From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aleksey Senin Subject: [PATCH V1 3/4] Security check on QP type Date: Sun, 04 Jul 2010 17:12:00 +0300 Message-ID: <4C3096B0.5030005@senin.name> References: <4C308E07.7050903@senin.name> <4C3092ED.6000701@senin.name> <4C3095CB.2000205@senin.name> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4C3095CB.2000205-192fA4vuk7xBDLzU/O5InQ@public.gmane.org> Sender: linux-rdma-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Aleksey Senin Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Roland Dreier , Moni Shoua , Or Gerlitz , Yiftah Shahar , Alex Rosenbaum , "Walukiewicz, Miroslaw" List-Id: linux-rdma@vger.kernel.org Check if user process has permission to create RAW_PACKET QP. In order to prevent regular user from creating malicious packets, at the time of QP creation, kernel will check if the process has necessary permissions. This examination areis done in uverbs layer and is general for all low level drivers. Signed-off-by: Aleksey Senin --- drivers/infiniband/core/uverbs_cmd.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c index 6fcfbeb..87025fc 100644 --- a/drivers/infiniband/core/uverbs_cmd.c +++ b/drivers/infiniband/core/uverbs_cmd.c @@ -1050,6 +1050,9 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, if (copy_from_user(&cmd, buf, sizeof cmd)) return -EFAULT; + if (cmd.qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW)) + return -EPERM; + INIT_UDATA(&udata, buf + sizeof cmd, (unsigned long) cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); -- 1.6.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html