From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753059AbcFNVLr (ORCPT ); Tue, 14 Jun 2016 17:11:47 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:36080 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750795AbcFNVLp (ORCPT ); Tue, 14 Jun 2016 17:11:45 -0400 Message-ID: <57607309.3000600@gmail.com> Date: Tue, 14 Jun 2016 22:11:37 +0100 From: Sudip Mukherjee User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Ben Hutchings , linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, Linus Torvalds , Doug Ledford , Jason Gunthorpe , Jann Horn Subject: Re: [PATCH 3.2 31/46] IB/security: Restrict use of the write() interface References: In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sunday 12 June 2016 10:34 PM, Ben Hutchings wrote: > 3.2.81-rc1 review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Jason Gunthorpe > > commit e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 upstream. > > The drivers/infiniband stack uses write() as a replacement for > bi-directional ioctl(). This is not safe. There are ways to > trigger write calls that result in the return structure that > is normally written to user space being shunted off to user > specified kernel memory instead. > > Signed-off-by: Ben Hutchings > --- > --- a/drivers/infiniband/core/ucm.c > +++ b/drivers/infiniband/core/ucm.c > @@ -48,6 +48,7 @@ > > #include > > +#include This is breaking the build. There is no rdma/ib.h . The file was created by: 8d36eb01da5d ("RDMA/cma: Define native IB address") build log is at: https://gitlab.com/sudipm/linux-next/builds/1771265 Regards Sudip