[4.2.y-ckt stable] Patch "[4.2-stable only] fix backport "IB/security: restrict use of the write() interface"" has been added to the 4.2.y-ckt tree
Kamal Mostafa
kamal at canonical.com
Wed May 18 20:44:22 UTC 2016
This is a note to let you know that I have just added a patch titled
[4.2-stable only] fix backport "IB/security: restrict use of the write() interface"
to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree
which can be found at:
https://git.launchpad.net/~canonical-kernel/linux/+git/linux-stable-ckt/log/?h=linux-4.2.y-queue
This patch is scheduled to be released in version 4.2.8-ckt11.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 4.2.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Kamal
---8<------------------------------------------------------------
>From 2db4148b859766a0bdf38652386f7708ee356cf3 Mon Sep 17 00:00:00 2001
From: Doug Ledford <dledford at redhat.com>
Date: Wed, 18 May 2016 12:41:59 -0400
Subject: [4.2-stable only] fix backport "IB/security: restrict use of the
write() interface"
Upstream commit e6bd18f57aad (IB/security: Restrict use of the write()
interface) handled the cases for all drivers in the current upstream
kernel. The ipath driver had recently been deprecated and moved to
staging, and then removed entirely. It had the same security flaw as
the qib driver. Fix that up with this separate patch.
Note: The ipath driver only supports hardware that ended production
over 10 years ago, so there should be none of this hardware still
present in the wild.
Signed-off-by: Doug Ledford <dledford at redhat.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
drivers/infiniband/hw/ipath/ipath_file_ops.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/infiniband/hw/ipath/ipath_file_ops.c b/drivers/infiniband/hw/ipath/ipath_file_ops.c
index 450d159..f63ad70 100644
--- a/drivers/infiniband/hw/ipath/ipath_file_ops.c
+++ b/drivers/infiniband/hw/ipath/ipath_file_ops.c
@@ -45,6 +45,8 @@
#include <linux/uio.h>
#include <asm/pgtable.h>
+#include <rdma/ib.h>
+
#include "ipath_kernel.h"
#include "ipath_common.h"
#include "ipath_user_sdma.h"
@@ -2244,6 +2246,9 @@ static ssize_t ipath_write(struct file *fp, const char __user *data,
ssize_t ret = 0;
void *dest;
+ if (WARN_ON_ONCE(!ib_safe_file_access(fp)))
+ return -EACCES;
+
if (count < sizeof(cmd.type)) {
ret = -EINVAL;
goto bail;
--
2.7.4
More information about the kernel-team
mailing list