github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
d3bb0180b3
linux/drivers/staging
History
Jason Gunthorpe c92003c18f IB/security: Restrict use of the write() interface 
commit e6bd18f57a upstream.

The drivers/infiniband stack uses write() as a replacement for
bi-directional ioctl().  This is not safe. There are ways to
trigger write calls that result in the return structure that
is normally written to user space being shunted off to user
specified kernel memory instead.

For the immediate repair, detect and deny suspicious accesses to
the write API.

For long term, update the user space libraries and the kernel API
to something that doesn't present the same security vulnerabilities
(likely a structured ioctl() interface).

The impacted uAPI interfaces are generally only available if
hardware from drivers/infiniband is installed in the system.

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[ Expanded check to all known write() entry points ]
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-05-04 14:48:48 -07:00
..
android staging: android: ion: Set the length of the DMA sg entries in buffer 2016-04-20 15:42:16 +09:00
board staging: board: Set PM domain before probe 2015-10-29 09:05:57 +09:00
clocking-wizard
comedi staging: comedi: ni_mio_common: fix the ni_write[blw]() functions 2016-04-12 09:08:49 -07:00
dgap
dgnc
emxx_udc
fbtft spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
fsl-mc
fwserial
gdm72xx
gdm724x
goldfish
gs_fpgaboot
iio staging: iio: dummy: complete IIO events delivery to userspace 2015-11-21 15:56:44 +00:00
lustre Staging driver fixes for 4.4-rc5 2015-12-13 12:24:39 -08:00
media media updates for v4.4-rc1 2015-11-05 12:05:15 -08:00
most staging: most: remove exclusive wait_queue 2015-10-29 08:57:19 +09:00
mt29f_spinand MTD updates for 4.4-rc1: 2015-11-06 11:50:24 -08:00
netlogic
nvec
octeon
octeon-usb
olpc_dcon
panel Revert "Staging: panel: usleep_range is preferred over udelay" 2016-03-03 15:07:26 -08:00
rdma IB/security: Restrict use of the write() interface 2016-05-04 14:48:48 -07:00
rtl8188eu staging: rtl8188eu: pwrGrpCnt variable removed in store_pwrindex_offset function 2015-10-29 09:09:08 +09:00
rtl8192e
rtl8192u Staging: rtl8192u: ieee80211: added missing blank lines 2015-10-29 09:10:55 +09:00
rtl8712 staging: rtl8712: rtl871x_io: Remove unused function 2015-10-29 07:55:17 +09:00
rtl8723au staging: rtl8723au: core: Remove unnecessary functions 2015-10-29 07:55:17 +09:00
rts5208
skein
slicoss
sm750fb staging: sm750fb: remove unused fields from struct sm750_dev 2015-10-27 17:04:57 +09:00
speakup Staging: speakup: Fix getting port information 2016-03-03 15:07:26 -08:00
ste_rmi4
unisys
vme
vt6655
vt6656 staging: vt6656: Do not use multiple blank lines. 2015-10-27 16:53:12 +09:00
wilc1000 Revert "Staging: wilc1000: coreconfigurator: Drop unneeded wrapper functions" 2015-11-18 13:22:44 -08:00
wlan-ng drivers:staging:wlan_ng Fix no space is necessary after a cast 2015-10-29 09:05:57 +09:00
xgifb
Kconfig
Makefile
staging.c