staging/rdma/hfi1: close shared context security hole

Driver does not verify userid for shared context assignments, allowing malicious user access. Reviewed by: Mike Marciniszyn <mike.marciniszyn@intel.com> Signed-off-by: Jareer H Abdel-Qader <jareer.h.abdel-qader@intel.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging/rdma/hfi1: close shared context security hole
Driver does not verify userid for shared context assignments, allowing malicious user access. Reviewed by: Mike Marciniszyn <mike.marciniszyn@intel.com> Signed-off-by: Jareer H Abdel-Qader <jareer.h.abdel-qader@intel.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
07839049 · Jareer Abdel-Qader · Greg Kroah-Hartman · f4d26d81 · 07839049
Commit 07839049 authored Oct 26, 2015 by Jareer Abdel-Qader Committed by Greg Kroah-Hartman Oct 27, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

drivers/staging/rdma/hfi1/file_ops.c drivers/staging/rdma/hfi1/file_ops.c +1 -0

No files found.
--- a/drivers/staging/rdma/hfi1/file_ops.c
+++ b/drivers/staging/rdma/hfi1/file_ops.c
@@ -948,6 +948,7 @@ static int find_shared_ctxt(struct file *fp,
 			/* Skip ctxt if it doesn't match the requested one */
 			if (memcmp(uctxt->uuid, uinfo->uuid,
 				   sizeof(uctxt->uuid)) ||
+			    uctxt->jkey != generate_jkey(current_uid()) ||
 			    uctxt->subctxt_id != uinfo->subctxt_id ||
 			    uctxt->subctxt_cnt != uinfo->subctxt_cnt)
 				continue;