| From ben@decadent.org.uk Sun Aug 14 16:54:26 2016 |
| From: Ben Hutchings <ben@decadent.org.uk> |
| Date: Tue, 31 May 2016 03:33:57 +0100 |
| Subject: ipath: Restrict use of the write() interface |
| To: stable@vger.kernel.org |
| Cc: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>, Doug Ledford <dledford@redhat.com>, linux-rdma@vger.kernel.org |
| Message-ID: <20160531023356.GI7555@decadent.org.uk> |
| Content-Disposition: inline |
| |
| From: Ben Hutchings <ben@decadent.org.uk> |
| |
| Commit e6bd18f57aad ("IB/security: Restrict use of the write() |
| interface") fixed a security problem with various write() |
| implementations in the Infiniband subsystem. In older kernel versions |
| the ipath_write() function has the same problem and needs the same |
| restriction. (The ipath driver has been completely removed upstream.) |
| |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/staging/rdma/ipath/ipath_file_ops.c | 5 +++++ |
| 1 file changed, 5 insertions(+) |
| |
| --- a/drivers/staging/rdma/ipath/ipath_file_ops.c |
| +++ b/drivers/staging/rdma/ipath/ipath_file_ops.c |
| @@ -45,6 +45,8 @@ |
| #include <linux/uio.h> |
| #include <asm/pgtable.h> |
| |
| +#include <rdma/ib.h> |
| + |
| #include "ipath_kernel.h" |
| #include "ipath_common.h" |
| #include "ipath_user_sdma.h" |
| @@ -2243,6 +2245,9 @@ static ssize_t ipath_write(struct file * |
| ssize_t ret = 0; |
| void *dest; |
| |
| + if (WARN_ON_ONCE(!ib_safe_file_access(fp))) |
| + return -EACCES; |
| + |
| if (count < sizeof(cmd.type)) { |
| ret = -EINVAL; |
| goto bail; |