AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
60e6627f12
linux_dsm_epyc7002/drivers/infiniband/hw
History
Jann Horn 60e6627f12 IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers 
In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

In this case, the affected files are in debugfs (and should therefore only
be accessible to root), and the read handlers check that *pos is zero
(meaning that at least sys_splice() can't trigger kernel memory
corruption). Because of the root requirement, this is not a security fix,
but rather a cleanup.

For the read handlers, fix it by using simple_read_from_buffer() instead
of custom logic. Add min() calls to the write handlers.

Fixes: 4a2da0b8c0 ("IB/mlx5: Add debug control parameters for congestion control")
Fixes: e126ba97db ("mlx5: Add driver for Mellanox Connect-IB adapters")
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2018-07-09 13:15:12 -06:00
..
bnxt_re RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c 2018-07-04 12:06:26 -06:00
cxgb3 RDMA/cxgb3: Make iwch_poll_cq_one() easier to analyze 2018-07-09 12:55:28 -06:00
cxgb4 RDMA/cxgb4: Make c4iw_poll_cq_one() easier to analyze 2018-07-09 13:07:23 -06:00
hfi1 IB/hfi1: Remove incorrect call to do_interrupt callback 2018-07-03 14:29:12 -06:00
hns IB/mlx5: Remove set-but-not-used variables 2018-07-03 14:14:21 -06:00
i40iw RDMA/i40w: Hold read semaphore while looking after VMA 2018-07-04 11:51:06 -06:00
mlx4 IB/mlx4: Test port number before querying type. 2018-07-04 11:48:27 -06:00
mlx5 IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers 2018-07-09 13:15:12 -06:00
mthca IB/core: add max_send_sge and max_recv_sge attributes 2018-06-18 13:17:28 -06:00
nes IB/nes: Fix a compiler warning 2018-07-09 12:11:22 -06:00
ocrdma RDMA/ocrdma: Remove a set-but-not-used variable 2018-07-09 12:11:22 -06:00
qedr IB/core: add max_send_sge and max_recv_sge attributes 2018-06-18 13:17:28 -06:00
qib IB/core: add max_send_sge and max_recv_sge attributes 2018-06-18 13:17:28 -06:00
usnic IB/usnic: Update with bug fixes from core code 2018-06-25 14:38:28 -06:00
vmw_pvrdma vmw_pvrdma: Release netdev when vmxnet3 module is removed 2018-07-03 15:52:31 -06:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00