mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-28 11:18:45 +07:00
60e6627f12
In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace. In this case, the affected files are in debugfs (and should therefore only be accessible to root), and the read handlers check that *pos is zero (meaning that at least sys_splice() can't trigger kernel memory corruption). Because of the root requirement, this is not a security fix, but rather a cleanup. For the read handlers, fix it by using simple_read_from_buffer() instead of custom logic. Add min() calls to the write handlers. Fixes: |
||
---|---|---|
.. | ||
ah.c | ||
cmd.c | ||
cmd.h | ||
cong.c | ||
cq.c | ||
devx.c | ||
doorbell.c | ||
gsi.c | ||
ib_rep.c | ||
ib_rep.h | ||
ib_virt.c | ||
Kconfig | ||
mad.c | ||
main.c | ||
Makefile | ||
mem.c | ||
mlx5_ib.h | ||
mr.c | ||
odp.c | ||
qp.c | ||
srq.c |