AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

staging/rdma/hfi1: close shared context security hole

Browse Source 
Driver does not verify userid for shared context assignments, allowing
malicious user access.

Reviewed by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Jareer H Abdel-Qader <jareer.h.abdel-qader@intel.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Jareer Abdel-Qader 2015-10-26 10:28:33 -04:00 committed by Greg Kroah-Hartman
parent f4d26d81ad
commit 07839049db
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/staging/rdma/hfi1/file_ops.c
View File

@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp,
/* Skip ctxt if it doesn't match the requested one */
if (memcmp(uctxt->uuid, uinfo->uuid,
sizeof(uctxt->uuid)) ||
uctxt->jkey != generate_jkey(current_uid()) ||
uctxt->subctxt_id != uinfo->subctxt_id ||
uctxt->subctxt_cnt != uinfo->subctxt_cnt)
continue;