[PATCH v2 08/22] staging/rdma/hfi1: close shared context security hole
ira.weiny at intel.com
ira.weiny at intel.com
Tue Oct 20 02:11:23 UTC 2015
From: Jareer Abdel-Qader <jareer.h.abdel-qader at intel.com>
Driver does not verify userid for shared context assignments, allowing
malicious user access.
Reviewed by: Mike Marciniszyn <mike.marciniszyn at intel.com>
Signed-off-by: Jareer H Abdel-Qader <jareer.h.abdel-qader at intel.com>
Signed-off-by: Ira Weiny <ira.weiny at intel.com>
---
drivers/staging/rdma/hfi1/file_ops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/staging/rdma/hfi1/file_ops.c b/drivers/staging/rdma/hfi1/file_ops.c
index 7d2868050981..3c9cae6f64a3 100644
--- a/drivers/staging/rdma/hfi1/file_ops.c
+++ b/drivers/staging/rdma/hfi1/file_ops.c
@@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp,
/* Skip ctxt if it doesn't match the requested one */
if (memcmp(uctxt->uuid, uinfo->uuid,
sizeof(uctxt->uuid)) ||
+ uctxt->jkey != generate_jkey(current_uid()) ||
uctxt->subctxt_id != uinfo->subctxt_id ||
uctxt->subctxt_cnt != uinfo->subctxt_cnt)
continue;
--
1.8.2
More information about the devel
mailing list