From: Leon Romanovsky <leon@kernel.org>
To: Doug Ledford <dledford@redhat.com>, Jason Gunthorpe <jgg@mellanox.com>
Cc: Leon Romanovsky <leonro@mellanox.com>,
RDMA mailing list <linux-rdma@vger.kernel.org>,
Andrea Arcangeli <aarcange@redhat.com>,
Feras Daoud <ferasda@mellanox.com>,
Haggai Eran <haggaie@mellanox.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
Saeed Mahameed <saeedm@mellanox.com>,
linux-netdev <netdev@vger.kernel.org>
Subject: [PATCH rdma-next 1/6] RDMA/mlx5: Do not allow the user to write to the clock page
Date: Tue, 16 Apr 2019 14:07:25 +0300 [thread overview]
Message-ID: <20190416110730.32230-2-leon@kernel.org> (raw)
In-Reply-To: <20190416110730.32230-1-leon@kernel.org>
From: Jason Gunthorpe <jgg@mellanox.com>
The intent of this VMA was to be read-only from user space, but the
VM_MAYWRITE masking was missed, so mprotect could make it writable.
Cc: stable@vger.kernel.org
Fixes: 5c99eaecb1fc ("IB/mlx5: Mmap the HCA's clock info to user-space")
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Reviewed-by: Haggai Eran <haggaie@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
---
drivers/infiniband/hw/mlx5/main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c
index 15676a149680..73b7f9636f82 100644
--- a/drivers/infiniband/hw/mlx5/main.c
+++ b/drivers/infiniband/hw/mlx5/main.c
@@ -2072,6 +2072,7 @@ static int mlx5_ib_mmap_clock_info_page(struct mlx5_ib_dev *dev,
if (vma->vm_flags & VM_WRITE)
return -EPERM;
+ vma->vm_flags &= ~VM_MAYWRITE;
if (!dev->mdev->clock_info_page)
return -EOPNOTSUPP;
@@ -2237,6 +2238,7 @@ static int mlx5_ib_mmap(struct ib_ucontext *ibcontext, struct vm_area_struct *vm
if (vma->vm_flags & VM_WRITE)
return -EPERM;
+ vma->vm_flags &= ~VM_MAYWRITE;
/* Don't expose to user-space information it shouldn't have */
if (PAGE_SIZE > 4096)
--
2.20.1
next prev parent reply other threads:[~2019-04-16 11:07 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 11:07 [PATCH rdma-next 0/6] BAR mappings fixes in RDMA Leon Romanovsky
2019-04-16 11:07 ` Leon Romanovsky
2019-04-16 11:07 ` Leon Romanovsky [this message]
2019-04-16 11:07 ` [PATCH rdma-next 2/6] RDMA/mlx5: Use rdma_user_map_io for mapping BAR pages Leon Romanovsky
2019-04-16 11:07 ` [PATCH rdma-next 3/6] RDMA/ucontext: Do not allow BAR mappings to be executable Leon Romanovsky
2019-04-17 19:05 ` Ruhl, Michael J
2019-04-18 5:58 ` Jason Gunthorpe
2019-04-18 6:30 ` Kees Cook
2019-04-18 7:01 ` Jason Gunthorpe
2019-04-18 7:23 ` Kees Cook
2019-04-18 7:23 ` Kees Cook
2019-04-22 12:51 ` Jason Gunthorpe
2019-04-16 11:07 ` [PATCH rdma-next 4/6] RDMA/ucontext: Fix regression with disassociate Leon Romanovsky
2019-04-16 11:07 ` [PATCH mlx5-next 5/6] RDMA/mlx5: Use get_zeroed_page() for clock_info Leon Romanovsky
2019-04-16 11:07 ` [PATCH rdma-next 6/6] RDMA: Remove rdma_user_mmap_page Leon Romanovsky
2019-04-24 19:24 ` [PATCH rdma-next 0/6] BAR mappings fixes in RDMA Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190416110730.32230-2-leon@kernel.org \
--to=leon@kernel.org \
--cc=aarcange@redhat.com \
--cc=dledford@redhat.com \
--cc=ferasda@mellanox.com \
--cc=haggaie@mellanox.com \
--cc=jgg@mellanox.com \
--cc=jgg@ziepe.ca \
--cc=leonro@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=saeedm@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.