From patchwork Wed Nov  3 14:35:49 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aleksey Senin <alekseys@voltaire.com>
X-Patchwork-Id: 298962
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oA3EZtCO021729
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Wed, 3 Nov 2010 14:35:55 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755298Ab0KCOfz (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Wed, 3 Nov 2010 10:35:55 -0400
Received: from fwil.voltaire.com ([193.47.165.2]:57920 "EHLO
	exil.voltaire.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1755295Ab0KCOfy (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
	Wed, 3 Nov 2010 10:35:54 -0400
Received: from [172.25.5.190] ([172.25.5.190]) by exil.voltaire.com with
	Microsoft SMTPSVC(6.0.3790.4675); Wed, 3 Nov 2010 16:35:49 +0200
Message-ID: <4CD17345.7040400@voltaire.com>
Date: Wed, 03 Nov 2010 16:35:49 +0200
From: Aleksey Senin <alekseys@voltaire.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US;
	rv:1.9.1.11) Gecko/20100711 Thunderbird/3.0.6
MIME-Version: 1.0
To: linux-rdma@vger.kernel.org
CC: Roland Dreier <rolandd@cisco.com>, Moni Shoua <monis@voltaire.com>,
	Alex Rosenbaum <Alexr@voltaire.com>
Subject: [PATCH V2 2/3] Security check on QP type
References: <4CD171F0.8020506@voltaire.com> <4CD172C8.4010700@voltaire.com>
In-Reply-To: <4CD172C8.4010700@voltaire.com>
X-OriginalArrivalTime: 03 Nov 2010 14:35:49.0586 (UTC)
	FILETIME=[68D3FB20:01CB7B64]
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]);
	Wed, 03 Nov 2010 14:35:55 +0000 (UTC)


diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c
index 6fcfbeb..87025fc 100644
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -1050,6 +1050,9 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
 	if (copy_from_user(&cmd, buf, sizeof cmd))
 		return -EFAULT;
 
+	if (cmd.qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW))
+		return -EPERM;
+
 	INIT_UDATA(&udata, buf + sizeof cmd,
 		   (unsigned long) cmd.response + sizeof resp,
 		   in_len - sizeof cmd, out_len - sizeof resp);