[0/2] Fix an mmap exploit and remove push in i40iw

Message ID	20201124234224.1654-1-shiraz.saleem@intel.com (mailing list archive)
Headers	show Return-Path: <linux-rdma-owner@kernel.org> IronPort-SDR: 8MaTh9uaofeFsV5ePfr371CuIUpirwaSA++aULvaK3aiwUwUnqYweOHdW3is6BmlYlkqiQomKX 9z6Q1Aomn7Mw== IronPort-SDR: 0PIIeCjzOCWH/4S1od92JVcippr6fdkVq/tAUip30BWJC5ZJtLkjfiFUlKO4iywZdX47ZoV2su gnMAJCunWU8Q== From: Shiraz Saleem <shiraz.saleem@intel.com> To: dledford@redhat.com, jgg@nvidia.com Cc: linux-rdma@vger.kernel.org, stable@kernel.org, Shiraz Saleem <shiraz.saleem@intel.com> Subject: [PATCH 0/2] Fix an mmap exploit and remove push in i40iw Date: Tue, 24 Nov 2020 17:42:22 -0600 Message-Id: <20201124234224.1654-1-shiraz.saleem@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Fix an mmap exploit and remove push in i40iw \| expand [0/2] Fix an mmap exploit and remove push in i40iw [1/2] RDMA/i40iw: Address an mmap handler exploit in i40iw [2/2] RDMA/i40iw: Remove push code from i40iw

Message ID

20201124234224.1654-1-shiraz.saleem@intel.com (mailing list archive)

Headers

IronPort-SDR: 
 8MaTh9uaofeFsV5ePfr371CuIUpirwaSA++aULvaK3aiwUwUnqYweOHdW3is6BmlYlkqiQomKX
 9z6Q1Aomn7Mw==
IronPort-SDR: 
 0PIIeCjzOCWH/4S1od92JVcippr6fdkVq/tAUip30BWJC5ZJtLkjfiFUlKO4iywZdX47ZoV2su
 gnMAJCunWU8Q==
From: Shiraz Saleem <shiraz.saleem@intel.com>
To: dledford@redhat.com, jgg@nvidia.com
Cc: linux-rdma@vger.kernel.org, stable@kernel.org,
        Shiraz Saleem <shiraz.saleem@intel.com>
Subject: [PATCH 0/2] Fix an mmap exploit and remove push in i40iw
Date: Tue, 24 Nov 2020 17:42:22 -0600
Message-Id: <20201124234224.1654-1-shiraz.saleem@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Fix an mmap exploit and remove push in i40iw | expand

Message

Shiraz Saleem Nov. 24, 2020, 11:42 p.m. UTC

i40iw_mmap is vulnerable to an mmap exploit due to its
manipulation on vma->vm_pgoff done for the push feature,
and its subsequent use in remap_pfn_range without validation.

Patch #1 fixes the mmap exploit in i40iw_mmap and can be backported
to stable if acceptable.

Patch #2 removes the push feature from the driver

Shiraz Saleem (2):
  RDMA/i40iw: Address an mmap handler exploit in i40iw
  RDMA/i40iw: Remove push code from i40iw

 drivers/infiniband/hw/i40iw/i40iw.h        |    1 -
 drivers/infiniband/hw/i40iw/i40iw_ctrl.c   |   52 +------------
 drivers/infiniband/hw/i40iw/i40iw_d.h      |   35 +++-----
 drivers/infiniband/hw/i40iw/i40iw_main.c   |    5 -
 drivers/infiniband/hw/i40iw/i40iw_status.h |    1 -
 drivers/infiniband/hw/i40iw/i40iw_type.h   |   18 ----
 drivers/infiniband/hw/i40iw/i40iw_uk.c     |   41 +--------
 drivers/infiniband/hw/i40iw/i40iw_user.h   |    8 --
 drivers/infiniband/hw/i40iw/i40iw_verbs.c  |  123 ++--------------------------
 9 files changed, 25 insertions(+), 259 deletions(-)