From: Yann Droneaud <ydroneaud@opteya.com>
To: Roland Dreier <roland@kernel.org>
Cc: linux-rdma@vger.kernel.org,
Shachar Raindel <raindel@mellanox.com>,
Jack Morgenstein <jackm@mellanox.com>,
Or Gerlitz <ogerlitz@mellanox.com>,
stable@vger.kernel.org, Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH v1 0/2] Fixes on top of CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
Date: Mon, 13 Apr 2015 14:56:21 +0200 [thread overview]
Message-ID: <cover.1428929103.git.ydroneaud@opteya.com> (raw)
Hi,
Please find one patch to prevent a possible issue partially
addressed by commit 8494057ab5e4 ("IB/uverbs: Prevent integer
overflow in ib_umem_get address arithmetic") (see discussions
in [1]) and another one to add back the possibility of registering
memory mapped at 0 (which is probably not something to be allowed,
but it's probably not up to ib_umem_get() to prevent it).
Changes from v0 [2]:
- don't touch to overflow logic in first patch:
not modifying the logic here so that the patch can be applied
even on kernel without the overflow preventing checks,
and second patch is going to rewrite the check.
- don't break overflow detection in second patch:
changing less or equal to less comparison broke the overflow
detection logic regarding to rounding done by PAGE_ALIGN,
so fixes this by checking for overflow in addr + size,
then by checking for overflow in PAGE_ALIGN(addr + size).
[1] "Re: CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical
memory access"
http://mid.gmane.org/1428497043.22575.176.camel@opteya.com
http://marc.info/?i=1428497043.22575.176.camel@opteya.com
[2] [PATCH RESEND 0/2] Fixes on top of CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
http://mid.gmane.org/cover.1428523125.git.ydroneaud@opteya.com
http://marc.info/?i=cover.1428523125.git.ydroneaud@opteya.com
Yann Droneaud (2):
IB/core: disallow registering 0-sized memory region
IB/core: don't disallow registering region starting at 0x0
drivers/infiniband/core/umem.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
2.1.0
next reply other threads:[~2015-04-13 12:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-13 12:56 Yann Droneaud [this message]
[not found] ` <cover.1428929103.git.ydroneaud-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-04-13 12:56 ` [PATCH v1 1/2] IB/core: disallow registering 0-sized memory region Yann Droneaud
2015-04-13 12:56 ` [PATCH v1 2/2] IB/core: don't disallow registering region starting at 0x0 Yann Droneaud
2015-04-14 9:20 ` Sagi Grimberg
2015-04-14 12:00 ` Yann Droneaud
[not found] ` <1429012859.4333.2.camel-RlY5vtjFyJ3QT0dZR+AlfA@public.gmane.org>
2015-04-14 12:50 ` Sagi Grimberg
[not found] ` <552D0D2A.8000604-LDSdmyG8hGV8YrgS2mwiifqBs+8SCbDb@public.gmane.org>
2015-04-14 14:35 ` Haggai Eran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1428929103.git.ydroneaud@opteya.com \
--to=ydroneaud@opteya.com \
--cc=jackm@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=ogerlitz@mellanox.com \
--cc=raindel@mellanox.com \
--cc=roland@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox