85f68471b29fbd1544e1664a4b8e12e52dd318
tree	057b0954ce38bfd8139fa88d1b789f4a52aa459d	tree \| snapshot
parent	a760ba69d54f946d6ba143803827cf4eb18bd642	commit \| diff

IB/security: Restrict use of the write() interface

The drivers/infiniband stack uses write() as a replacement for
bi-directional ioctl(). This is not safe. There are ways to
trigger write calls that result in the return structure that
is normally written to user space being shunted off to user
specified kernel memory instead.

For the immediate repair, detect and deny suspicious accesses to
the write API.

For long term, update the user space libraries and the kernel API
to something that doesn't present the same security vulnerabilities
(likely a structured ioctl() interface).

The impacted uAPI interfaces are generally only available if
hardware from drivers/infiniband is installed in the system.

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[ Expanded check to all known write() entry points ]
Cc: stable@vger.kernel.org
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Vladimir Sokolovsky <vlad@mellanox.com>