On 05/18/2016 04:42 PM, Kamal Mostafa wrote: > On Wed, May 18, 2016 at 12:41:59PM -0400, Doug Ledford wrote: >> Upstream commit e6bd18f57aad (IB/security: Restrict use of the write() >> interface) handled the cases for all drivers in the current upstream >> kernel. The ipath driver had recently been deprecated and moved to >> staging, and then removed entirely. It had the same security flaw as >> the qib driver. Fix that up with this separate patch. >> >> Note: The ipath driver only supports hardware that ended production >> over 10 years ago, so there should be none of this hardware still >> present in the wild. >> >> Cc: stable@xxxxxxxxxxxxxxx # <= 4.2.x >> Signed-off-by: Doug Ledford <dledford@xxxxxxxxxx> >> --- >> drivers/infiniband/hw/ipath/ipath_file_ops.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/drivers/infiniband/hw/ipath/ipath_file_ops.c b/drivers/infiniband/hw/ipath/ipath_file_ops.c >> index 450d15965005..1f94b560d749 100644 >> --- a/drivers/infiniband/hw/ipath/ipath_file_ops.c >> +++ b/drivers/infiniband/hw/ipath/ipath_file_ops.c >> @@ -45,6 +45,8 @@ >> #include <linux/uio.h> >> #include <asm/pgtable.h> >> >> +#include <rdma/ib.h> >> + >> #include "ipath_kernel.h" >> #include "ipath_common.h" >> #include "ipath_user_sdma.h" >> @@ -2244,6 +2246,9 @@ static ssize_t ipath_write(struct file *fp, const char __user *data, >> ssize_t ret = 0; >> void *dest; >> >> + if (WARN_ON_ONCE(!ib_safe_file_access(fp))) >> + return -EACCESS; > > (Same as for the 4.4.x patch)... > > This needs to be "EACCES" (one fewer 'S'). > > Thanks, Doug. Queued up (with one fewer 'S') for 4.2 and 3.19 -stable. Thanks for fixing it up! -- Doug Ledford <dledford@xxxxxxxxxx> GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature