i40iw_mmap is vulnerable to an mmap exploit due to its manipulation on vma->vm_pgoff done for the push feature, and its subsequent use in remap_pfn_range without validation. Patch #1 fixes the mmap exploit in i40iw_mmap and can be backported to stable if acceptable. Patch #2 removes the push feature from the driver Shiraz Saleem (2): RDMA/i40iw: Address an mmap handler exploit in i40iw RDMA/i40iw: Remove push code from i40iw drivers/infiniband/hw/i40iw/i40iw.h | 1 - drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 52 +------------ drivers/infiniband/hw/i40iw/i40iw_d.h | 35 +++----- drivers/infiniband/hw/i40iw/i40iw_main.c | 5 - drivers/infiniband/hw/i40iw/i40iw_status.h | 1 - drivers/infiniband/hw/i40iw/i40iw_type.h | 18 ---- drivers/infiniband/hw/i40iw/i40iw_uk.c | 41 +-------- drivers/infiniband/hw/i40iw/i40iw_user.h | 8 -- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 123 ++-------------------------- 9 files changed, 25 insertions(+), 259 deletions(-)
