[RFC PATCH] IB/core: reject invalid userspace memory range registration

From: Yann Droneaud
Date: Thu Apr 02 2015 - 11:01:05 EST

Next message: Tomeu Vizoso: "[PATCH v2] ARM: tegra: Correct which USB controller has the UTMI pad registers"
Previous message: Frederic Weisbecker: "Re: kernel/timer: avoid spurious ksoftirqd wakeups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Signed-off-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
---
drivers/infiniband/core/umem.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c
index df0c4f605a21..6758b4ac56eb 100644
--- a/drivers/infiniband/core/umem.c
+++ b/drivers/infiniband/core/umem.c
@@ -90,6 +90,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
DEFINE_DMA_ATTRS(attrs);
struct scatterlist *sg, *sg_list_start;
int need_release = 0;
+ bool writable;

if (dmasync)
dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
@@ -97,6 +98,19 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
if (!can_do_mlock())
return ERR_PTR(-EPERM);

+ /*
+ * We ask for writable memory if any access flags other than
+ * "remote read" are set. "Local write" and "remote write"
+ * obviously require write access. "Remote atomic" can do
+ * things like fetch and add, which will modify memory, and
+ * "MW bind" can change permissions by binding a window.
+ */
+ writable = !!(access & ~IB_ACCESS_REMOTE_READ);
+
+ if (!access_ok(writable ? VERIFY_WRITE : VERIFY_READ,
+ (void __user *)addr, size))
+ return ERR_PTR(-EFAULT);
+
umem = kzalloc(sizeof *umem, GFP_KERNEL);
if (!umem)
return ERR_PTR(-ENOMEM);
@@ -106,14 +120,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
umem->offset = addr & ~PAGE_MASK;
umem->page_size = PAGE_SIZE;
umem->pid = get_task_pid(current, PIDTYPE_PID);
- /*
- * We ask for writable memory if any access flags other than
- * "remote read" are set. "Local write" and "remote write"
- * obviously require write access. "Remote atomic" can do
- * things like fetch and add, which will modify memory, and
- * "MW bind" can change permissions by binding a window.
- */
- umem->writable = !!(access & ~IB_ACCESS_REMOTE_READ);
+ umem->writable = writable;

/* We assume the memory is from hugetlb until proved otherwise */
umem->hugetlb = 1;
--
2.1.0

Regards.

--
Yann Droneaud
OPTEYA

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tomeu Vizoso: "[PATCH v2] ARM: tegra: Correct which USB controller has the UTMI pad registers"
Previous message: Frederic Weisbecker: "Re: kernel/timer: avoid spurious ksoftirqd wakeups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]