| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87mscgkuqf.fsf@AUSNATLYNCH.amd.com>
Date: Wed, 16 Apr 2025 10:10:32 -0500
From: Nathan Lynch <nathan.lynch@....com>
To: Vinicius Costa Gomes <vinicius.gomes@...el.com>, Dave Jiang
<dave.jiang@...el.com>, Vinod Koul <vkoul@...nel.org>, Arjan van de Ven
<arjan@...ux.intel.com>, Nikhil Rao <nikhil.rao@...el.com>,
<dmaengine@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v1] dmaengine: idxd: Fix allowing write() from different
address spaces
Vinicius Costa Gomes <vinicius.gomes@...el.com> writes:
> Check if the process submitting the descriptor belongs to the same
> address space as the one that opened the file, reject otherwise.
I assume this can happen after a fork.
Do idxd_cdev_mmap() and idxd_cdev_poll() need similar protection?
>
> Fixes: 6827738dc684 ("dmaengine: idxd: add a write() method for applications to submit work")
> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@...el.com>
> ---
> drivers/dma/idxd/cdev.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
> index ff94ee892339..373c622fcddc 100644
> --- a/drivers/dma/idxd/cdev.c
> +++ b/drivers/dma/idxd/cdev.c
> @@ -473,6 +473,9 @@ static ssize_t idxd_cdev_write(struct file *filp, const char __user *buf, size_t
> ssize_t written = 0;
> int i;
>
> + if (current->mm != ctx->mm)
> + return -EPERM;
> +
> for (i = 0; i < len/sizeof(struct dsa_hw_desc); i++) {
> int rc = idxd_submit_user_descriptor(ctx, udesc + i);
>
> --
> 2.49.0
Powered by blists - more mailing lists