hfi1: close shared context security hole

ira . weiny Mon, 26 Oct 2015 07:30:12 -0700

From: Jareer Abdel-Qader <jareer.h.abdel-qa...@intel.com>

Driver does not verify userid for shared context assignments, allowing
malicious user access.


Reviewed by: Mike Marciniszyn <mike.marcinis...@intel.com>
Signed-off-by: Jareer H Abdel-Qader <jareer.h.abdel-qa...@intel.com>
Signed-off-by: Ira Weiny <ira.we...@intel.com>
---
 drivers/staging/rdma/hfi1/file_ops.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/staging/rdma/hfi1/file_ops.c 
b/drivers/staging/rdma/hfi1/file_ops.c
index cbaf4f734add..955f80dfecf6 100644
--- a/drivers/staging/rdma/hfi1/file_ops.c
+++ b/drivers/staging/rdma/hfi1/file_ops.c
@@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp,
                        /* Skip ctxt if it doesn't match the requested one */
                        if (memcmp(uctxt->uuid, uinfo->uuid,
                                   sizeof(uctxt->uuid)) ||
+                           uctxt->jkey != generate_jkey(current_uid()) ||
                            uctxt->subctxt_id != uinfo->subctxt_id ||
                            uctxt->subctxt_cnt != uinfo->subctxt_cnt)
                                continue;
-- 
1.8.2

_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

[PATCH v3 07/23] staging/rdma/hfi1: close shared context security hole

Reply via email to