OpenCloudOS-Kernel/drivers/infiniband
Shiraz Saleem 2ed381439e RDMA/i40iw: Address an mmap handler exploit in i40iw
i40iw_mmap manipulates the vma->vm_pgoff to differentiate a push page mmap
vs a doorbell mmap, and uses it to compute the pfn in remap_pfn_range
without any validation. This is vulnerable to an mmap exploit as described
in: https://lore.kernel.org/r/20201119093523.7588-1-zhudi21@huawei.com

The push feature is disabled in the driver currently and therefore no push
mmaps are issued from user-space. The feature does not work as expected in
the x722 product.

Remove the push module parameter and all VMA attribute manipulations for
this feature in i40iw_mmap. Update i40iw_mmap to only allow DB user
mmapings at offset = 0. Check vm_pgoff for zero and if the mmaps are bound
to a single page.

Cc: <stable@kernel.org>
Fixes: d374984179 ("i40iw: add files for iwarp interface")
Link: https://lore.kernel.org/r/20201125005616.1800-2-shiraz.saleem@intel.com
Reported-by: Di Zhu <zhudi21@huawei.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2020-11-25 10:38:11 -04:00
..
core RDMA/cm: Make the local_id_table xarray non-irq 2020-11-12 12:31:27 -04:00
hw RDMA/i40iw: Address an mmap handler exploit in i40iw 2020-11-25 10:38:11 -04:00
sw RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs 2020-11-12 13:27:41 -04:00
ulp RDMA 5.10 second rc pull request 2020-11-05 11:25:02 -08:00
Kconfig RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs 2020-11-12 13:27:41 -04:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00