github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 06:25:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
2da9606aea
linux/include
History
Jason Gunthorpe c92003c18f IB/security: Restrict use of the write() interface 
commit e6bd18f57a upstream.

The drivers/infiniband stack uses write() as a replacement for
bi-directional ioctl().  This is not safe. There are ways to
trigger write calls that result in the return structure that
is normally written to user space being shunted off to user
specified kernel memory instead.

For the immediate repair, detect and deny suspicious accesses to
the write API.

For long term, update the user space libraries and the kernel API
to something that doesn't present the same security vulnerabilities
(likely a structured ioctl() interface).

The impacted uAPI interfaces are generally only available if
hardware from drivers/infiniband is installed in the system.

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[ Expanded check to all known write() entry points ]
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-05-04 14:48:48 -07:00
..
acpi Merge branch 'acpi-pci' 2015-11-07 01:30:10 +01:00
asm-generic asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic() 2016-05-04 14:48:43 -07:00
clocksource
crypto crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path 2016-02-17 12:31:03 -08:00
drm drm: Loongson-3 doesn't fully support wc memory 2016-05-04 14:48:46 -07:00
dt-bindings ARM: DT updates for v4.4 2015-11-10 15:06:26 -08:00
keys
kvm KVM: arm/arm64: arch_timer: Preserve physical dist. active state on LR.active 2015-11-24 18:07:40 +01:00
linux IB/mlx5: Expose correct max_sge_rd limit 2016-05-04 14:48:48 -07:00
math-emu
media
memory
misc
net bonding: fix bond_get_stats() 2016-04-20 15:42:04 +09:00
pcmcia
ras
rdma IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
rxrpc
scsi Merge branch 'mkp-fixes' into fixes 2015-12-03 09:32:33 -08:00
soc ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
sound ALSA: rawmidi: Make snd_rawmidi_transmit() race-free 2016-02-17 12:30:58 -08:00
target target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors 2016-03-09 15:34:51 -08:00
trace Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2015-11-11 09:03:01 -08:00
uapi v4l2-dv-timings.h: fix polarity for 4k formats 2016-05-04 14:48:48 -07:00
video gpu: ipu-v3: drop unused dmfc field from client platform data 2015-11-24 11:30:15 +01:00
xen xen: Add RING_COPY_REQUEST() 2015-12-18 10:00:17 -05:00
Kbuild